Hi
There is FW between NAS and private network. If the ip
address assignment is controlled by radius. Then I can
restrict where the dialup users go to after the
authentication.
My NAS configure:
aaa new-model
aaa authentication login default radius
aaa authentication ppp default radius
interface Group-Async1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
async default routing
async mode interactive
peer default ip address pool poo <-del for use radius
no cdp enable
ppp authentication pap chap
group-range 1 30
and user profile:
userA Auth-Type := Local, Password == "userA",
Pool-Name := "RAS"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Broadcast-Listen,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
Can you point out the mistake due to failure
connection?
K
--- Kostas Kalevras <[EMAIL PROTECTED]> wrote: > On
>
> Yes you can. The question is why should you? THe
> Cico access servers can do ip
> pool assignment/managemnet on their own.
>
> --
> Kostas Kalevras Network Operations Center
_______________________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
