Hi Tim, Try adding the following to your CISCO. ip name-server XXX.XXX.XXX.XXX (ip of your dns server)
or async-bootp dns-server XXX.XXX.XXX.XXX (ip of your dns server) I use both, but on different NAS boxes that do different types of service. Mike P.S. check out this clip from another message... --------------------Start Clip------------ In ancient days, we implemented support for the RFC-1877 IPCP DNS server option by taking the addresses from the "ip name-server" values. We never documented this however; our first documented support of RFC-1877 was via "async-bootp {dns-server|nbns-server}". For a time both "async-bootp" and "ip name-server" worked to supply DNS server addresses, with the former taking precedence. Recently "ip name-server" stopped working for this function. I'm not sure when - maybe at the time when "ppp ipcp dns-server" was implemented? We discussed this issue a bit internally recently, and decided that, since we never documented this use of "ip name-server", we're better off with it not being used for IPCP. So: use "async-bootp" or "ppp ipcp" to configure your RFC-1877 DNS addresses ... but if you're using "ip name-server" for this with some older IOS, you should be aware that this is apt to stop working when you upgrade. As far as Chip's query about which is more efficient of the two supported methods ... both are quite efficient, no need to worry there. I guess I'd use "async-bootp" since it's global, unless I had to specify different values on a per-interface basis, in which case I'd use "ppp ipcp". I should mention while I'm at it that there are OTHER ways to get the DNS/WINS addresses into IPCP: you can proxy them from a (possibly local) DHCP server, or you can get them from AAA. Have fun, Aaron --- > Chip, > I couldn't find any good references, but I'm pretty sure the 'ip > name-server' would NOT work for your dialup users...it seems related to > 'ip domain-lookup' and the 'ip domain-name' commands, both of which are > for local name resolution only. The only commands I've used to hand out > addresses to dialup users are the 'async-bootp' and 'ppp ipcp' commands. > If you had conflicting definitions, like: > ! > async-bootp dns-server 1.1.1.1 > ! > interface dialer 1 > ppp ipcp dns-server 2.2.2.2 > I'm pretty sure the most specific command would take precedence, like, > if you landed on dialer 1, you'd get 2.2.2.2 for dns, but if you landed > on dialer 3, for example, you'd get the globally configured option... > Eric > -----Original Message----- > From: Chip Old [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 04, 2002 7:38 PM > To: CISCO-NAS > Subject: Re: Question on Dynamic DNS > On Wed, 4 Sep 2002, Aaron Leonard wrote: > > I don't think that "ppp ipcp dns" was around back then, but you can > > use the global command "async-bootp dns-server X.X.X.X Y.Y.Y.Y" to > > accomplish the same thing. This will allow PPP clients to learn their > > DNS servers from you via IPCP negotiations (assuming that they support > > this.) > If I remember correctly, in the absense of "async-bootp dns-server > X.X.X.X", doesn't the NAS use the "ip name-server X.X.X.X" statement (if > present)? > If both are present, which is used during the IPCP negotiations? > -- > Chip Old (Francis E. Old) E-Mail: [EMAIL PROTECTED] > Manager, BCPL Network Services Phone: 410-887-6180 > Manager, BCPL.NET Internet Services FAX: 410-887-2091 > 320 York Road > Towson, MD 21204 USA -------------End Clip------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Saunders Sent: Tuesday, June 17, 2003 10:50 AM To: [EMAIL PROTECTED] Subject: DNS Servers I have a Cisco 3640 which uses freeradius for authentication. When a ppp session is established with the cisco no DNS servers are currently set on the client. I have tried adding a Cisco-AVPair=ip:dns-servers=10.35.8.38 entry to the radgroupreply table (I am using mysql with freeradius). I have also tried many variants on the AVPair (like using a * instead of the second equals) but I cannot get the cisco to give the client DNS servers. The client is windows XP. The relevant part of the cisco config is below: aaa new-model aaa authentication login default group radius enable aaa authentication login linmethod group radius enable aaa authentication login vtymethod group radius enable aaa authentication login conmethod group radius enable aaa authentication ppp default if-needed group radius local aaa authorization exec default if-authenticated aaa authorization network default if-authenticated aaa authorization reverse-access default none aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius enable secret <removed> radius-server host 10.35.8.38 auth-port 1812 acct-port 1813 radius-server host 10.35.8.40 auth-port 1812 acct-port 1813 radius-server timeout 4 radius-server key <removed> Any help would be greatly appriciated. Tim Saunders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses at TNWEB LLC] --- [This E-mail scanned for viruses at TNWEB LLC] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html