Hi Tim,
Try adding the following to your CISCO.
ip name-server XXX.XXX.XXX.XXX (ip of your dns server)
or
async-bootp dns-server XXX.XXX.XXX.XXX (ip of your dns server)
I use both, but on different NAS boxes that do different
types of service.
Mike
P.S.
check out this clip from another message...
--------------------Start Clip------------
In ancient days, we implemented support for the RFC-1877
IPCP DNS server option by taking the addresses from the
"ip name-server" values. We never documented this however;
our first documented support of RFC-1877 was via
"async-bootp {dns-server|nbns-server}".
For a time both "async-bootp" and "ip name-server" worked
to supply DNS server addresses, with the former taking precedence.
Recently "ip name-server" stopped working for this function.
I'm not sure when - maybe at the time when "ppp ipcp dns-server"
was implemented? We discussed this issue a bit internally
recently, and decided that, since we never documented this
use of "ip name-server", we're better off with it not being
used for IPCP.
So: use "async-bootp" or "ppp ipcp" to configure your
RFC-1877 DNS addresses ... but if you're using "ip name-server"
for this with some older IOS, you should be aware that this is apt
to stop working when you upgrade.
As far as Chip's query about which is more efficient of the two
supported methods ... both are quite efficient, no need to worry
there. I guess I'd use "async-bootp" since it's global, unless
I had to specify different values on a per-interface basis, in
which case I'd use "ppp ipcp".
I should mention while I'm at it that there are OTHER ways to
get the DNS/WINS addresses into IPCP: you can proxy them from a
(possibly local) DHCP server, or you can get them from AAA.
Have fun,
Aaron
---
> Chip,
> I couldn't find any good references, but I'm pretty sure the 'ip
> name-server' would NOT work for your dialup users...it seems related to
> 'ip domain-lookup' and the 'ip domain-name' commands, both of which are
> for local name resolution only. The only commands I've used to hand out
> addresses to dialup users are the 'async-bootp' and 'ppp ipcp' commands.
> If you had conflicting definitions, like:
> !
> async-bootp dns-server 1.1.1.1
> !
> interface dialer 1
> ppp ipcp dns-server 2.2.2.2
> I'm pretty sure the most specific command would take precedence, like,
> if you landed on dialer 1, you'd get 2.2.2.2 for dns, but if you landed
> on dialer 3, for example, you'd get the globally configured option...
> Eric
> -----Original Message-----
> From: Chip Old [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 04, 2002 7:38 PM
> To: CISCO-NAS
> Subject: Re: Question on Dynamic DNS
> On Wed, 4 Sep 2002, Aaron Leonard wrote:
> > I don't think that "ppp ipcp dns" was around back then, but you can
> > use the global command "async-bootp dns-server X.X.X.X Y.Y.Y.Y" to
> > accomplish the same thing. This will allow PPP clients to learn their
> > DNS servers from you via IPCP negotiations (assuming that they support
> > this.)
> If I remember correctly, in the absense of "async-bootp dns-server
> X.X.X.X", doesn't the NAS use the "ip name-server X.X.X.X" statement (if
> present)?
> If both are present, which is used during the IPCP negotiations?
> --
> Chip Old (Francis E. Old) E-Mail: [EMAIL PROTECTED]
> Manager, BCPL Network Services Phone: 410-887-6180
> Manager, BCPL.NET Internet Services FAX: 410-887-2091
> 320 York Road
> Towson, MD 21204 USA
-------------End Clip------------------
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Saunders
Sent: Tuesday, June 17, 2003 10:50 AM
To: [EMAIL PROTECTED]
Subject: DNS Servers
I have a Cisco 3640 which uses freeradius for authentication. When a ppp
session is established with the cisco no DNS servers are currently set
on the client. I have tried adding a
Cisco-AVPair=ip:dns-servers=10.35.8.38 entry to the radgroupreply table
(I am using mysql with freeradius). I have also tried many variants on
the AVPair (like using a * instead of the second equals) but I cannot
get the cisco to give the client DNS servers.
The client is windows XP.
The relevant part of the cisco config is below:
aaa new-model
aaa authentication login default group radius enable
aaa authentication login linmethod group radius enable
aaa authentication login vtymethod group radius enable
aaa authentication login conmethod group radius enable
aaa authentication ppp default if-needed group radius local
aaa authorization exec default if-authenticated
aaa authorization network default if-authenticated
aaa authorization reverse-access default none
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
enable secret <removed>
radius-server host 10.35.8.38 auth-port 1812 acct-port 1813
radius-server host 10.35.8.40 auth-port 1812 acct-port 1813
radius-server timeout 4
radius-server key <removed>
Any help would be greatly appriciated.
Tim Saunders
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
---
[This E-mail scanned for viruses at TNWEB LLC]
---
[This E-mail scanned for viruses at TNWEB LLC]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
