> Putting a User into a certain VRF is quite simple: > > vrfuser User-Password == "topsecret" > Cisco-AVPair += "lcp:interface-config#1=ip vrf forwarding \ > VRFNAME",
Thank you Gerald, this is what I need to do. I tried using this method, but I end up with access-accept reply (from radiusd -X) like this: Sending Access-Accept of id 20 to x.y.159.252 port 1645 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Ascend-Client-Primary-DNS = x.y.z.1 Ascend-Client-Secondary-DNS = x.y.z.2 Session-Timeout = 20000 Cisco-AVPair = "lcp:interface-config#1=ip vrf forwarding Satcom" Framed-IP-Address = x.y.129.239 This seems correct to me, but the NAS ignores the Framed-IP-Address so the cpe never gets an Ip address. The IP address is taken from an ippool, the other attributes are stored in sql, everything works fine without that cisco-avpair attribute. Any hint? Thanks in advance, Francesco. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html