Dear Truman, The Radius server used in my network is used to provide all the users with thier assigned IP subnets, and the assigned routes to the users are access-internal routes
I have a default route in the E120 Router known via OSPF from my Gateway, so when the RADIUS Server by mistake sent framed-route (0.0.0.0/0) to a specific user , the default route is installed as access-internal route pointing to this specific user and all the upload for the E120 went to this users instead of the Gateway via OSPF( as the preferance for the access-internal routes are lower than the ospf routes) I can't ignore this RADIUS attribute as i am using the "framed-route" attribute to assign IP subnets for my users Thanks Amr On Mon, Aug 25, 2008 at 3:37 PM, Truman Boyes <[EMAIL PROTECTED]> wrote: > Hi Amr, > > Your RADIUS server is located upstream from the E120 right? Ie. It is not > an access-internal route but rather it is reachable via another protocol > such as BGP, static, or OSPF. Adjusting protocol preferences is less than > ideal and you should avoid this in almost all designs. > > Why do you say that the performance of the E120 is affected by the default > route that is assigned to a user? > > You can issue 'radius ignore <attribute>' commands to ignore specific > RADIUS messages that are included in the access-accept. I would not just fix > the problem here if the issue is really a mistake in a RADIUS profile > upstream; that would be the best place to fix the issue. > > Truman > > > > On 25/08/2008, at 2:21 AM, Amr wrote: > > Dear All, >> I have a problem in my E120 Router , where i have configured the >> RADIUS Server to send to the Users on the E120 thier IP Subnet so that the >> IP subnets of the users will be "Access-internal" routes as below >> >> E120#sh ip route 10.10.10.10 >> Protocol/Route type codes: >> I1- ISIS level 1, I2- ISIS level2, >> I- route type intra, IA- route type inter, E- route type external, >> i- metric type internal, e- metric type external, >> P- periodic download, O- OSPF, E1- external type 1, E2- external type2, >> N1- NSSA external type1, N2- NSSA external type2 >> L- MPLS label, V- VRF, *- via indirect next-hop >> Prefix/Length Type Next Hop Dst/Met >> Interface >> ------------------ --------- --------------- ---------- >> ----------------------- >> 10.10.10.10/32 *AccIntern *0.0.0.0 2/0 >> GigabitEthernet3/0/0.505252.59 >> >> >> but by mistake someone configured the RADIUS to send the default route >> (0.0.0.0.0/0) for a specific user which affects the performance of the >> E120 >> router and modifyed the current default route learned by OSPF >> >> So the Question is >> Is it possible to restrict the routes the comes from the RADIUS Server and >> not accepting it all (e.g denying the default route from the radius) ? >> or >> >> Is it possible to modify the admin distance for the Access-internal routes >> so that it will be higher that the dynamic default route configured on the >> E120 router ? >> >> Appreciate your help >> >> Thanks In Advance >> >> Regards >> Amr >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> >> > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp