Thanks Gabe... nice to hear from you... The test aaa command shows successful user connection but is always giving a dynamic IP address each time. I can post the output if it's helpful..
I did test it against our really old Cistron Radius deployment and it has the same effect - going to try that other suggestion regarding defining the local interface (tomorrow when back in office). Take care, Paul -----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Gabriel Blanchard Sent: Monday, August 15, 2011 1:48 PM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Radius - Static IP / ERX We have a very similar setup (for some obvious reason) and it works just fine. We use Framed-IP-Address. No other attributes are required. What I suggest is that you try the "test aaa" command in the ERX and try to test the login that way from the console and see what's going on. -Gabe On 08/15/2011 11:25 AM, Paul Stewart wrote: > Thanks very much.. I appreciate the input from the list. > > > > The profile looks like this currently: > > > > profile test > > ip virtual-router default > > ip unnumbered loopback 0 > > ip mtu 1492 > > ip sa-validate > > ip tcp adjust-mss 1460 > > ppp authentication virtual-router default pap > > ppp keepalive 120 > > ppp fragmentation > > ppp reassembly > > vlan auto-configure pppoe > > > > Is there anything "obvious" wrong with this? I read in the docs somewhere > about an option to explicitly permit Radius to assign a subnet to a customer > - is there a similar statement required to statically assign a single host > address (bearing in mind that dynamic addresses are coming from a local > pool) > > > > Would the ERX-Local-Interface be the Loopback0 interface in my case? It has > an IP address assigned to it that is reachable etc. > > > > Thanks, > > > > Paul > > > > > > From: Chris Hellberg [mailto:ch...@chrishellberg.com] > Sent: Saturday, August 13, 2011 8:56 AM > To: Paul Stewart; juniper-nsp@puck.nether.net > Subject: Re: [j-nsp] Radius - Static IP / ERX > > > > It might be because you don't have an ERX-Local-Interface VSA present. If > that doesn't work, double-check that it's in your profile. There're one or > two unexpected cases that you need to have the unumbered loopback interface > information explicitly configured. The framed netmask shouldn't be needed. > > > > Regards, > > > > Chris > > > > > _____ > > > From: Paul Stewart<p...@paulstewart.org> > To: juniper-nsp@puck.nether.net > Sent: Friday, 12 August 2011, 1:35 > Subject: Re: [j-nsp] Radius - Static IP / ERX > > Thanks.. yeah the MTU statement is legacy and in place for some other Radius > authentications....;) > > I thought our entries had the Framed-IP-Netmask in them so will have to > check again as you're right it's not there obviously... wouldn't think that > would stop the IP from getting assigned but could be wrong... > > Take care, > > Paul > > > -----Original Message----- > From: juniper-nsp-boun...@puck.nether.net > [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Chris Adams > Sent: August-11-11 2:26 PM > To: juniper-nsp@puck.nether.net > Subject: Re: [j-nsp] Radius - Static IP / ERX > > Once upon a time, Paul Stewart<p...@paulstewart.org> said: >> Getting ready to cut an ERX into production shortly and the only thing not >> working is static IP assignments via Radius. According to the docs, you > can >> use "Framed-IP-Address" the same as we do in Cisco land today.. but it >> doesn't' work. > Your example entry doesn't have a Framed-IP-Netmask set, which may be > required. > > Also, Framed-MTU is pretty much useless; since PPP is already negotiated > before RADIUS authentication occurs, link MTU is already established > before your Framed-MTU entry can have any affect (this has always been > the case with PPP+RADIUS, but lots of examples show Framed-MTU anyway). > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp