ip pool and netmasks with cicso as5400

2003-01-09 Thread Scott_Knight 
I have a cisco as5400 with an ip pool setup for dynamic ip address
assignment.  For ip address assignment I use a script on the radius server
to lookup the ip in a file, if there isn't one it assigns 255.255.255.254.
Here are the default entries in the users file and the quick and very dirty
perl script...

DEFAULT Auth-Type := System
Fall-Through = 1

DEFAULT Service-Type == Framed-User
Framed-IP-Netmask = 255.255.252.0,
Framed-MTU = 1500,
Service-Type = Framed-User,
Exec-Program-Wait = /usr/local/etc/raddb/getip.pl %u,
Fall-Through = Yes

DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

#!/usr/bin/perl

$user = $ARGV[0];

chop($pass = `grep -w ^$user /path/to/somefile`);
($userid, $f2, $pwd, $ip) = split(' ', $pass);

$ip = 255.255.255.254 unless $ip;
print Framed-IP-Address = $ip,\n;
exit 0;
===

The correct ip address is being assigned to the client but the netmask is
not.  The addresses are a subnet of a class B and the mask that gets
assigned is always 255.255.0.0 instead of the 255.255.252.0 even thought
the radius server is sending the correct mask to the as5400.  Here is the
radius and ppp debugging output on the cisco:

*Jan 30 00:16:16.671: RADIUS/ENCODE(0075): ask Username: 
*Jan 30 00:16:16.671: RADIUS/ENCODE(0075): send packet; GET_USER
*Jan 30 00:16:16.791: As1/78 PPP: Treating connection as a callin
*Jan 30 00:16:16.791: As1/78 PPP: Phase is ESTABLISHING, Passive Open
*Jan 30 00:16:16.791: As1/78 LCP: State is Listen
*Jan 30 00:16:16.799: As1/78 LCP: I CONFREQ [Listen] id 1 len 23
*Jan 30 00:16:16.799: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.799: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.799: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP:Callback 6  (0x0D0306)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREQ [Listen] id 1 len 24
*Jan 30 00:16:16.799: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.799: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:16.799: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:16.799: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREJ [Listen] id 1 len 7
*Jan 30 00:16:16.799: As1/78 LCP:Callback 6  (0x0D0306)
*Jan 30 00:16:16.903: As1/78 LCP: I CONFREQ [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.903: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.903: As1/78 LCP: O CONFACK [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.903: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.795: As1/78 LCP: TIMEout: State ACKsent
*Jan 30 00:16:18.795: As1/78 LCP: O CONFREQ [ACKsent] id 2 len 24
*Jan 30 00:16:18.795: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:18.795: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.795: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.795: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:18.795: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: I CONFACK [ACKsent] id 2 len 24
*Jan 30 00:16:18.883: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:18.883: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.883: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.883: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:18.883: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: State is Open
*Jan 30 00:16:18.883: As1/78 PPP: Phase is AUTHENTICATING, by this end
*Jan 30 00:16:18.895: As1/78 PAP: I AUTH-REQ id 1 len 19 from iptest
*Jan 30 00:16:18.895: As1/78 PAP: Authenticating peer iptest
*Jan 30 00:16:18.895: As1/78 PPP: Phase is FORWARDING, Attempting Forward
*Jan 30 00:16:18.895: As1/78 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Jan 30 00:16:18.895: RADIUS/ENCODE: Attribute has no value set for AAA
attribute clid
*Jan 30 00:16:18.895: RADIUS:  AAA Unsupported [91]  21
*Jan 30 00:16:18.895: RADIUS:   41 73 79 6E 63 31 2F 37 38 2A 53 65 72 69
61 6C  [Async1/78*Serial]
*Jan 30 00:16:18.895: RADIUS:   37 2F 31
[7/1]
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): Unsupported AAA attribute
parent-interface
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): Unsupported AAA attribute
parent-interface-type
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): acct_session_id: 163
*Jan 30 00:16:18.895: RADIUS(0075): sending
*Jan 30

ip addressing

2002-12-12 Thread Scott_Knight 
I am moving from a linux based commserver with digi ras cards in it to a
cisco as5400 and I'm going to run freeradius on the linux box.  for the
linux commserver i developed a web based interface for user administration
which updated /etc/passwd and a pap-secrets file.  Those users who would
get a static ip address had that address placed the the gcos (comments)
field in /etc/passwd along with the pap-secrets file.

It looks to me like I'll have to put a seperate user entry in the
raddb/users file in order to assign a static ip address.  Is that the case
or is there some way for me to use a DEFAULT entry and have the
Framed-IP-Address attribute be the result of a script or something?

Thanks...
--
Scott Knight, Network Analyst - SSM Health Care, Information Center
email: [EMAIL PROTECTED] + phone: 314.644.7344 + fax: 314.647.1037
Dad, when you come home with only shattered pieces of your dreams, your
little one can mend them like new with two magic words - 'Hi Dad!'
- Alan Beck in Fathers and Sons -


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html