I have a cisco as5400 with an ip pool setup for dynamic ip address
assignment. For ip address assignment I use a script on the radius server
to lookup the ip in a file, if there isn't one it assigns 255.255.255.254.
Here are the default entries in the users file and the quick and very dirty
perl script...
DEFAULT Auth-Type := System
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Netmask = 255.255.252.0,
Framed-MTU = 1500,
Service-Type = Framed-User,
Exec-Program-Wait = /usr/local/etc/raddb/getip.pl %u,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#!/usr/bin/perl
$user = $ARGV[0];
chop($pass = `grep -w ^$user /path/to/somefile`);
($userid, $f2, $pwd, $ip) = split(' ', $pass);
$ip = 255.255.255.254 unless $ip;
print Framed-IP-Address = $ip,\n;
exit 0;
===
The correct ip address is being assigned to the client but the netmask is
not. The addresses are a subnet of a class B and the mask that gets
assigned is always 255.255.0.0 instead of the 255.255.252.0 even thought
the radius server is sending the correct mask to the as5400. Here is the
radius and ppp debugging output on the cisco:
*Jan 30 00:16:16.671: RADIUS/ENCODE(0075): ask Username:
*Jan 30 00:16:16.671: RADIUS/ENCODE(0075): send packet; GET_USER
*Jan 30 00:16:16.791: As1/78 PPP: Treating connection as a callin
*Jan 30 00:16:16.791: As1/78 PPP: Phase is ESTABLISHING, Passive Open
*Jan 30 00:16:16.791: As1/78 LCP: State is Listen
*Jan 30 00:16:16.799: As1/78 LCP: I CONFREQ [Listen] id 1 len 23
*Jan 30 00:16:16.799: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.799: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.799: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP:Callback 6 (0x0D0306)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREQ [Listen] id 1 len 24
*Jan 30 00:16:16.799: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.799: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:16.799: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:16.799: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREJ [Listen] id 1 len 7
*Jan 30 00:16:16.799: As1/78 LCP:Callback 6 (0x0D0306)
*Jan 30 00:16:16.903: As1/78 LCP: I CONFREQ [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.903: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.903: As1/78 LCP: O CONFACK [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.903: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.795: As1/78 LCP: TIMEout: State ACKsent
*Jan 30 00:16:18.795: As1/78 LCP: O CONFREQ [ACKsent] id 2 len 24
*Jan 30 00:16:18.795: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:18.795: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.795: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.795: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:18.795: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: I CONFACK [ACKsent] id 2 len 24
*Jan 30 00:16:18.883: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:18.883: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.883: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.883: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:18.883: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: State is Open
*Jan 30 00:16:18.883: As1/78 PPP: Phase is AUTHENTICATING, by this end
*Jan 30 00:16:18.895: As1/78 PAP: I AUTH-REQ id 1 len 19 from iptest
*Jan 30 00:16:18.895: As1/78 PAP: Authenticating peer iptest
*Jan 30 00:16:18.895: As1/78 PPP: Phase is FORWARDING, Attempting Forward
*Jan 30 00:16:18.895: As1/78 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Jan 30 00:16:18.895: RADIUS/ENCODE: Attribute has no value set for AAA
attribute clid
*Jan 30 00:16:18.895: RADIUS: AAA Unsupported [91] 21
*Jan 30 00:16:18.895: RADIUS: 41 73 79 6E 63 31 2F 37 38 2A 53 65 72 69
61 6C [Async1/78*Serial]
*Jan 30 00:16:18.895: RADIUS: 37 2F 31
[7/1]
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): Unsupported AAA attribute
parent-interface
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): Unsupported AAA attribute
parent-interface-type
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): acct_session_id: 163
*Jan 30 00:16:18.895: RADIUS(0075): sending
*Jan 30