R: R: Cisco VRF + Radius
You don't need to set up vrf templates if everyone is going to use the default radius server and default authentication and au6thorization groups. It's optional. Thanks Ivan, now it's clear I don't need templates... What does debug radius and debug ppp negotiation on Cisco say about why was the Framed-IP-Address rejected. If it fails on IPCP then your route is the problem. Since it all goes well without it ... Yes, the problem was on the nas side. Now it seems to understand and correctly assign the IP address to the cpe. Ivan Kalik Kalik Informatika ISP Thanks, Francesco Cristofori. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: Cisco VRF + Radius
Putting a User into a certain VRF is quite simple: vrfuser User-Password == topsecret Cisco-AVPair += lcp:interface-config#1=ip vrf forwarding \ VRFNAME, Thank you Gerald, this is what I need to do. I tried using this method, but I end up with access-accept reply (from radiusd -X) like this: Sending Access-Accept of id 20 to x.y.159.252 port 1645 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Ascend-Client-Primary-DNS = x.y.z.1 Ascend-Client-Secondary-DNS = x.y.z.2 Session-Timeout = 2 Cisco-AVPair = lcp:interface-config#1=ip vrf forwarding Satcom Framed-IP-Address = x.y.129.239 This seems correct to me, but the NAS ignores the Framed-IP-Address so the cpe never gets an Ip address. The IP address is taken from an ippool, the other attributes are stored in sql, everything works fine without that cisco-avpair attribute. Any hint? Thanks in advance, Francesco. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: Cisco VRF + Radius
Hi Kalik, thanks for your reply. I had a look at the cisco doc on vrf forwarding, but I think it's not what I need to do. I don't need to put all template items in fr, but only to select the vrf based on group which the user belongs to. Did I miss the point? Do I need to configure Templates inside radius? Thanks, Francesco. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Cisco VRF + Radius
You don't need to set up vrf templates if everyone is going to use the default radius server and default authentication and au6thorization groups. It's optional. What does debug radius and debug ppp negotiation on Cisco say about why was the Framed-IP-Address rejected. If it fails on IPCP then your route is the problem. Since it all goes well without it ... Ivan Kalik Kalik Informatika ISP Dana 9/7/2007, Francesco Cristofori [EMAIL PROTECTED] piše: Putting a User into a certain VRF is quite simple: vrfuser User-Password == topsecret Cisco-AVPair += lcp:interface-config#1=ip vrf forwarding \ VRFNAME, Thank you Gerald, this is what I need to do. I tried using this method, but I end up with access-accept reply (from radiusd -X) like this: Sending Access-Accept of id 20 to x.y.159.252 port 1645 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Ascend-Client-Primary-DNS = x.y.z.1 Ascend-Client-Secondary-DNS = x.y.z.2 Session-Timeout = 2 Cisco-AVPair = lcp:interface-config#1=ip vrf forwarding Satcom Framed-IP-Address = x.y.129.239 This seems correct to me, but the NAS ignores the Framed-IP-Address so the cpe never gets an Ip address. The IP address is taken from an ippool, the other attributes are stored in sql, everything works fine without that cisco-avpair attribute. Any hint? Thanks in advance, Francesco. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
