RE: L2tp and fixed Framed IP Address for ADSL customers
Hello All Just to let you know that i finally find the solution to setup a fixed IP into an l2tp tunnel for my DSL subscribers I needed to tell Radius to send the fixed Framed IP address in the access-req packet by adding the following to my cisco config: radius-server attribute 8 include-in-access-req Hope this will help someone who will face the same problem -- |-Adil Bikarbass |-IT Manager, MTDS |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-gsm +212.6.139. 4541 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: mardi 28 mars 2006 20:10 To: freeradius-users@lists.freeradius.org Subject: Re: L2tp and fixed Framed IP Address for ADSL customers On Tue, 2006-28-03 at 12:05 -0500, Alan DeKok wrote: > "Adil Bikarbass" <[EMAIL PROTECTED]> wrote: > > My radius is listening on 1645 for auth and 1646 for acct, I can see the > > auth request coming into my radius box but the IP address is never got from > > the Framed-IP reply item but assigned from the Cisco pool > > > > Any clue about what could be the problem? > > The NAS. Fight with it some more. I don't think there's anything > you can do to FreeRADIUS to fix it. > Is the IP address in a valid range configured on the NAS? A Cisco will not assign an IP address that it is not configured to handle. It seems to me we used eigrp to handle the "static" ip address networks for our NAS servers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: L2tp and fixed Framed IP Address for ADSL customers
The static IP range is a statically routed subnet to the Cisco NAS We are not using Eigrp we use static routing Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: mardi 28 mars 2006 20:10 To: freeradius-users@lists.freeradius.org Subject: Re: L2tp and fixed Framed IP Address for ADSL customers On Tue, 2006-28-03 at 12:05 -0500, Alan DeKok wrote: > "Adil Bikarbass" <[EMAIL PROTECTED]> wrote: > > My radius is listening on 1645 for auth and 1646 for acct, I can see the > > auth request coming into my radius box but the IP address is never got from > > the Framed-IP reply item but assigned from the Cisco pool > > > > Any clue about what could be the problem? > > The NAS. Fight with it some more. I don't think there's anything > you can do to FreeRADIUS to fix it. > Is the IP address in a valid range configured on the NAS? A Cisco will not assign an IP address that it is not configured to handle. It seems to me we used eigrp to handle the "static" ip address networks for our NAS servers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: L2tp and fixed Framed IP Address for ADSL customers
On Tue, 2006-28-03 at 12:05 -0500, Alan DeKok wrote: > "Adil Bikarbass" <[EMAIL PROTECTED]> wrote: > > My radius is listening on 1645 for auth and 1646 for acct, I can see the > > auth request coming into my radius box but the IP address is never got from > > the Framed-IP reply item but assigned from the Cisco pool > > > > Any clue about what could be the problem? > > The NAS. Fight with it some more. I don't think there's anything > you can do to FreeRADIUS to fix it. > Is the IP address in a valid range configured on the NAS? A Cisco will not assign an IP address that it is not configured to handle. It seems to me we used eigrp to handle the "static" ip address networks for our NAS servers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: L2tp and fixed Framed IP Address for ADSL customers
"Adil Bikarbass" <[EMAIL PROTECTED]> wrote: > My radius is listening on 1645 for auth and 1646 for acct, I can see the > auth request coming into my radius box but the IP address is never got from > the Framed-IP reply item but assigned from the Cisco pool > > Any clue about what could be the problem? The NAS. Fight with it some more. I don't think there's anything you can do to FreeRADIUS to fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: L2tp and fixed Framed IP Address for ADSL customers
Thanks stefan But this is just a test password running on a private test platform Thanks for the hint anyway -- |-Adil Bikarbass |-IT Manager, MTDS |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-gsm +212.6.139. 4541 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco -Original Message- From: Stefan Winter [mailto:[EMAIL PROTECTED] Sent: mardi 28 mars 2006 11:50 To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: L2tp and fixed Framed IP Address for ADSL customers Hi there! You *REALLY* *SHOULDN'T* post 7-style passwords from Cisco on a public mailing list: http://www.alcrypto.co.uk/cisco/ Just enter your crypto stings into the box near the bottom and press enter. > l2tp tunnel password 7 04561F021C Good passwords are longer and include numbers, capitals and special characters. > username [EMAIL PROTECTED] password 7 060A5D355C Dito. Now that you've told the world your passwords, maybe you should change them. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: L2tp and fixed Framed IP Address for ADSL customers
Hi there! You *REALLY* *SHOULDN'T* post 7-style passwords from Cisco on a public mailing list: http://www.alcrypto.co.uk/cisco/ Just enter your crypto stings into the box near the bottom and press enter. > l2tp tunnel password 7 04561F021C Good passwords are longer and include numbers, capitals and special characters. > username [EMAIL PROTECTED] password 7 060A5D355C Dito. Now that you've told the world your passwords, maybe you should change them. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: L2tp and fixed Framed IP Address for ADSL customers
Hello All, My Cisco NAS is listening to responses from FreeRadius here is my Cisco config aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius ! vpdn enable vpdn search-order domain vpdn domain-delimiter @ suffix ! vpdn-group l2tp accept-dialin protocol l2tp virtual-template 1 terminate-from hostname BAS local name rabatgw lcp renegotiation on-mismatch l2tp tunnel password 7 04561F021C ! username [EMAIL PROTECTED] password 7 060A5D355C ! interface Loopback0 ip address 192.168.1.1 255.255.255.224 ! ! interface Virtual-Template1 ip unnumbered Loopback0 ip tcp header-compression peer default ip address pool AS keepalive 10 255 ppp authentication pap chap ppp timeout idle 1 ! ip local pool AS 192.168.1.2 192.168.1.10 ! radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 141A060F1F0 12939213C38303B4351 My radius is listening on 1645 for auth and 1646 for acct, I can see the auth request coming into my radius box but the IP address is never got from the Framed-IP reply item but assigned from the Cisco pool Any clue about what could be the problem? Thanks -- |-Adil Bikarbass |-IT Manager, MTDS |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-gsm +212.6.139. 4541 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: lundi 20 mars 2006 16:26 To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: L2tp and fixed Framed IP Address for ADSL customers "Adil Bikarbass" <[EMAIL PROTECTED]> wrote: > I'm using a Cisco 3845. The ADSL users are connecting just fine over the > L2tp tunnel the issue is that they're getting dynamically assigned address > from the Cisco IP pool even if a fixed IP is set on FreeRadius attributes Then fix the NAS. Read the Cisco documentation to see how to configure it to listen to the response from FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: L2tp and fixed Framed IP Address for ADSL customers
"Adil Bikarbass" <[EMAIL PROTECTED]> wrote: > I'm using a Cisco 3845. The ADSL users are connecting just fine over the > L2tp tunnel the issue is that they're getting dynamically assigned address > from the Cisco IP pool even if a fixed IP is set on FreeRadius attributes Then fix the NAS. Read the Cisco documentation to see how to configure it to listen to the response from FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html