Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
694
Views
0
Helpful
2
Replies

Cisco ACS ip pool problem

jmarkotic
Level 1
Level 1

‎09-30-2002 04:52 AM - edited ‎03-02-2019 01:43 AM

I have strange problem with Cisco Secure ACS 3.0

I created group and for dialin users. I need to assign them IP addresses from a pool (created on NAS). Under Group IP assignment I selected "Assigned from AAA client pool". And under user "IP address assignment" optins, I selected option "Use Group settings". Therefore, all users belonging to that group should be assigned address from local pool.

But when user from that group tries to connect I get strange error.

"Mismatch in addr and addr-pool attributes".

When I debug I see strange thing (Framed-IP-Address that shouldn't be there):

07:10:18: RADIUS: Cisco AVpair [1] 26 "ip:addr-pool=router_pool"

07:10:18: RADIUS: Service-Type [6] 6 Framed [2]

07:10:18: RADIUS: Framed-Protocol [7] 6 PPP [1]

07:10:18: RADIUS: Framed-IP-Address [8] 6 255.255.255.254

07:10:18: RADIUS: Received from id F

07:10:18: Se0 PPP/AAA: Check Attr: addr-pool

07:10:18: Se0 PPP/AAA: Check Attr: service-type

07:10:18: Se0 PPP/AAA: Check Attr: Framed-Protocol

07:10:18: Se0 PPP/AAA: Check Attr: addr07:10:18: Se0 AAA/AUTHOR/IPCP: Says use pool router_pool

07:10:18: Se0 AAA/AUTHOR/IPCP: Pool returned 195.11.22.30

07:10:18: Se0 AAA/AUTHOR/IPCP: Processing AV addr-pool

07:10:18: Se0 AAA/AUTHOR/IPCP: Processing AV addr

07:10:18: % AAA/AUTHOR/IPCP Se0: Attributes addr and addr-pool are mutually exclusive

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

07:10:18: Se0 AAA/AUTHOR/IPCP: Authorization denied

When I manually create Cisco AV pair for assigning IP address from pool (in the way I used it on Livingston radius):

Cisco AV pair:

ip:addr-pool=router_pool

then it works. Debug is not the same (there is no Framed-IP-Address) and no conflict between attributes.

03:04:43: RADIUS: Cisco AVpair [1] 26 "ip:addr-pool=router_pool"

03:04:43: RADIUS: Service-Type [6] 6 Framed [2]

03:04:43: RADIUS: Framed-Protocol [7] 6 PPP [1]

03:04:43: Se0 PPP: Received LOGIN Response from AAA = PASS

03:04:43: Se0 PPP/AAA: Check Attr: addr-pool

03:04:43: Se0 PPP/AAA: Check Attr: service-type

03:04:43: Se0 PPP/AAA: Check Attr: Framed-Protocol

What is wrong in the first scenario ?

Cisco ACS is ver. 3.0, and IOS is 12.2.11.

thanks,

Jura

Labels:
0 Helpful
2 Replies 2

mmellet
Level 3
Level 3

‎10-04-2002 10:29 AM

Sounds like it could be an IOS problem. I would try doing a search in Cisco's bug toolkit for "Attributes addr and addr-pool are mutually exclusive".

0 Helpful

jmarkotic
Level 1
Level 1
In response to mmellet

‎10-05-2002 02:36 AM

You are apsolutely right. I found exactly that bug in Bug Toolkit. But unfortunately seems that all 12.1 and 12.2 IOS versions are affected so I don't have much choice right now (bug is being watched).

thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card