Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2183
Views
0
Helpful
3
Replies

Cisco secure ACS configuration

paul.clifford
Level 1
Level 1

‎01-14-2002 04:42 PM - edited ‎02-21-2020 09:58 AM

I would like to know if anyone has setup an ACS server using Radius to act as a DHCP server. We are

using ACS server version 2.5 and we are trying to let the server pass information such as DNS suffix to the authenticated dial in client. At the moment the router is assigning the ip address with the "ip local pool" command but we can't forward the domain to the client thus the reason to try and make the radius ACS server supply the info like a DHCP server.

Is this possible ? If so can you point me in the right direction.

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

jduffek
Level 1
Level 1

‎01-18-2002 04:54 PM

I am not 100% sure if this is possible or not. What I can find at support.microsoft.com says it is not:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q200211

I heard that you can do this with newer microsoft clients using dhcp inform but I don't know how to set it up and I cannot find anything on microsofts site.

If you contact microsoft ask them, "how do I get my client setup so that it asks for the dns suffix with dhcp inform?" or whatever...

Josh

0 Helpful

wmollyhorn
Level 1
Level 1

‎01-25-2002 05:09 AM

You may want to try to have the router assign the domain name to your clients. Use the ip dhcp pool [pool name} command in config mode, you can then define your domain name, dns servers, even exclude addresses.

I do believe that this is a new command set in the 12.0 IOS though, so if that isn't what you're running, this may be of no use.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cddhcp.htm

0 Helpful

vijkrish
Cisco Employee
Cisco Employee
In response to wmollyhorn

‎01-25-2002 05:22 AM

To add to the previous post...

The most recent version of the assigned numbers shows that addresses for DNS servers has been added to the host addresses IPCP can give the PPP client. It does not include the DNS suffix. [excerpts below]

Remember that it does little good to send parameters through IPCP unless the client is prepared to configure its stack with them. Even if you added the parameter to IPCP, the clients would have to use it.

The trend is to use DHCP for these parameters. DHCP can operate over PPP as easily as over ethernet, and can request parameters (which it calls options) even if the client already has an IP address.

One alternative would be if Microsoft's networking software did a DHCP request for the Domain Name Option (15) when it brings up a PPP interface? The solution might be as simple as adding DHCP

(it is just a protocol) to the NAS, or configuring the NAS to relay DHCP requests to ACS which could answer DHCP requests as easily as it handles RADIUS requests.

http://www.iana.org/assignments/ppp-numbers

POINT-TO-POINT PROTOCOL FIELD ASSIGNMENTS

PPP DLL PROTOCOL NUMBERS

(last updated 2002 January 16)

...

PPP IPCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Internet Protocol Control Protocol

(IPCP) specifies a number of Configuration Options which are

distinguished by an 8 bit Type field. These Types are assigned as

follows:

Type Configuration Option

---- --------------------

1 IP-Addresses (deprecated) [RFC1332]

2 IP-Compression-Protocol [RFC1332]

3 IP-Address [RFC1332]

4 Mobile-IPv4 [RFC2290]

129 Primary DNS Server Address [RFC1877]

130 Primary NBNS Server Address [RFC1877]

131 Secondary DNS Server Address [RFC1877]

132 Secondary NBNS Server Address [RFC1877]

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents