hi , u r  right ,  there is AAA on my router ,

but any way , can i  prevent it from my router ????  

the link above is not working !

i dsocvered that i have 4 routes and want to remove them :

B2#sh ip route | i  U

       ia - IS-IS inter area, * - candidate default, U - per-user static route

U      x.x.79.0/24 [1/0] via 1x.x.79.254

U      x.x.66.0/24 [1/0] via 1x.x.150.1

U       x.x.67.0/24 [1/0] via x.x.67.134

U       x.x.64.0/24 [1/0] via x.x.150.1

Can you put ur config?

or try to go in config mode and then run this cooamd: no ip route ......

Regards

Please rate if it helps.

i tried to remove it but ==>

%No matching route to delete

!!!!!!!!!!!!!!!!!!

=================================

b2#sh run

Building configuration...

Current configuration : 7349 bytes

!

! Last configuration change at 10:42:08 GMT+3 Tue Nov 6 2012 byxxxxx

!

upgrade fpd auto

version 12.4

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

no service dhcp

!

hostname xxxx

!

boot-start-marker

boot system disk2:c7200p-advipservicesk9-mz.124-24.T4.bin

boot-end-marker

!

logging message-counter syslog

logging buffered 256000

enable secret 5 xxxxx

!

aaa new-model

!

!

aaa group server radius radiusservers

server-private xxxx auth-port xx acct-port xxx key 7 xxxxx

server-private xxxxx2 auth-port xxxacct-port xxxx key 7 1xxxxxx

!

aaa authentication login adminstaff local

aaa authentication login sdm_vpn_xauth_ml_1 group radius

aaa authentication login ahmad local

aaa authentication ppp vpdn local group radiusservers

aaa authorization network default group radius local

aaa authorization network vpdn local group radiusservers

aaa authorization network sdm_vpn_group_ml_1 local

aaa accounting delay-start

aaa accounting update newinfo periodic 10

aaa accounting network vpdn

action-type start-stop

broadcast

group radiusservers

!

!

aaa server radius dynamic-author

client xxxxx server-key 7 xxxxx

!

aaa session-id common

clock timezone GMT+3 3

no ip source-route

no ip gratuitous-arps

ip cef

no ip bootp server

ip name-server 1xxxxx

ip name-server 1xxxxxxx

login block-for 180 attempts 3 within 60

login quiet-mode access-class telnet

login on-failure log

login on-success log

ipv6 unicast-routing

ipv6 cef

ipv6 dhcp pool dhcp6

address prefix 2xxxxx/64 lifetime infinite infinite

link-address xxxxx/64

dns-server xxxxxxx

dns-server xxxxxxxx844

!

!

multilink bundle-name authenticated

vpdn enable

vpdn logging

vpdn logging local

vpdn history failure table-size 50

!

vpdn-group xxxxxx

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname xxxxxxx

local name xxxxxx

lcp renegotiation on-mismatch

l2tp tunnel password xxxxxxx

l2tp tunnel timeout no-session 60

ip mtu adjust

!

archive

log config

  hidekeys

!

!

crypto isakmp policy 1

encrxxxxx

authentication pre-share

grouxxxx

!

!

!

!

interface Loopback0

ip address xxxxx

!

interface Loopback1

ip address 1xxxxxxx

!

interface Loopback2

no ip address

ipv6 address xxxxxxx

!

interface Loopback30

no ip address

!

interface Loopback44

no ip address

!

interface Loopback110

no ip address

ipv6 address xxxxxxx

interface GigabitEthernet0/1

description xxxxx

ip address 1xxxxxx

no ip redirects

no ip unreachables

no ip proxy-arp

load-interval 30

duplex auto

speed auto

media-type rj45

negotiation auto

ipv6 address 2xxxxxxx

!

interface GigabitEthernet0/1.1

descriptionxxxxxxxx

encapsulation dot1Q xxx

ip address xxxxxxx

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface GigabitEthernet0/1.2

description xxxx

encapsulation dot1Q 2

ip address xxxxxxx

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface FastEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

media-type rj45

negotiation auto

ipv6 address xxxxx

!

interface GigabitEthernet0/3

no ip address

shutdown

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface Virtual-Template1

ip tcp adjust-mss xxxx

no logging event link-status

peer default ip address pool xxxxx

ppp mtu adaptive

ppp authentication pap vpdn

ppp authorization vpdn

ppp accounting vpdn

!

interface Virtual-Template11 type tunnel

ip unnumbered GigabitEthernet0/1.2

!

zzzzzzzzzzzzzzzzzzzzzzzzzzzzz

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 1xxxxxxx

ip routexxxxxx 255.255.255.0 xxxxxx

ip routexxxxxx 255.255.255.0 xxxxxx

ip routexxxxxx 255.255.255.0 xxxxxx

ip routexxxxxx 255.255.255.0 xxxxxx

no ip http server

no ip http secure-server

!

!

!

!

ip radius source-interface GigabitEthernet0/1

logging alarm informational

ipv6 local pool a1 zzzzzzzzzzzzz

!

!

!

!

!

!

snmp-server community xxxxxxxxxxxxxxx RO

radius-server attribute nas-port format d

radius-server configure-nas

radius-server host xxxxx auth-port 1812 acct-port xx key xxxxx

radius-server retransmit 0

radius-server key xxxxxxx

radius-server vsa send cisco-nas-port

radius-server vsa send accounting

radius-server vsa send authentication

!

control-plane

!

!

!

!

!

!

!

Hi ,

Have you tried this:

may be you are using different subnet mask than the one you used. As per the route table entry mask is /29

try this,

1] b2(config)#no ip route xx.xx.xx.xx 255.255.255.0 xx.xx.xx.xx

use like this

b2(config)#no ip route x.x.79.0 255.255.255.0 1x.x.79.254

b2(config)#no ip route x.x.66.0/24 255.255.255.0 1x.x.150.1

b2(config)#no ip route x.x.67.0 255.255.255.0  x.x.67.134

b2(config)#no ip route x.x.64.0 255.255.255.0 x.x.150.1

or 2] Other easy method would be check the running config and copy paste with "no" in the begining.

show run | include ip route

Copy the static route statment and paste it as is with "no " in global config and verify routing table.

if still fails then please paste output of :

sh ip route

Reagrds

please rate if it helps.

hi ,

those routes are not in the running config  >>>>>>>>>  it just added from AAA , my request now , wt  command to put on my router to prevent these routes from the AAA
????

I TRIED REOMVING THEM MANAULLY BUT THE SAME ISSUE !!!!

sh ip route

     zzzzz/16 is variably subnetted, 568 subnets, 2 masks

C       zzz3/32 is directly connected, Virtual-Access11

C       zzzz32 is directly connected, Virtual-Access1369

C       zzzz/32 is directly connected, Virtual-Access874

C      zzzz32 is directly connected, Virtual-Access1061

C       18zzzz5/32 is directly connected, Virtual-Access385

C       zzzzz4/32 is directly connected, Virtual-Access1400

C      zzzzz2 is directly connected, Virtual-Access1152

C       1zzzz2 is directly connected, Virtual-Access663

C       zzzz69/32 is directly connected, Virtual-Access1232

C       1zzzz32 is directly connected, Virtual-Access1003

C       1zzz1/32 is directly connected, Virtual-Access519

C      zzzz2 is directly connected, Virtual-Access1044

C      zzzz/32 is directly connected, Virtual-Access1273

C       1zzzz/32 is directly connected, Virtual-Access961

C       zzzzz/32 is directly connected, Virtual-Access985

C       zzzzz/32 is directly connected, Virtual-Access1301

C       zzzzz/32 is directly connected, Virtual-Access1506

C       zzzzzz/32 is directly connected, Virtual-Access1261

C       zzzz/32 is directly connected, Virtual-Access895

as u see alot of users , i use pipe to see the U route

!!!!!!!!!

clear ip route download

To clear static routes downloaded from an authentication, authorization, and accounting (AAA) server, use the clear ip route download command in EXEC mode.

clear ip route download {* | network-number network-mask |

Then u have to remove manually like this:

clear ip route download xx.xx.xx.xx (put correct mask-255.255.255.255)

clear interface virtual-access

To tear down the virtual access interface and free the memory for other dial-in uses, use the clear interface virtual-access command in EXEC mode.

clear interface virtual-access number

Regards

Please rate if it helps.

but it seems not supported in my ios !!!!!!!!!!!!!!!!!!

B2#clear ip route ?

  *             Delete all routes

  A.B.C.D       Destination network route to delete

  dhcp          Delete route added by DHCP Server or Relay

  update-queue  Clear update queue statistics

  vrf           Clear routes for a VPN Routing/Forwarding instance

B2#clear ip route

as u see, no download choice exist ?

!!!!

?????????????????

May be this document helps.

http://www.cisco.com/en/US/docs/ios/12_2/dial/command/reference/drfchcp.html#wp1025853

or follow this forum:

https://supportforums.cisco.com/thread/2001166

Regards

HI , i read it ,

but the command is not supported with my iso !!!!!!!!!!

i have alot of currently users and dont want to disconnect them , also in the same way i just wantot block the the U router from the AAA.

how can i do it ??????????????????

i searced alot in cisco fourms but no similar problem !!!!!

??????????????

how to block specific attrivute from  router ??

i searched and found it is a "route attribute

my question is how to block this specific attribute only ?

Hi,

       Radius-server attribute 25

To include the class attribute in access-request, use the radius-server attribute 25 command in global configuration mode. To disable class RADIUS configuration, use the no form of this command.

radius-server attribute ..........

no radius-server attribute .....................

Regards