Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1519
Views
5
Helpful
2
Replies

Handling framed IP/RADIUS attribute type [8] on the NAS

CSCO10576352
Level 1
Level 1

‎08-29-2017 05:56 AM - edited ‎03-12-2019 04:30 AM

Hi all, we are currently trying to setup a cisco 3925 as a NAS to process/pass back the RADIUS type 8 framed ip attribute to the client upon connection over PSTN (router is running code image c3900-universalk9-mz.SPA.154-3.M8.bin").

We are at the point where the initial authentication has taken place for the client against the RADIUS host and can see the framed ip information being passed back to our router as per the below debug radius output:

Aug 29 11:54:50.192 GMT: RADIUS:  Framed-IP-Address   [8]   6   10.1.1.26
We also then go onto see the flowing debug output:
Aug 29 12:22:55.450 GMT: As0/1/1 IPCP:    Address 0.0.0.0 (0x030600000000)
Aug 29 12:22:55.450 GMT: As0/1/1 IPCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
Aug 29 12:22:55.586 GMT: As0/1/1 IPCP: I CONFREQ [ACKrcvd] id 19 len 10
Aug 29 12:22:55.586 GMT: As0/1/1 IPCP:    Address 0.0.0.0 (0x030600000000)
Aug 29 12:22:55.586 GMT: As0/1/1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0
Aug 29 12:22:55.586 GMT: As0/1/1 IPCP: No peer address configured
Aug 29 12:22:55.586 GMT: As0/1/1 IPCP: Neither side knows remote address

It doesn’t appear that the router is processing the response back from the RADIUS server correctly and assigning the appropriate ip address to the dialled up client (dialled up over pstn).
The current configuration in place relating to what we think is required below (note I have changed the real IPs in the below snippet and debug above for security purposes.):

radius server radius_server_1
 address ipv4 192.168.1.131 auth-port 1812 acct-port 1813
 key abc123

radius server radius_server_2
 address ipv4 192.168.1.132 auth-port 1812 acct-port 1813
 key abc123

aaa authentication ppp default group radius
aaa authorization configuration default group radius
aaa accounting network default start-stop group radius

interface Group-Async0
 ip unnumbered Loopback96
 encapsulation ppp
 no peer default ip address
 async mode dedicated
 no snmp trap link-status
 no keepalive
 ppp authentication chap callin
 group-range 0/1/0 0/1/1
 routing dynamic

ip radius source-interface Loopback96

 

radius-server attribute 8 include-in-access-req

 

I would really appreciate some feedback as to whats mssing in order that the framed ip in the response from the RADIUS host is passed back to the client dialling in.

 

We have also tried configuring a local ip pool against the Async interface within the same range  as the framed  ip address  but the client simply takes the first ip address in the pool instead.

 

Thanks for reading through.

 

Regards

 

Dan

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎09-28-2017 02:43 AM

Hi,

Shouldn't you configure:

radius-server attribute 8 include-in-access-req ?

CSCO10576352
Level 1
Level 1
In response to Flavio Miranda

‎10-06-2017 05:14 AM

Hi, thanks for the reply, yes i did originaly have that command listed above. We managed to get it working in the end through numerous tweaks :)

 

0 Helpful
Customers Also Viewed These Support Documents