Multiple IP blocks in an "ip local pool" - cisco 3640

Cisco 3640 terminating remote connections;

Currently we assign IP addresses via radius packets, issuing the IP address for that user from the local pool (local pool defined, but RADIUS controls which IP each connection gets).  

interface Virtual-Template1
 ip unnumbered FastEthernet3/0
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 peer default ip address pool myippool
 ppp authentication pap chap
 ppp ipcp mask 255.255.255.128
!
ip local pool myippool 192.168.227.5 192.168.227.126
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.141.33
no ip http server


We have almost run out of issuable IP addresses for the current IP block listed in "myippool".  We have another non-contiguous IP block (192.168.56.128/26) which is currently terminating at this router, and partially used for a dedicated connection.

interface FastEthernet3/1.29
 description customer VLAN serial
 encapsulation isl 45
 ip address 192.168.56.137 255.255.255.248
 no ip redirects
 no ip route-cache
 no ip mroute-cache
 no cdp enable

we would like to use some of those remaining IP addresses in "myippool" so that we can issue them out to other connections as we do with the current IPs in "myippool".

Have tried just assigning one of the IP addresses to an end client without the IP addresses being listed in "myippool" and routing does not take place (connected, authenticated, IP sent, no routing).

Getting one large block and reassigning IP addresses to everyone isn't a feasible option since the usage of IP addresses is in a dedicated manner for most connections.
LVL 1
daveathsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Since you are using Radius to assign the users' IP addresses, why not just add another pool...

   ip local pool mypool2 192.168.56.129 192.168.56.xx

In the radius setup for each client, you should identify which pool the get the IP address from..
0
daveathsAuthor Commented:
Currently we are sending;

 Service-Type = Framed-User,
 Framed-Protocol = PPP,
 Framed-IP-Address = 192.168.227.62,
 Cisco-AVPair = "ip:inacl#0=permit tcp any 192.168.131.0 0.0.0.255 eq smtp",
 Cisco-AVPair = "ip:inacl#1=permit tcp any 192.168.176.0 0.0.0.255 eq smtp",
 Cisco-AVPair = "ip:inacl#2=deny tcp any any eq smtp",
 Cisco-AVPair = "ip:inacl#3=permit ip any any",
 Session-Timeout = 60567,
 Framed-MTU = 1500,
 Framed-Compression = Van-Jacobson-TCP-IP

What would we add to specify using the specific pool via RADIUS (I like that idea)

is another option to change the Virtual-Template1 to read
 peer default ip address pool myippool myippool2

then create the additional ip pool with the ip addresses we want?

Would prefer to control from RADIUS as you suggested, so would like to test both options.
0
daveathsAuthor Commented:
correct?
 cisco-avpair = "ip:addr-pool=myippool2"
0
lrmooreCommented:
It appears that you assign a specific IP address by user, so you don't even reference the IP pool by name, so it stands to reason that you can still just use the additional IP's in this same way..
>Framed-IP-Address = 192.168.56.129  <==

This will work with the "peer pool backup" command
   >peer pool backup
   >peer default ip address pool myippool myippool2

reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a00801a7e94.html#wp1184059
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
daveathsAuthor Commented:
as an addendum, the command actually used was just the...

   peer default ip address pool myippool myippool2

...inside the virtual template I was using. the "peer pool backup" wasn't accepted by the router/ios version inside the virtual template

It is however work fine without that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.