Multiple IP blocks in an "ip local pool" - cisco 3640
Cisco 3640 terminating remote connections;
Currently we assign IP addresses via radius packets, issuing the IP address for that user from the local pool (local pool defined, but RADIUS controls which IP each connection gets).
interface Virtual-Template1
ip unnumbered FastEthernet3/0
no ip redirects
no ip proxy-arp
ip mtu 1492
peer default ip address pool myippool
ppp authentication pap chap
ppp ipcp mask 255.255.255.128
!
ip local pool myippool 192.168.227.5 192.168.227.126
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.141.33
no ip http server
We have almost run out of issuable IP addresses for the current IP block listed in "myippool". We have another non-contiguous IP block (192.168.56.128/26) which is currently terminating at this router, and partially used for a dedicated connection.
interface FastEthernet3/1.29
description customer VLAN serial
encapsulation isl 45
ip address 192.168.56.137 255.255.255.248
no ip redirects
no ip route-cache
no ip mroute-cache
no cdp enable
we would like to use some of those remaining IP addresses in "myippool" so that we can issue them out to other connections as we do with the current IPs in "myippool".
Have tried just assigning one of the IP addresses to an end client without the IP addresses being listed in "myippool" and routing does not take place (connected, authenticated, IP sent, no routing).
Getting one large block and reassigning IP addresses to everyone isn't a feasible option since the usage of IP addresses is in a dedicated manner for most connections.
Currently we assign IP addresses via radius packets, issuing the IP address for that user from the local pool (local pool defined, but RADIUS controls which IP each connection gets).
interface Virtual-Template1
ip unnumbered FastEthernet3/0
no ip redirects
no ip proxy-arp
ip mtu 1492
peer default ip address pool myippool
ppp authentication pap chap
ppp ipcp mask 255.255.255.128
!
ip local pool myippool 192.168.227.5 192.168.227.126
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.141.33
no ip http server
We have almost run out of issuable IP addresses for the current IP block listed in "myippool". We have another non-contiguous IP block (192.168.56.128/26) which is currently terminating at this router, and partially used for a dedicated connection.
interface FastEthernet3/1.29
description customer VLAN serial
encapsulation isl 45
ip address 192.168.56.137 255.255.255.248
no ip redirects
no ip route-cache
no ip mroute-cache
no cdp enable
we would like to use some of those remaining IP addresses in "myippool" so that we can issue them out to other connections as we do with the current IPs in "myippool".
Have tried just assigning one of the IP addresses to an end client without the IP addresses being listed in "myippool" and routing does not take place (connected, authenticated, IP sent, no routing).
Getting one large block and reassigning IP addresses to everyone isn't a feasible option since the usage of IP addresses is in a dedicated manner for most connections.
ASKER
Currently we are sending;
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.227.62,
Cisco-AVPair = "ip:inacl#0=permit tcp any 192.168.131.0 0.0.0.255 eq smtp",
Cisco-AVPair = "ip:inacl#1=permit tcp any 192.168.176.0 0.0.0.255 eq smtp",
Cisco-AVPair = "ip:inacl#2=deny tcp any any eq smtp",
Cisco-AVPair = "ip:inacl#3=permit ip any any",
Session-Timeout = 60567,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
What would we add to specify using the specific pool via RADIUS (I like that idea)
is another option to change the Virtual-Template1 to read
peer default ip address pool myippool myippool2
then create the additional ip pool with the ip addresses we want?
Would prefer to control from RADIUS as you suggested, so would like to test both options.
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.227.62,
Cisco-AVPair = "ip:inacl#0=permit tcp any 192.168.131.0 0.0.0.255 eq smtp",
Cisco-AVPair = "ip:inacl#1=permit tcp any 192.168.176.0 0.0.0.255 eq smtp",
Cisco-AVPair = "ip:inacl#2=deny tcp any any eq smtp",
Cisco-AVPair = "ip:inacl#3=permit ip any any",
Session-Timeout = 60567,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
What would we add to specify using the specific pool via RADIUS (I like that idea)
is another option to change the Virtual-Template1 to read
peer default ip address pool myippool myippool2
then create the additional ip pool with the ip addresses we want?
Would prefer to control from RADIUS as you suggested, so would like to test both options.
ASKER
correct?
cisco-avpair = "ip:addr-pool=myippool2"
cisco-avpair = "ip:addr-pool=myippool2"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
as an addendum, the command actually used was just the...
peer default ip address pool myippool myippool2
...inside the virtual template I was using. the "peer pool backup" wasn't accepted by the router/ios version inside the virtual template
It is however work fine without that.
peer default ip address pool myippool myippool2
...inside the virtual template I was using. the "peer pool backup" wasn't accepted by the router/ios version inside the virtual template
It is however work fine without that.
ip local pool mypool2 192.168.56.129 192.168.56.xx
In the radius setup for each client, you should identify which pool the get the IP address from..