Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Multiple IP blocks in an "ip local pool" - cisco 3640

Posted on 2004-10-25
Medium Priority
Last Modified: 2012-08-13
Cisco 3640 terminating remote connections;

Currently we assign IP addresses via radius packets, issuing the IP address for that user from the local pool (local pool defined, but RADIUS controls which IP each connection gets).  

interface Virtual-Template1
 ip unnumbered FastEthernet3/0
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 peer default ip address pool myippool
 ppp authentication pap chap
 ppp ipcp mask
ip local pool myippool
ip classless
ip route
no ip http server

We have almost run out of issuable IP addresses for the current IP block listed in "myippool".  We have another non-contiguous IP block ( which is currently terminating at this router, and partially used for a dedicated connection.

interface FastEthernet3/1.29
 description customer VLAN serial
 encapsulation isl 45
 ip address
 no ip redirects
 no ip route-cache
 no ip mroute-cache
 no cdp enable

we would like to use some of those remaining IP addresses in "myippool" so that we can issue them out to other connections as we do with the current IPs in "myippool".

Have tried just assigning one of the IP addresses to an end client without the IP addresses being listed in "myippool" and routing does not take place (connected, authenticated, IP sent, no routing).

Getting one large block and reassigning IP addresses to everyone isn't a feasible option since the usage of IP addresses is in a dedicated manner for most connections.
Question by:daveaths
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 79

Expert Comment

ID: 12400711
Since you are using Radius to assign the users' IP addresses, why not just add another pool...

   ip local pool mypool2 192.168.56.xx

In the radius setup for each client, you should identify which pool the get the IP address from..

Author Comment

ID: 12400888
Currently we are sending;

 Service-Type = Framed-User,
 Framed-Protocol = PPP,
 Framed-IP-Address =,
 Cisco-AVPair = "ip:inacl#0=permit tcp any eq smtp",
 Cisco-AVPair = "ip:inacl#1=permit tcp any eq smtp",
 Cisco-AVPair = "ip:inacl#2=deny tcp any any eq smtp",
 Cisco-AVPair = "ip:inacl#3=permit ip any any",
 Session-Timeout = 60567,
 Framed-MTU = 1500,
 Framed-Compression = Van-Jacobson-TCP-IP

What would we add to specify using the specific pool via RADIUS (I like that idea)

is another option to change the Virtual-Template1 to read
 peer default ip address pool myippool myippool2

then create the additional ip pool with the ip addresses we want?

Would prefer to control from RADIUS as you suggested, so would like to test both options.

Author Comment

ID: 12400936
 cisco-avpair = "ip:addr-pool=myippool2"
LVL 79

Accepted Solution

lrmoore earned 1000 total points
ID: 12401018
It appears that you assign a specific IP address by user, so you don't even reference the IP pool by name, so it stands to reason that you can still just use the additional IP's in this same way..
>Framed-IP-Address =  <==

This will work with the "peer pool backup" command
   >peer pool backup
   >peer default ip address pool myippool myippool2


Author Comment

ID: 13253731
as an addendum, the command actually used was just the...

   peer default ip address pool myippool myippool2

...inside the virtual template I was using. the "peer pool backup" wasn't accepted by the router/ios version inside the virtual template

It is however work fine without that.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question