Solved

Multiple IP blocks in an "ip local pool" - cisco 3640

Posted on 2004-10-25
720 Views
Last Modified: 2012-08-13
Cisco 3640 terminating remote connections;

Currently we assign IP addresses via radius packets, issuing the IP address for that user from the local pool (local pool defined, but RADIUS controls which IP each connection gets).  

interface Virtual-Template1
 ip unnumbered FastEthernet3/0
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 peer default ip address pool myippool
 ppp authentication pap chap
 ppp ipcp mask 255.255.255.128
!
ip local pool myippool 192.168.227.5 192.168.227.126
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.141.33
no ip http server


We have almost run out of issuable IP addresses for the current IP block listed in "myippool".  We have another non-contiguous IP block (192.168.56.128/26) which is currently terminating at this router, and partially used for a dedicated connection.

interface FastEthernet3/1.29
 description customer VLAN serial
 encapsulation isl 45
 ip address 192.168.56.137 255.255.255.248
 no ip redirects
 no ip route-cache
 no ip mroute-cache
 no cdp enable

we would like to use some of those remaining IP addresses in "myippool" so that we can issue them out to other connections as we do with the current IPs in "myippool".

Have tried just assigning one of the IP addresses to an end client without the IP addresses being listed in "myippool" and routing does not take place (connected, authenticated, IP sent, no routing).

Getting one large block and reassigning IP addresses to everyone isn't a feasible option since the usage of IP addresses is in a dedicated manner for most connections.
0
Question by:daveaths
    5 Comments
     
    LVL 79

    Expert Comment

    by:lrmoore
    Since you are using Radius to assign the users' IP addresses, why not just add another pool...

       ip local pool mypool2 192.168.56.129 192.168.56.xx

    In the radius setup for each client, you should identify which pool the get the IP address from..
    0
     
    LVL 1

    Author Comment

    by:daveaths
    Currently we are sending;

     Service-Type = Framed-User,
     Framed-Protocol = PPP,
     Framed-IP-Address = 192.168.227.62,
     Cisco-AVPair = "ip:inacl#0=permit tcp any 192.168.131.0 0.0.0.255 eq smtp",
     Cisco-AVPair = "ip:inacl#1=permit tcp any 192.168.176.0 0.0.0.255 eq smtp",
     Cisco-AVPair = "ip:inacl#2=deny tcp any any eq smtp",
     Cisco-AVPair = "ip:inacl#3=permit ip any any",
     Session-Timeout = 60567,
     Framed-MTU = 1500,
     Framed-Compression = Van-Jacobson-TCP-IP

    What would we add to specify using the specific pool via RADIUS (I like that idea)

    is another option to change the Virtual-Template1 to read
     peer default ip address pool myippool myippool2

    then create the additional ip pool with the ip addresses we want?

    Would prefer to control from RADIUS as you suggested, so would like to test both options.
    0
     
    LVL 1

    Author Comment

    by:daveaths
    correct?
     cisco-avpair = "ip:addr-pool=myippool2"
    0
     
    LVL 79

    Accepted Solution

    by:
    It appears that you assign a specific IP address by user, so you don't even reference the IP pool by name, so it stands to reason that you can still just use the additional IP's in this same way..
    >Framed-IP-Address = 192.168.56.129  <==

    This will work with the "peer pool backup" command
       >peer pool backup
       >peer default ip address pool myippool myippool2

    reference:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a00801a7e94.html#wp1184059
    0
     
    LVL 1

    Author Comment

    by:daveaths
    as an addendum, the command actually used was just the...

       peer default ip address pool myippool myippool2

    ...inside the virtual template I was using. the "peer pool backup" wasn't accepted by the router/ios version inside the virtual template

    It is however work fine without that.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
    The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now