Multiple IP blocks in an "ip local pool" - cisco 3640

Cisco 3640 terminating remote connections;

Currently we assign IP addresses via radius packets, issuing the IP address for that user from the local pool (local pool defined, but RADIUS controls which IP each connection gets).  

interface Virtual-Template1
 ip unnumbered FastEthernet3/0
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 peer default ip address pool myippool
 ppp authentication pap chap
 ppp ipcp mask
ip local pool myippool
ip classless
ip route
no ip http server

We have almost run out of issuable IP addresses for the current IP block listed in "myippool".  We have another non-contiguous IP block ( which is currently terminating at this router, and partially used for a dedicated connection.

interface FastEthernet3/1.29
 description customer VLAN serial
 encapsulation isl 45
 ip address
 no ip redirects
 no ip route-cache
 no ip mroute-cache
 no cdp enable

we would like to use some of those remaining IP addresses in "myippool" so that we can issue them out to other connections as we do with the current IPs in "myippool".

Have tried just assigning one of the IP addresses to an end client without the IP addresses being listed in "myippool" and routing does not take place (connected, authenticated, IP sent, no routing).

Getting one large block and reassigning IP addresses to everyone isn't a feasible option since the usage of IP addresses is in a dedicated manner for most connections.
Who is Participating?
lrmooreConnect With a Mentor Commented:
It appears that you assign a specific IP address by user, so you don't even reference the IP pool by name, so it stands to reason that you can still just use the additional IP's in this same way..
>Framed-IP-Address =  <==

This will work with the "peer pool backup" command
   >peer pool backup
   >peer default ip address pool myippool myippool2

Since you are using Radius to assign the users' IP addresses, why not just add another pool...

   ip local pool mypool2 192.168.56.xx

In the radius setup for each client, you should identify which pool the get the IP address from..
daveathsAuthor Commented:
Currently we are sending;

 Service-Type = Framed-User,
 Framed-Protocol = PPP,
 Framed-IP-Address =,
 Cisco-AVPair = "ip:inacl#0=permit tcp any eq smtp",
 Cisco-AVPair = "ip:inacl#1=permit tcp any eq smtp",
 Cisco-AVPair = "ip:inacl#2=deny tcp any any eq smtp",
 Cisco-AVPair = "ip:inacl#3=permit ip any any",
 Session-Timeout = 60567,
 Framed-MTU = 1500,
 Framed-Compression = Van-Jacobson-TCP-IP

What would we add to specify using the specific pool via RADIUS (I like that idea)

is another option to change the Virtual-Template1 to read
 peer default ip address pool myippool myippool2

then create the additional ip pool with the ip addresses we want?

Would prefer to control from RADIUS as you suggested, so would like to test both options.
daveathsAuthor Commented:
 cisco-avpair = "ip:addr-pool=myippool2"
daveathsAuthor Commented:
as an addendum, the command actually used was just the...

   peer default ip address pool myippool myippool2

...inside the virtual template I was using. the "peer pool backup" wasn't accepted by the router/ios version inside the virtual template

It is however work fine without that.
All Courses

From novice to tech pro — start learning today.