Solved

AS5300 - Dialup client is not recieving the proper gateway!

Posted on 2006-06-14
15
681 Views
Last Modified: 2011-10-03
Hi,

Here is the network topo :

Client --> Dual-E1 --> Cisco AS5300  --> Radiator Radius --> Internet

Now today, the client connects to the NAS, authenticates & he recieves an IP from an ip local pool range. He also recieves the
DNS server, there is only 1 tiny issue.

The Client does not get an appropriate "Default Gateway" :

Ip Address : 213.xxx.175.38
Default Mask: 255.255.255.255
Default Gateway : 213.xxx.175.38

Honestly, I'm no cisco expert, you might find my questions dumb, but trust me they are worth
500 points.

Attached is my current cisco conf :

Building configuration...

Current configuration : 3351 bytes
!
version 12.1
service config
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname nas_test
!
logging console errors
aaa new-model
aaa authentication ppp ppp_auth_mth group radius
aaa authentication ppp ppp_auth_mth_local local
aaa authentication ppp test group radius
aaa accounting update newinfo
aaa accounting network default start-stop group radius
enable password 7 xxxxxxxxxxxxxxxxxxxxxx
!
username testnbayle password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
username admin-local password 7 xxxxxxxxxxxxxxxxxxxxxxxx
spe 1/0 2/9
 firmware location flash:mica-modem-pw.2.7.2.2.bin
!
!
resource-pool disable
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip name-server 213.xxx.172.1
ip name-server 213.xxx.20.3
!
isdn switch-type primary-net5
mta receive maximum-recipients 0
!
controller E1 0
 clock source line primary
!
controller E1 1
 clock source line secondary 1
!
controller E1 2
 clock source line secondary 2
!
controller E1 3
 clock source line secondary 3
!
controller E1 4
 clock source line secondary 4
!
controller E1 5
 clock source line secondary 5
!
controller E1 6
 framing NO-CRC4
 clock source line secondary 7
 pri-group timeslots 1-31
!
controller E1 7
 framing NO-CRC4
 clock source line secondary 7
 pri-group timeslots 1-31
!
!
!
!
!
interface Loopback0
 ip address 213.xxx.175.62 255.255.255.224
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 no ip address
 shutdown
 no fair-queue
 clockrate 2015232
!
interface Serial1
 no ip address
 shutdown
 no fair-queue
 clockrate 2015232
!
interface Serial2
 no ip address
 shutdown
 no fair-queue
 clockrate 2015232
!
interface Serial3
 no ip address
 shutdown
 no fair-queue
 clockrate 2015232
!
interface Serial6:15
 description Interface pour les free : vers xx60572624
 no ip address
 encapsulation ppp
 isdn switch-type primary-net5
 isdn incoming-voice modem
!
interface Serial7:15
 description Interface pour les forfaits : vers xx68572624
 no ip address
 encapsulation ppp
 isdn switch-type primary-net5
 isdn incoming-voice modem
!
interface FastEthernet0
 ip address 213.xxx.160.33 255.255.255.224
 duplex auto
 speed auto
!
interface Group-Async6
 description Interface pour les free : vers xx60572624
 ip unnumbered Loopback0
 encapsulation ppp
 no ip mroute-cache
 async mode dedicated
 peer default ip address pool pool_client_free
 ppp authentication pap ppp_auth_mth
 group-range 181 210
!
interface Group-Async7
 description Interface pour les forfaits : vers xx68572624
 ip unnumbered Loopback0
 encapsulation ppp
 no ip mroute-cache
 async mode dedicated
 peer default ip address pool pool_client_forfait
 ppp authentication pap ppp_auth_mth
 group-range 211 240
!
ip local pool pool_client_forfait 213.xxx.175.33 213.xxx.175.61
ip local pool pool_client_free 213.xxx.175.1 213.xxx.175.30
ip classless
ip route 0.0.0.0 0.0.0.0 213.xxx.160.62
no ip http server
!
snmp-server community public RO
!
radius-server host 213.xxx.172.7 auth-port 1645 acct-port 1646 non-standard
radius-server retransmit 3
radius-server attribute 44 include-in-access-req
radius-server key bijorvinson!
!
line con 0
line 1 180
line 181 210
 no exec
 no flush-at-activation
 modem Dialin
 rotary 6
 autohangup
line 211 240
 no exec
 no flush-at-activation
 modem Dialin
 rotary 7
 autohangup
line aux 0
line vty 0 4
!
end
0
Comment
Question by:umoorjani
  • 8
  • 4
15 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16907995
On the client, do you have "Use default gateway on remote network " checked in the dialup configuration?

Do I get a bag of Maui onions if I help you?
0
 

Author Comment

by:umoorjani
ID: 16908273
hehe :) , on the dial up connection the "Use default gateway on remote network" is set already.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16912879
The only other thing I can think of is perhaps your radius configuration needs to be altered somehow. I can't see anything wrong with your configuration.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16912914
If only I was getting onions, I might think of something else...

just kidding!

I compared your config with examples on Cisco's web site and as I said, the Cisco part looks fine. Have you tried it using local authentication or just with radius?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16912934
One other thing- when you say the client doesn't get an appropriate default gateway- do you mean he doesn't get one at all, or that he gets his own address as a default gateway? If the latter, does it work?
0
 

Author Comment

by:umoorjani
ID: 16913560
I tried using it with radius authentication, to be precise, the radiusd is Radiator (http://www.open.com.au/radiator/)
I am really troubled with this.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16913821
What about my other question?
0
 

Author Comment

by:umoorjani
ID: 16913892
it get's his own ip address as his default-gateway. I want it to get the router ip address.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16914072
The reason I asked is that the IP address has a 32-bit mask. That means it can only be it's own default gateway. So it's doing what it should be doing as far as that goes. So the big question is, Does it work?
0
 

Author Comment

by:umoorjani
ID: 16914660
It does not work that is for sure, what mask should I use for this to work ? A simple 255.255.255.0 would do ?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16921677
The mask defines the network. The client address and the gateway have to be in the same network.

the only thing I can think of, though it doesn't match the Cisco example, is to:

Make the mask on the loopback1 address bigger, so that the pool address range is a part of the loopback1 subnet. Then you can try making the default gateway the same as the loopback address.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 16921725
Here's an example that inlcudes the Radius piece:
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080093c78.shtml

The radius part is basic. I'm assuming that radiator is similar to other open-source radius implementations, I haven't used it. But I seem to remember that you can speicify a subnet mask and default gateway there. If the above works manually, then you can configure radius to send the client the correct mask and default gateway.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now