> >2. How do I advertise this route? I'm assuming that if I setup a...
>
> Radius.
>
> eris Password = "Kallisti"
> User-Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 23.5.42.1,
> Framed-Netmask = 255.255.255.0,
> Framed-Routing = Broadcast-Listen,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP,
> Framed-Filter = "std.ppp",
> Framed-Route = "23.5.42.0 23.5.42.1 1"
Ok...why is the Framed-Route necessary? Why doesn't the pm realize that
the netmask of 255.255.255.0 implies that there's a Class C on the other
side (so it should advertise such with RIP)?
>
> Something like that - the important parts are the address, netmask, and
> route. You can turn routing off, whatever you need. The route will be
> added for the PM for the duration of the connection, which means no
> entries on the PM itself and no problems with multiple PMs.
>
> -MZ
> --
> Livingston Enterprises Technical Support
> Phone: 800-458-9966 FAX: 510-426-8951
> support@livingston.com <http://www.livingston.com/>
> 6920 Koll Center Parkway #220, Pleasanton, CA 94566
>
More generally, the "Framed-Netmask" SHOULD be sufficient to handle
subnets that happen to be smaller than a Class C, as well. As I see it,
the "Framed-Netmask" must apply either to the LAN containing the pm
itself, or the LAN containing the remote dial-up machine. If it applies
to the pm's LAN, then it should only be set once in the pm, and NOT on a
per-user basis. So it must apply to the REMOTE LAN, meaning that
"Framed-Netmask=255.255.255.240" should be enough for the pm to realize
that the route it should advertise is
a.b.c.17/255.255.255.240 -> pm1, for hosts a.b.c.16-a.b.c.31
but, apparently, it isn't. As a matter of fact, it seems that currently,
the netmask in the advertised routes are 255.255.255.0 no matter WHAT I
put in the users file. (Shouldn't they be 255.255.255.255 (single host)
for the typical user? My RADIUS is slightly hacked, but I don't think we
broke the handling of the attributes - all other attributes seem to
function normally. Somehow, this manages to work properly anyway.)
At any rate: Ok so something doesn't work the way I expect, and you have
to use this "Framed-Route" thing. Fine. So I stick that in the users
file and chalk the whole thing up to experience. At least its still done
in RADIUS. This works fine for a full class C; BUT: For the 16-ip subnet
above, where do we put the netmask???? Well, the netmask table of
course--IN THE PM's. Notice the "'s". This has to be put in the netmask
table for every single PM?!?!? What happened to the nice centralized
RADIUS attributes, etc?
This situation has frustrated me, but I'm sure there must be something
I'm missing. We have a growing number of subnetted class C's (since the
pm's don't support variable length subnetting) and a growing number of
pm's, and it's a pain to configure these things in each pm that should be
handled by RADIUS. What is the *RIGHT* way to do this?
Michael Nerone | Internet Direct, Inc. | http://www.txdirect.net
nerone@txdirect.net | 722-B Isom Rd. | Please direct all queries
| San Antonio, TX 78216 | to sales@txdirect.net.
| Voice: (210)308-9800 | Direct all tech questions
| Fax: (210)308-9240 | to support@txdirect.net
Any opinions expressed herein are my own and do
not necessarily reflect those of my employer.