[VPN] Cisco 3000 VPN Concentrators and RADIUS -- Assigned IPs
Siddhartha Jain
losttoy2000 at yahoo.co.uk
Wed Feb 26 05:00:10 EST 2003
Take a look at this. It is possible to do what you
need using a RADIUS server.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102172.html#984410
Also, this is the way it is done using Cisco ACS, so
it will give you an idea how to configure your RADIUS
server:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102172.html#984454
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008010217e.html#2050
Basically, there is a list of attributes a RADIUS
server can pass on to a user logging onto a NAS. This
list includes Client IP address among a host of other
parameters.
Hope this helps.
Siddhartha
--- David Goldsmith <dgoldsmith at sans.org> wrote: > If
I create a 'Local' user on a Cisco 3000
> Concentrator, I can assign it a
> specific IP address. The problem is there is a
> limited number of local
> users/groups that can be created on the device.
>
> If I create a 'Local' group that is authenticated
> via an external RADIUS
> server, I have an unlimited number of clients, but I
> have not found a way
> to assign static IPs. I've only been able to have
> them use the dynamically
> assigned pool.
>
> Q1) Can you configure a RADIUS server to hand back
> an IP address with the
> approved authentication request.
>
> Q2) We are using FreeRADIUS on Linux with a MySQL
> backend tied to the
> CryptoCard admin software. Assuming the
> answer to Q1 was yes, is
> it possible to do it under this specific
> configuration?
>
> Thanks,
> Dave Goldsmith
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
More information about the VPN
mailing list