Manualshelf

Specifications

ManualsBrandsMotorola ManualsComputer equipmentV3229 - 14.4 Kbps Modem
231232233234235236237238239240
Configuring per-User Configuration
Per-User Configuration Overview
DC-682
Cisco IOS Dial Technologies Configuration Guide
On a TACACS+ server, the entries for an IP address pool and a user of the pool might be as follows:
user = nas1-pools {
service = ppp protocol = ip {
pool-def#1 = "aaa 10.0.0.1 10.0.0.3"
pool-def#2 = "bbb 10.1.0.1 10.1.0.10"
pool-def#3 = "ccc 10.2.0.1 10.2.0.20"
pool-timeout=60
}
}
user = georgia {
login = cleartext lab
service = ppp protocol = ip {
addr-pool=bbb
}
}
On a RADIUS server, the entries for the same IP address pool and user would be as follows:
nas1-pools Password = “cisco” User-Service-Type=Outbound-User
cisco-avpair = "ip:pool-def#1=aaa 10.0.0.1 10.0.0.3",
cisco-avpair = "ip:pool-def#2=bbb 10.1.0.1 10.1.0.10",
cisco-avpair = "ip:pool-def#3=ccc 10.2.0.1 10.2.0.20",
cisco-avpair = "ip:pool-timeout=60”
georgia Password = “lab”
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = “ip:addr-pool=bbb”
Note This entry specifies a User-Service-Type of Outbound-User. This attribute is supplied by the network
access server to prevent ordinary logins from using the well-known username and password
combination of nas1-pools/cisco.
Pools downloaded to a Cisco network access server are not retained in nonvolatile memory and
automatically disappear whenever the access server or router restarts. Downloaded pools can also be
made to time out automatically by adding a suitable AV pair. For more information, see the section
“Supported Attrubutes for AV Pairs” and the pool-timeout attribute in Table 37. Downloaded pools are
marked as dynamic in the output of the show ip local pool command.
Deleting Downloaded Pools
To delete downloaded pools, you can do either of the following:
Manually delete the definition from the network access server. For example, if “bbb” is the name of
a downloaded pool, you can enter the Cisco IOS no ip local pool bbb command.
Deleting a pool definition does not interrupt service for current users. If a pool is deleted and then
redefined to include a pool address that is currently allocated, the new pool understands and tracks
the address as expected.
Set an AV pair pool-timeout value; this is a more desirable solution.
The pool-timeout AV pair starts a timer when the pool is downloaded. Once the timer expires, the
pools are deleted. The next reference to the pools again causes an authorization call to be made, and
the pool definition is downloaded again. This method allows definitions to be made and changed on
the AAA server and propagated to network access servers.