Thanks very much.. I appreciate the input from the list.
The profile looks like this currently: profile test ip virtual-router default ip unnumbered loopback 0 ip mtu 1492 ip sa-validate ip tcp adjust-mss 1460 ppp authentication virtual-router default pap ppp keepalive 120 ppp fragmentation ppp reassembly vlan auto-configure pppoe Is there anything "obvious" wrong with this? I read in the docs somewhere about an option to explicitly permit Radius to assign a subnet to a customer - is there a similar statement required to statically assign a single host address (bearing in mind that dynamic addresses are coming from a local pool) Would the ERX-Local-Interface be the Loopback0 interface in my case? It has an IP address assigned to it that is reachable etc. Thanks, Paul From: Chris Hellberg [mailto:[email protected]] Sent: Saturday, August 13, 2011 8:56 AM To: Paul Stewart; [email protected] Subject: Re: [j-nsp] Radius - Static IP / ERX It might be because you don't have an ERX-Local-Interface VSA present. If that doesn't work, double-check that it's in your profile. There're one or two unexpected cases that you need to have the unumbered loopback interface information explicitly configured. The framed netmask shouldn't be needed. Regards, Chris _____ From: Paul Stewart <[email protected]> To: [email protected] Sent: Friday, 12 August 2011, 1:35 Subject: Re: [j-nsp] Radius - Static IP / ERX Thanks.. yeah the MTU statement is legacy and in place for some other Radius authentications....;) I thought our entries had the Framed-IP-Netmask in them so will have to check again as you're right it's not there obviously... wouldn't think that would stop the IP from getting assigned but could be wrong... Take care, Paul -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Chris Adams Sent: August-11-11 2:26 PM To: [email protected] Subject: Re: [j-nsp] Radius - Static IP / ERX Once upon a time, Paul Stewart <[email protected]> said: > Getting ready to cut an ERX into production shortly and the only thing not > working is static IP assignments via Radius. According to the docs, you can > use "Framed-IP-Address" the same as we do in Cisco land today.. but it > doesn't' work. Your example entry doesn't have a Framed-IP-Netmask set, which may be required. Also, Framed-MTU is pretty much useless; since PPP is already negotiated before RADIUS authentication occurs, link MTU is already established before your Framed-MTU entry can have any affect (this has always been the case with PPP+RADIUS, but lots of examples show Framed-MTU anyway). -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
