Re: Passing Radius attribute to Cisco 7304
On Tue 15 Aug 2006 10:15, John Williams wrote: Hi all We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some problems We are sorry to hear that. Have you tried asking someone for help with your problem? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpN4DK1M4dQA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Passing Radius attribute to Cisco 7304
Ok for some reason the whole email I typed didn't send, just the first line. Lets try again. Right we have just upgraded our 7204 to a 7304. We just copied the config across to the 7304 more or less. We send a Radius attribute to certain users that will assign a route map to direct their web traffic to our proxy server. This worked fine on the 7204 but no longer does on the 7304. The attribute we send is: ## ip policy route-map proxy-redirect ## Which assigns the route map: ## route-map proxy-redirect-new permit 10 match ip address 110 set ip next-hop 192.168.1.33 ## Which is controlled by the access list: ## access-list 110 deny ip 192.168.1.0 0.0.0.15 any access-list 110 permit tcp any any eq www access-list 110 deny ip any any ## The Radius debug on the router shows: ## RADIUS: cisco AVPair lcp:interface-config= ip policy route-map proxy-redirect not applied for ip ## Not sure why it's no longer assigning the route map. If I do a show derived-config interface virtual Interface for the user that should be assigned the route map it doesn't show it being assigned. Likewise our proxy logs no longer show anyone accessing the proxy. Has anyone got any ideas or come across the error before when assign Radius attributes to a user? Thanks John -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of John Williams Sent: 15 August 2006 08:15 To: freeradius-users@lists.freeradius.org Subject: Passing Radius attribute to Cisco 7304 Hi all We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some problems -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing Radius attribute to Cisco 7304
Hi John This looks like something you should take up with Cisco TAC as the cisco quite clearly says thats its not applying the attribute you are sending it. Cheers Peter On Tue 15 Aug 2006 16:18, John Williams wrote: Ok for some reason the whole email I typed didn't send, just the first line. Lets try again. Right we have just upgraded our 7204 to a 7304. We just copied the config across to the 7304 more or less. We send a Radius attribute to certain users that will assign a route map to direct their web traffic to our proxy server. This worked fine on the 7204 but no longer does on the 7304. The attribute we send is: ## ip policy route-map proxy-redirect ## Which assigns the route map: ## route-map proxy-redirect-new permit 10 match ip address 110 set ip next-hop 192.168.1.33 ## Which is controlled by the access list: ## access-list 110 deny ip 192.168.1.0 0.0.0.15 any access-list 110 permit tcp any any eq www access-list 110 deny ip any any ## The Radius debug on the router shows: ## RADIUS: cisco AVPair lcp:interface-config= ip policy route-map proxy-redirect not applied for ip ## Not sure why it's no longer assigning the route map. If I do a show derived-config interface virtual Interface for the user that should be assigned the route map it doesn't show it being assigned. Likewise our proxy logs no longer show anyone accessing the proxy. Has anyone got any ideas or come across the error before when assign Radius attributes to a user? Thanks John -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of John Williams Sent: 15 August 2006 08:15 To: freeradius-users@lists.freeradius.org Subject: Passing Radius attribute to Cisco 7304 Hi all We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some problems -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpX5Ak5eoJUv.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Passing Radius attribute to Cisco 7304
Yes I would agree normally. But we don't currently have a valid support contract for the Cisco so I'm hoping someone may have come across this before or maybe familiar with the 7304. John -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: 15 August 2006 15:21 To: FreeRadius users mailing list Subject: Re: Passing Radius attribute to Cisco 7304 Hi John This looks like something you should take up with Cisco TAC as the cisco quite clearly says thats its not applying the attribute you are sending it. Cheers Peter On Tue 15 Aug 2006 16:18, John Williams wrote: Ok for some reason the whole email I typed didn't send, just the first line. Lets try again. Right we have just upgraded our 7204 to a 7304. We just copied the config across to the 7304 more or less. We send a Radius attribute to certain users that will assign a route map to direct their web traffic to our proxy server. This worked fine on the 7204 but no longer does on the 7304. The attribute we send is: ## ip policy route-map proxy-redirect ## Which assigns the route map: ## route-map proxy-redirect-new permit 10 match ip address 110 set ip next-hop 192.168.1.33 ## Which is controlled by the access list: ## access-list 110 deny ip 192.168.1.0 0.0.0.15 any access-list 110 permit tcp any any eq www access-list 110 deny ip any any ## The Radius debug on the router shows: ## RADIUS: cisco AVPair lcp:interface-config= ip policy route-map proxy-redirect not applied for ip ## Not sure why it's no longer assigning the route map. If I do a show derived-config interface virtual Interface for the user that should be assigned the route map it doesn't show it being assigned. Likewise our proxy logs no longer show anyone accessing the proxy. Has anyone got any ideas or come across the error before when assign Radius attributes to a user? Thanks John -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of John Williams Sent: 15 August 2006 08:15 To: freeradius-users@lists.freeradius.org Subject: Passing Radius attribute to Cisco 7304 Hi all We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some problems -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing Radius attribute to Cisco 7304
Hmmm.. Well, as this is clearly a cisco problem and not FreeRADIUS (according to your logs) you will probably get more love from a cisco mailing list ([EMAIL PROTECTED] for example). I unfortunately have not come across the problem before. Cheers Peter On Tue 15 Aug 2006 17:37, John Williams wrote: Yes I would agree normally. But we don't currently have a valid support contract for the Cisco so I'm hoping someone may have come across this before or maybe familiar with the 7304. John -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: 15 August 2006 15:21 To: FreeRadius users mailing list Subject: Re: Passing Radius attribute to Cisco 7304 Hi John This looks like something you should take up with Cisco TAC as the cisco quite clearly says thats its not applying the attribute you are sending it. Cheers Peter On Tue 15 Aug 2006 16:18, John Williams wrote: Ok for some reason the whole email I typed didn't send, just the first line. Lets try again. Right we have just upgraded our 7204 to a 7304. We just copied the config across to the 7304 more or less. We send a Radius attribute to certain users that will assign a route map to direct their web traffic to our proxy server. This worked fine on the 7204 but no longer does on the 7304. The attribute we send is: ## ip policy route-map proxy-redirect ## Which assigns the route map: ## route-map proxy-redirect-new permit 10 match ip address 110 set ip next-hop 192.168.1.33 ## Which is controlled by the access list: ## access-list 110 deny ip 192.168.1.0 0.0.0.15 any access-list 110 permit tcp any any eq www access-list 110 deny ip any any ## The Radius debug on the router shows: ## RADIUS: cisco AVPair lcp:interface-config= ip policy route-map proxy-redirect not applied for ip ## Not sure why it's no longer assigning the route map. If I do a show derived-config interface virtual Interface for the user that should be assigned the route map it doesn't show it being assigned. Likewise our proxy logs no longer show anyone accessing the proxy. Has anyone got any ideas or come across the error before when assign Radius attributes to a user? Thanks John -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of John Williams Sent: 15 August 2006 08:15 To: freeradius-users@lists.freeradius.org Subject: Passing Radius attribute to Cisco 7304 Hi all We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some problems -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpCNl2deNPTq.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html