Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NAS
multiple ip pool on the same nas
r.tahina at dts
Mar 3, 2004, 8:59 PM
Post #1 of 7 (1782 views)
Permalink
Hi,

How can I use 2 different ip pool on an as5300?

Regards.
RE: multiple ip pool on the same nas [ In reply to ]
oboehmer at cisco
Mar 3, 2004, 10:58 PM
Post #2 of 7 (1769 views)
Permalink
>
> How can I use 2 different ip pool on an as5300?

ip local pool POOL-A <start-ip> <end-ip>
ip local pool POOL-B <start-ip> <end-ip>

and then assign the appropriate pool by name using Radius (cisco-avpair
= "ip:addr-pool=POOL-A") or via interface config on vtemplate,
group-async, etc. ("peer default ip address pool POOL-A")

oli
RE: multiple ip pool on the same nas [ In reply to ]
r.tahina at dts
Mar 8, 2004, 6:52 AM
Post #3 of 7 (1773 views)
Permalink
Thanks,
it works fine but I also have another question:

I use a radius server for aaa, is there a way to assign a specific user, eg
guest an IP address not from the local pool nor from radius server?

Kind regards.


At 06:58 04/03/04 +0100, you wrote:
> >
> > How can I use 2 different ip pool on an as5300?
>
>ip local pool POOL-A <start-ip> <end-ip>
>ip local pool POOL-B <start-ip> <end-ip>
>
>and then assign the appropriate pool by name using Radius (cisco-avpair
>= "ip:addr-pool=POOL-A") or via interface config on vtemplate,
>group-async, etc. ("peer default ip address pool POOL-A")
>
> oli
RE: multiple ip pool on the same nas [ In reply to ]
oboehmer at cisco
Mar 8, 2004, 7:07 AM
Post #4 of 7 (1771 views)
Permalink
> I use a radius server for aaa, is there a way to assign a specific
> user, eg guest an IP address not from the local pool nor from radius
> server?

Hmm, I'm not sure I understand your question. You want to assign a
specific IP, but don't want to use radius nor local pools? Not sure what
you mean..

oli

>
>
> At 06:58 04/03/04 +0100, you wrote:
> > >
> > > How can I use 2 different ip pool on an as5300?
> >
> > ip local pool POOL-A <start-ip> <end-ip>
> > ip local pool POOL-B <start-ip> <end-ip>
> >
> > and then assign the appropriate pool by name using Radius
> > (cisco-avpair = "ip:addr-pool=POOL-A") or via interface config on
> > vtemplate, group-async, etc. ("peer default ip address pool POOL-A")
> >
> > oli
RE: multiple ip pool on the same nas [ In reply to ]
r.tahina at dts
Mar 8, 2004, 7:19 AM
Post #5 of 7 (1808 views)
Permalink
Can I use one local pool for users and and another local pool for a
specific user?

guest users are granted specific services such as viewing only our home
page and nothing else.
an access-list will be applied to the second pool.

Rivo.

At 15:07 08/03/04 +0100, you wrote:
> > I use a radius server for aaa, is there a way to assign a specific
> > user, eg guest an IP address not from the local pool nor from radius
> > server?
>
>Hmm, I'm not sure I understand your question. You want to assign a
>specific IP, but don't want to use radius nor local pools? Not sure what
>you mean..
>
> oli
>
> >
> >
> > At 06:58 04/03/04 +0100, you wrote:
> > > >
> > > > How can I use 2 different ip pool on an as5300?
> > >
> > > ip local pool POOL-A <start-ip> <end-ip>
> > > ip local pool POOL-B <start-ip> <end-ip>
> > >
> > > and then assign the appropriate pool by name using Radius
> > > (cisco-avpair = "ip:addr-pool=POOL-A") or via interface config on
> > > vtemplate, group-async, etc. ("peer default ip address pool POOL-A")
> > >
> > > oli
RE: multiple ip pool on the same nas [ In reply to ]
jc at isnet
Mar 8, 2004, 7:31 AM
Post #6 of 7 (1774 views)
Permalink
On Mon, 8 Mar 2004, Rivo Tahina RAZAFINDRATSIFA wrote:

> Can I use one local pool for users and and another local pool for a
> specific user?
>
> guest users are granted specific services such as viewing only our home
> page and nothing else.
> an access-list will be applied to the second pool.

yes you can create various ip pools on the nas and then via radius use

Cisco-AVPair = "ip:addr-pool=name_of_pool",

in order to assign to diff group of people

j.
RE: multiple ip pool on the same nas [ In reply to ]
oboehmer at cisco
Mar 8, 2004, 7:37 AM
Post #7 of 7 (1781 views)
Permalink
> Can I use one local pool for users and and another local pool for a
> specific user?

well, of course, just define two pools and then include

cisco-avpair = "ip:addr-pool=GUESTPOOL"

to your guest's profile and a different pool to your regular users. or
do you mean s/th different?


> guest users are granted specific services such as viewing only our
> home page and nothing else.
> an access-list will be applied to the second pool.

But if you're only concerned about resticting access, you can also apply
per-user access-list via radius:

cisco-pavpair = "ip:inacl#1=permit tcp any host x.x.x.x eq 80",
cisco-pavpair = "ip:inacl#2=permit udp any any eq 53"

Tx,

oli

>
> Rivo.
>
> At 15:07 08/03/04 +0100, you wrote:
> > > I use a radius server for aaa, is there a way to assign a specific
> > > user, eg guest an IP address not from the local pool nor from
> > > radius server?
> >
> > Hmm, I'm not sure I understand your question. You want to assign a
> > specific IP, but don't want to use radius nor local pools? Not sure
> > what you mean..
> >
> > oli
> >
> > >
> > >
> > > At 06:58 04/03/04 +0100, you wrote:
> > > > >
> > > > > How can I use 2 different ip pool on an as5300?
> > > >
> > > > ip local pool POOL-A <start-ip> <end-ip>
> > > > ip local pool POOL-B <start-ip> <end-ip>
> > > >
> > > > and then assign the appropriate pool by name using Radius
> > > > (cisco-avpair = "ip:addr-pool=POOL-A") or via interface config
> > > > on vtemplate, group-async, etc. ("peer default ip address pool
> > > > POOL-A")
> > > >
> > > > oli

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal