The only thing I do at our end to configure a static subnet for a client is to enter the client router's ip address into the user table along with the client's subnet mask. I do not enter anything in the framed-route field. My TC's are configured to share RIP routes with each other, but not the core Cisco router (had problems overloading the router at 30 second intervals before). The Cisco directs traffic to each chassis by static routes. Nothing fancy going on and it works. Other than adding the customer to the user table and creating a static route in the core router everything else is done at the client side. I've used NetGear, Ascend, Cisco, Netopia, and WebRamp routers on the client side with this configuration, and probably a few I haven't been told about. Mark Thornton San Marcos Internet, Inc 512-393-5300 ----- Original Message ----- From: "Scot Desort" <scot@njaccess.net> To: <usr-tc@lists.xmission.com> Sent: Tuesday, May 29, 2001 9:58 PM Subject: Re: (usr-tc) Routing a subnet to an ISDN dialup customer
Marshall / Mike Green-
Well, I did not fair too well today trying to get the client in question functioning. Client is now using a Cisco 776M ISDN router. Their Netopia was having ISDN problems.
First I tried your suggestion Marshall. I simply assigned the customer a static WAN IP through a radius profile, assigned that IP to the WAN link in their Cisco, and setup their LAN netblock. The router connects and authenticates fine, the router can ping out to the TC, and the TC can ping the static WAN IP. But a client on the remote LAN cannot ping beyond the Cisco router, and we could not ping into the client LAN IP's. Per your instructions, no route commands were entered on the TC, since you indicated that proxy arp would take care of it. Since that didn't work, I issued this command to the TC:
add ip route <cust-netblock/netmask> gateway <static-WAN-IP> metric 1
No effect.
I then tried Mike Green's approach. I assigned a static WAN IP through their radius profile, and included a framed route atrribute:
Framed-Route <cust-netblock/netmask> <static-WAN-IP> 1
I also entered the same 'add ip route' statement into the TC. Same effect - we could only ping back and forth between the router and the TC using the WAN IP.
When I issued a 'list ip routes" command at the TC, it showed the following
<cust-netblock/netmask> NetMgr <static-WAN-IP> 1 <slotx:modx>
I contacted Cisco who telnetted into the 776 to see if all was setup OK. After many hours, it is their best guess that something is wrong with the routing in the TC. If we turn on NAT in the 776, all stations on the customer LAN can browse since they are now being masked behind the static WAN IP, which is routing properly.
I have all of my internal routers configured properly to route the customer's netblock to the TC through static route statements. All traceroutes from the outside show proper transit until the TC. The last good hop is the TC's ethernet port, then it dies.
If either of you (or anyone else for that matter) has any ideas, I'll try anything at this point. All of our dedicated ISDN customer's with public LAN netblocks come into BRI cards in our Cisco routers, so this has always been a no-brainer on the Cisco's. We use Verizon ISDN Centrex for these customers delivered over standard BRI lines because our normal dialup PRI's that come into the TC are provided by a CLEC, and we can't get ISDN Centrex through them for our customers.
TIA,
-- Scot
----- Original Message ----- From: "Marshall Morgan" <marshall@netdoor.com> To: <usr-tc@lists.xmission.com> Sent: Tuesday, May 15, 2001 1:29 PM Subject: Re: (usr-tc) Routing a subnet to an ISDN dialup customer
Let us know how it goes!
Marshall Morgan
Internet Doorway, Inc (aka NETDOOR) http://www.netdoor.com
601.969.1434 x28 | 800.952.1570 x28 | 601.969.3629 x28 | Fax 601.969.3838 ----- Original Message ----- From: "Scot Desort" <scot@njaccess.net> To: <usr-tc@lists.xmission.com> Sent: Monday, May 14, 2001 1:16 PM Subject: Re: (usr-tc) Routing a subnet to an ISDN dialup customer
Marshall,
I read your original post. And in my subsequent posts, it should have been a little obvious that I was having a little trouble following your example based on my follow-up questions.
I do not doubt your past contributions to the list.
I do appreciate you taking the time to answer my original question, and will try to implement your answer to my routing question when I am at the customer site this week, having Mike Green's example as a backup (or vice-versa, depending...).
Thanks again,
-- Scot
----- Original Message ----- From: "Marshall Morgan" <marshall@netdoor.com> To: <usr-tc@lists.xmission.com> Sent: Sunday, May 13, 2001 1:49 AM Subject: Re: (usr-tc) Routing a subnet to an ISDN dialup customer
Scott,
Please read my original post - it contains all the necessary elements to get the job done. I have tried to be more clean in this email.
You said: "What configuration steps do I need to take on the TC to allow it to assign this block to this dialup customer?"
Answer is a Radius Entry (only as nothing is needed on the TC but you can if you wish do what Mike Greene stated):
username Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.1.200, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = Van-Jacobson-TCP-IP, Port-Limit = 2, Idle-Timeout = 1200, Session-Timeout = 28800, Framed-MTU = 1500
As well, you stated: "Note that I am not running RIP. This customer will ALWAYS hit this particular TC, so there is no need to announce the route. I will manually route the block to the TC."
Answer is: So that means you do not want to announce the route via any routing method and you will be manually routing (via the Cisco I assume) the block to it (in this case) the static the customer gets from the Radius profile.
Since you will be routing them a network, not using a routing protocol to announce it, and only have a single TC, just give them a static IP on the TC Lan and let proxy arp do it's thing.
TC GW 192.168.1.1 TC IP 192.168.1.2 TC POOL whatever
on user's machine :
User Static IP 192.168.1.200 (PPP WAN DEVICE IP) - I would ask them to set their software to dynamic as you will give it to them via Radius anyway - make their setup simplier. User Ethernet IP 192.168.20.1 (LAN DEVICE IP)
on GW router (assume a Cisco):
ip route 192.168.20.0 255.255.255.224 192.168.1.200
(so net is 192.168.20.0/27)
I hope this better explains what works in the field and how easy your setup can be.
PS: I have probably been on this list as long as other active members - I even have some of David Bolen's old email marked. I would like to think I have been very helpful to many people as well both now and in the past ;-)
Marshall Morgan
Internet Doorway, Inc (aka NETDOOR) http://www.netdoor.com
601.969.1434 x28 | 800.952.1570 x28 | 601.969.3629 x28 | Fax 601.969.3838
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.