The AAA test experiment of NAS under Pat

1. Test topology:

Http://www.cisco.com/en/US/docs/ios/12_3/12_3b/feature/guide/gt_siara.html

The link above has the following text, stating that it is only used in bookkeeping:

RADIUS servers normally check the source IP address in the "RADIUS packets to track" The RAD IUS requests and to maintain security.  The NAT or PAT solution satisfies requirements because only a single source IP address is used even though RADIUS Packets come from different NAS routers.

However, when retrieving accounting records from the RADIUS database, some billing systems use RADIUS attribute 4, Nas-ip -address, in the accounting records. The value is recorded on the NAS routers as their own IP addresses. The NAS routers are not aware to the NAT or PAT that runs between them and the RADIUS server; Therefore, different RADIUS attribute 4 addresses would be recorded in the accounting to the for users from the records T NAS routers. These addresses eventually expose different NAS routers to the RADIUS server and to the corresponding billing

2. Basic configuration:

R1:

Interface fastethernet0/0

IP address 10.1.1.1 255.255.255.0

No shut

Interface Loopback0

IP Address 1.1.1.1 255.255.255.0

IP Route 0.0.0.0 0.0.0.0 10.1.1.3

R2:

Interface fastethernet0/0

IP address 10.1.1.2 255.255.255.0

No shut

Interface Loopback0

IP address 2.2.2.2 255.255.255.0

IP Route 0.0.0.0 0.0.0.0 10.1.1.3

R3:

Interface ethernet0/0

IP address 10.1.1.3 255.255.255.0

IP nat Inside

No shut

Interface ETHERNET0/1

IP address 100.1.1.1 255.255.255.0

IP Nat Outside

No shut

Access-list Permit 10.1.1.0 0.0.0.255

IP NAT inside Source list interface ETHERNET0/1 overload