We've always considered the WAN and LAN to be different objects so our history is to prefer the method you think is 'better.' Seems this model has been around since the dialin days. We also have customers with multiple routes so it seems a logical separation. Failover might be a bit more flexible too since you can control some parameters of the Framed Route. I know some people use RFC1918 addresses for WAN which might be a factor (we do not). Perhaps in some network strategies the lines between WAN and LAN may be a bit more blurred than ours. George On Mar 8, 2010, at 6:10 PM, Erik L wrote:

Scenario: with the help of RADIUS, routing subnets to end users connecting via PPP.

Discussion: pros/cons of using Framed-IP-Address+Framed-Route versus Framed-IP-Address+Framed-IP-Netmask.

We're talking here in generic terms, so as far as the behaviour of the LNS or access concentrator or whatever else is receiving the Access-Accept and terminating the ppp session, we're assuming more or less sane behaviour, roughly as follows. In the first alternative, the IP address on the ppp link is outside the subnet indicated by Framed-Route and one or more subnets are routed via the link; one such subnet per Framed-Route attrib. In the second alternative, the one subnet routed is that which contains the Framed-IP-Address and is as large as the Framed-IP-Netmask indicates.

I'm arguing to a colleague that the first alternative is "better", non-/32 netmasks on a ppp link make no sense (since netmasks on point-to-point links don't matter anyway), that the second alternative doesn't allow users to make use of their allocated space as easily and effectively as the first alternative, and that the second alternative is limited to routing one subnet (though you might be able to mix Framed-IP-Netmask and Framed-Route together?).

Comments? How are others doing it and why?

Erik