[c-nsp] PPPoE -> VRF Virtual Templates
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Mar 3 09:05:32 EST 2006
Tim Franklin <> wrote on Friday, March 03, 2006 1:03 PM:
> Hi all,
>
>> int virtual-template1
>> no ip address
>> no peer default ip address
>> ppp authentication chap pap ..
>> !
>> ! you need the "group .." only when you have overlapping pool
>> addresses ip local pool crocker-pool <start> <end> group crocker.com
>> ip local pool acme-pool <start> <end> group acme.com
>>
>> a Radius profile for a user would then include
>>
>> Cisco-avpair = "lcp:interface-config#1=ip vrf forwarding
>> crocker.com" Cisco-avpair = "lcp:interface-config#2=ip unnumbered
>> lo100" Cisco-avpair = "ip:addr-pool=crocker-pool"
>>
>> and similar for acme.
>
> Is it possible to do the same or similar for users coming reaching the
> router from the Cisco VPN client rather than a PPP session. We
> currently have:
>
> crypto isakmp client configuration group <group-name>
> key <preshared-key>
> pool clientpool
>
> ip local pool clientpool <first-ip-address> <last-ip-address>
>
> On the VPN termination router, but I now have a request for different
> users to be given addresses from different pools. All the
> infrastructure is in place to push back per-domain or per-user
> AV-pairs, I'm just looking to confirm which AV-pair will do the right
> thing for a VPN client...
yes, you can use
Cisco-avpair = "ipsec:addr-pool=<pool-name>"
to assign a different addr-pool. see also
http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/aswan15/sig
/sig_06.htm
VRF assignment via Radius is not possible, though..
oli
More information about the cisco-nsp
mailing list