[c-nsp] Problems with multiple VPDN hops

[Steve McCrory]

Hi Pshem,

Thanks for you reply.

It seems that our radius and vpdn-group configurations were correct but
we were missing the 'vpdn authen-before-forward' command on the middle
LNS which was causing the problem.

Thanks again for your input.

Regards

Steven
 
Steven McCrory
 
Senior Network Engineer
 
Netservices PLC
Waters Edge Business Park
Modwen Road
Manchester, M5 3EZ
 
www.netservicesplc.com

-----Original Message-----
From: Pshem Kowalczyk [mailto:pshem.k at gmail.com] 
Sent: 26 April 2009 21:07
To: Steve McCrory
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Problems with multiple VPDN hops

Hi,

{cut}

> Based on this information, do you have any further suggestions and are
> you able to supply example configs of your own setup?

Please see here - both LTS in our example have exactly the same vpdn
config:

vpdn-group L2TP-wholesale
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
 vpn vrf InternalL2TP
 local name akl-mdr-lts1
 lcp renegotiation always
 l2tp tunnel hello 300
 l2tp tunnel password 0 xxxxxxxxxxxxxxxx
 l2tp tunnel timeout no-session 1800
 l2tp tunnel retransmit retries 7
 l2tp tunnel retransmit timeout min 2
 l2tp tunnel retransmit timeout max 5

and corresponding radius config:

DEFAULT Service-Type == Outbound-User, User-Name =~ "^host:",
NAS-Identifier =~ "^akl-mdr-lts1", Auth-Type := Accept
        Cisco-AVPair += "vpdn:ip-addresses=10.119.255.93/10.119.255.92",
        Cisco-AVPair += "vpdn:tunnel-type=l2tp",
        Cisco-AVPair += "vpdn:vpn-vrf=InternalL2TP",
        Cisco-AVPair += "vpdn:l2tp-tunnel-password=xxxxxxxxxxxxxxxx"


(the second layer of LTSes only differ in names and ip addresses)


kind regards
Pshem

--------
NetServices plc, Company No. 4178393,
Registered Office: NetServices House, 31 Modwen Road,
Waters Edge Business Park, SALFORD, M5 3EZ
--------