[c-nsp] LNS av-pair vrf
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Nov 11 03:58:33 EST 2011
> I have an ASR functioning as a LNS, the LNS is configured as a PE
router as
> well.
> I need to assign certain users to their proper VRF through the AAA
server as
> it should be applied on the virtual-access interface.
> So what is the av-pair syntax required to accomplish this and the
> configuration required from the ASR also.
the VRF itself as well as an "interface Loopback <n>" belonging to this
VRF need to be defined on the ASR, and you need to nable Radius
authorization (i.e. "aaa authorization network default group radius" or
something like this). You need to define a virtual-template (I guess you
already have one for your other users).
Then you can include the below attributes to assign the user(s) to the
VRF:
Cisco-Avpair = "ip:vrf-id=<vrf-name>",
Cisco-Avpair = "ip:ip-unnumbered=Loopback<n>",
There is also the Cisco-Avpair="lcp:interface-config=ip vrf forwarding
...\nip unnumbered ..." way of assigning vrf membership, but the former
is more effecient...
oli
More information about the cisco-nsp
mailing list