[c-nsp] VPDN multihop/forwarding not working
CiscoNSP_list CiscoNSP_list
cisconsp_list at hotmail.com
Sun Feb 3 18:01:59 EST 2013
Thanks Oli,
>
> Well, have you defined any of these other realms on the Radius server
> (with the static "cisco" password)? If you don't, and if you don't have a
> vpdn-group with a "request-dialin" matching their realm, nothing will
> break, adding the "vpdn authorization .." on those vtemplates will just
> make sure the LNS no longer sends these Radius requests (with the
> domain).. have you checked the Radius traces since you enabled vpdn
> multihop? If you have users with "@" or "/" on other vpdn-groups, you will
> see those?
>
Our current setup is - We have multiple realms all
configured on our radius server (no cisco password, just each DSL account i.e.
FNN at realm and a random system generated password), and approx 15 vpdn-groups on
our LNS that connect to the carriers LACs all accept-dialin and all using
virtual-template7 eg:
vpdn-group CARRIERLAC_1
description
CARRIERLAN1_VPDN_GROUP
accept-dialin
protocol l2tp
virtual-template 7
terminate-from
hostname CARRIERLAC_1
source-ip
xxx.xxx.xxx.xxx
local name LNS01
lcp renegotiation
always
l2tp tunnel password
xxx
ip mtu adjust
interface Virtual-Template7
description DSL
TERMINATION
ip unnumbered
Loopback7
ip flow ingress
qos pre-classify
ppp authentication
chap callin
So, we are adding a new dsl realm, connection requests for
the new realm will be coming from the same LAC's, but we want to not auth the
new realm via our existing radius server - We want our LNS to create an L2TP
tunnel to another LNS for this new realm (And then this other LNS will authenticate
the DSL tails via another radius server.
Hope that makes sense, and that Hotmail hasnt screwed up the
formatting too much!
Cheers
More information about the cisco-nsp
mailing list