[cisco-bba] vpdn multihop

Eric Laporte eric.laporte at deckpoint.com
Tue Jul 29 17:24:24 EDT 2003


Hello,

We would like to implement a vpdn multihop switch using radius attributes on a 7204vxr router acting as LNS.
The LNS should in normal condition simply terminate PPPoE clients overt L2TP (this works already) and depending on the user id ( not
domain.. ) we'd like to forward to another LNS using multihop.

is it possible to do that at all?

multihop documentation only mentions domain, hostname and dnis matching.


The following configuration we tried gives us errors that we don't understand:
RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp

thanks,
Eric


--- multihop router configuration -------------------------------------------------------------

ip address-pool local
virtual-profile virtual-template 1
multilink virtual-template 7
vpdn enable
vpdn multihop
!
vpdn-group incoming
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 lcp renegotiation on-mismatch
!
vpdn-group out_test
 request-dialin
  protocol l2tp
!
interface Virtual-Template1
 ip unnumbered FastEthernet0/0
 peer default ip address pool deckpoint
 ppp authentication chap ms-chap
 ppp multilink

--- radius log ------------------------------------------------------------------------------

rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=29, length=78
        NAS-IP-Address = xxx.xxx.xxx.xxx
        NAS-Port = 1
        NAS-Port-Type = Virtual
        User-Name = "saml2tp"
        CHAP-Password = 0x0e8c54282f65e16da39856fd0736e0ebd7
        Service-Type = Framed-User
        Framed-Protocol = PPP
Sending Access-Accept of id 29 to xxx.xxx.xxx.xxx:1645
        Cisco-AVPair += "vpdn:tunnel-id=testsam"
        Cisco-AVPair += "vpdn:l2tp-tunnel-password=secret"
        Cisco-AVPair += "vpdn:tunnel-type=l2tp"
        Cisco-AVPair += "vpdn:vpdn-group=out_test"
        Cisco-AVPair += "vpdn:ip-addresses=xxx.xxx.xxx.xxx"
        Service-Type := Outbound-User
        Framed-Protocol := PPP

--- multihop router log ---------------------------------------------------------------------

Vi1 VPDN: Clone from Vtemplate 1
Vi1 VPDN: Bind interface direction=2
%LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Vi1 VPDN: Looking for tunnel --  --
Vi1 VPDN: Looking for tunnel --  --
Vi1 VPDN: Continue PPP authentication for saml2tp
RADIUS: ustruct sharecount=2
Radius: radius_port_info() success=1 radius_nas_port=1
RADIUS: Initial Transmit Virtual-Access1 id 29 xxx.xxx.xxx.xxx:1645, Access-Request, len 78
        Attribute 4 6 C226A802
        Attribute 5 6 00000001
        Attribute 61 6 00000005
        Attribute 1 9 73616D6C
        Attribute 3 19 0E8C5428
        Attribute 6 6 00000002
        Attribute 7 6 00000001
RADIUS: Received from id 29 xxx.xxx.xxx.xxx:1645, Access-Accept, len 203
        Attribute 26 30 0000000901187670
        Attribute 26 40 0000000901227670
        Attribute 26 29 0000000901177670
        Attribute 26 32 00000009011A7670
        Attribute 26 40 0000000901227670
        Attribute 6 6 00000005
        Attribute 7 6 00000001
RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=secret" not applied for lcp
RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp" not applied for lcp
RADIUS: cisco AVPair "vpdn:vpdn-group=out_test" not applied for lcp
RADIUS: cisco AVPair "vpdn:ip-addresses=xxx.xxx.xxx.xxx" not applied for lcp
Vi1 AAA/AUTHOR/LCP: Denied
Vi1 VPDN: Cleanup
Vi1 VPDN: Reset
Vi1 VPDN: Reset
Vi1 VPDN: Unbind interface
Vi1 VPDN: Unbind interface
Vi1 VPDN: Reset
Vi1 VPDN: Unbind interface




More information about the cisco-bba mailing list