[cisco-bba] vpdn multihop

Dennis Peng dpeng at cisco.com
Tue Jul 29 09:23:17 EDT 2003


Yes, you can do multihop as you describe below. Try adding "vpdn
authen-before-forward" to your configuration and give it another shot.

Dennis

Eric Laporte [eric.laporte at deckpoint.com] wrote:
> 
> Hello,
> 
> We would like to implement a vpdn multihop switch using radius attributes on a 7204vxr router acting as LNS.
> The LNS should in normal condition simply terminate PPPoE clients overt L2TP (this works already) and depending on the user id ( not
> domain.. ) we'd like to forward to another LNS using multihop.
> 
> is it possible to do that at all?
> 
> multihop documentation only mentions domain, hostname and dnis matching.
> 
> 
> The following configuration we tried gives us errors that we don't understand:
> RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
> 
> thanks,
> Eric
> 
> 
> --- multihop router configuration -------------------------------------------------------------
> 
> ip address-pool local
> virtual-profile virtual-template 1
> multilink virtual-template 7
> vpdn enable
> vpdn multihop
> !
> vpdn-group incoming
> ! Default PPTP VPDN group
>  accept-dialin
>   protocol pptp
>   virtual-template 1
>  lcp renegotiation on-mismatch
> !
> vpdn-group out_test
>  request-dialin
>   protocol l2tp
> !
> interface Virtual-Template1
>  ip unnumbered FastEthernet0/0
>  peer default ip address pool deckpoint
>  ppp authentication chap ms-chap
>  ppp multilink
> 
> --- radius log ------------------------------------------------------------------------------
> 
> rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=29, length=78
>         NAS-IP-Address = xxx.xxx.xxx.xxx
>         NAS-Port = 1
>         NAS-Port-Type = Virtual
>         User-Name = "saml2tp"
>         CHAP-Password = 0x0e8c54282f65e16da39856fd0736e0ebd7
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
> Sending Access-Accept of id 29 to xxx.xxx.xxx.xxx:1645
>         Cisco-AVPair += "vpdn:tunnel-id=testsam"
>         Cisco-AVPair += "vpdn:l2tp-tunnel-password=secret"
>         Cisco-AVPair += "vpdn:tunnel-type=l2tp"
>         Cisco-AVPair += "vpdn:vpdn-group=out_test"
>         Cisco-AVPair += "vpdn:ip-addresses=xxx.xxx.xxx.xxx"
>         Service-Type := Outbound-User
>         Framed-Protocol := PPP
> 
> --- multihop router log ---------------------------------------------------------------------
> 
> Vi1 VPDN: Clone from Vtemplate 1
> Vi1 VPDN: Bind interface direction=2
> %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
> Vi1 VPDN: Looking for tunnel --  --
> Vi1 VPDN: Looking for tunnel --  --
> Vi1 VPDN: Continue PPP authentication for saml2tp
> RADIUS: ustruct sharecount=2
> Radius: radius_port_info() success=1 radius_nas_port=1
> RADIUS: Initial Transmit Virtual-Access1 id 29 xxx.xxx.xxx.xxx:1645, Access-Request, len 78
>         Attribute 4 6 C226A802
>         Attribute 5 6 00000001
>         Attribute 61 6 00000005
>         Attribute 1 9 73616D6C
>         Attribute 3 19 0E8C5428
>         Attribute 6 6 00000002
>         Attribute 7 6 00000001
> RADIUS: Received from id 29 xxx.xxx.xxx.xxx:1645, Access-Accept, len 203
>         Attribute 26 30 0000000901187670
>         Attribute 26 40 0000000901227670
>         Attribute 26 29 0000000901177670
>         Attribute 26 32 00000009011A7670
>         Attribute 26 40 0000000901227670
>         Attribute 6 6 00000005
>         Attribute 7 6 00000001
> RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
> RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=secret" not applied for lcp
> RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp" not applied for lcp
> RADIUS: cisco AVPair "vpdn:vpdn-group=out_test" not applied for lcp
> RADIUS: cisco AVPair "vpdn:ip-addresses=xxx.xxx.xxx.xxx" not applied for lcp
> Vi1 AAA/AUTHOR/LCP: Denied
> Vi1 VPDN: Cleanup
> Vi1 VPDN: Reset
> Vi1 VPDN: Reset
> Vi1 VPDN: Unbind interface
> Vi1 VPDN: Unbind interface
> Vi1 VPDN: Reset
> Vi1 VPDN: Unbind interface
> 
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba


More information about the cisco-bba mailing list