[cisco-bba] vpdn multihop
Dennis Peng
dpeng at cisco.com
Tue Jul 29 09:23:17 EDT 2003
Yes, you can do multihop as you describe below. Try adding "vpdn
authen-before-forward" to your configuration and give it another shot.
Dennis
Eric Laporte [eric.laporte at deckpoint.com] wrote:
>
> Hello,
>
> We would like to implement a vpdn multihop switch using radius attributes on a 7204vxr router acting as LNS.
> The LNS should in normal condition simply terminate PPPoE clients overt L2TP (this works already) and depending on the user id ( not
> domain.. ) we'd like to forward to another LNS using multihop.
>
> is it possible to do that at all?
>
> multihop documentation only mentions domain, hostname and dnis matching.
>
>
> The following configuration we tried gives us errors that we don't understand:
> RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
>
> thanks,
> Eric
>
>
> --- multihop router configuration -------------------------------------------------------------
>
> ip address-pool local
> virtual-profile virtual-template 1
> multilink virtual-template 7
> vpdn enable
> vpdn multihop
> !
> vpdn-group incoming
> ! Default PPTP VPDN group
> accept-dialin
> protocol pptp
> virtual-template 1
> lcp renegotiation on-mismatch
> !
> vpdn-group out_test
> request-dialin
> protocol l2tp
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet0/0
> peer default ip address pool deckpoint
> ppp authentication chap ms-chap
> ppp multilink
>
> --- radius log ------------------------------------------------------------------------------
>
> rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=29, length=78
> NAS-IP-Address = xxx.xxx.xxx.xxx
> NAS-Port = 1
> NAS-Port-Type = Virtual
> User-Name = "saml2tp"
> CHAP-Password = 0x0e8c54282f65e16da39856fd0736e0ebd7
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Sending Access-Accept of id 29 to xxx.xxx.xxx.xxx:1645
> Cisco-AVPair += "vpdn:tunnel-id=testsam"
> Cisco-AVPair += "vpdn:l2tp-tunnel-password=secret"
> Cisco-AVPair += "vpdn:tunnel-type=l2tp"
> Cisco-AVPair += "vpdn:vpdn-group=out_test"
> Cisco-AVPair += "vpdn:ip-addresses=xxx.xxx.xxx.xxx"
> Service-Type := Outbound-User
> Framed-Protocol := PPP
>
> --- multihop router log ---------------------------------------------------------------------
>
> Vi1 VPDN: Clone from Vtemplate 1
> Vi1 VPDN: Bind interface direction=2
> %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
> Vi1 VPDN: Looking for tunnel -- --
> Vi1 VPDN: Looking for tunnel -- --
> Vi1 VPDN: Continue PPP authentication for saml2tp
> RADIUS: ustruct sharecount=2
> Radius: radius_port_info() success=1 radius_nas_port=1
> RADIUS: Initial Transmit Virtual-Access1 id 29 xxx.xxx.xxx.xxx:1645, Access-Request, len 78
> Attribute 4 6 C226A802
> Attribute 5 6 00000001
> Attribute 61 6 00000005
> Attribute 1 9 73616D6C
> Attribute 3 19 0E8C5428
> Attribute 6 6 00000002
> Attribute 7 6 00000001
> RADIUS: Received from id 29 xxx.xxx.xxx.xxx:1645, Access-Accept, len 203
> Attribute 26 30 0000000901187670
> Attribute 26 40 0000000901227670
> Attribute 26 29 0000000901177670
> Attribute 26 32 00000009011A7670
> Attribute 26 40 0000000901227670
> Attribute 6 6 00000005
> Attribute 7 6 00000001
> RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
> RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=secret" not applied for lcp
> RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp" not applied for lcp
> RADIUS: cisco AVPair "vpdn:vpdn-group=out_test" not applied for lcp
> RADIUS: cisco AVPair "vpdn:ip-addresses=xxx.xxx.xxx.xxx" not applied for lcp
> Vi1 AAA/AUTHOR/LCP: Denied
> Vi1 VPDN: Cleanup
> Vi1 VPDN: Reset
> Vi1 VPDN: Reset
> Vi1 VPDN: Unbind interface
> Vi1 VPDN: Unbind interface
> Vi1 VPDN: Reset
> Vi1 VPDN: Unbind interface
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list