[cisco-bba] Single L2TP VPDN group and static IP's

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Dec 1 07:33:34 EST 2006


Mark Tohill <mailto:Mark at u.tv> wrote on Friday, December 01, 2006 1:27
PM:

> OB: Well, how did you plan on measuring the bandwidth of the users? Do
> you need to do this invidually or one aggregate for the whole user
> "group"? 
> 
>>> Oliver, just figures for that group of users, no individual stats
>>> needed. 

oh, ok.

> 
>>> Would that mean something like below? For the telco to do
> this, they would require parameter to distinguish users on, eg. DNIS?
> Our users are all within 2 or 3 realms, the users we want spread over
those.

The Telco needs some way to distinguish them, so you need to work this
out with them.
 
> vpdn-group 1
>  description VPDN-GROUP-1
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  terminate-from hostname LAC-VPDN-1
>  source-ip aaa.bbb.ccc.ddd
>  lcp renegotiation on-mismatch
>  l2tp tunnel password VPDN1-PW
> !
> 
> vpdn-group 2
>  description VPDN-GROUP-2
>  accept-dialin
>   protocol l2tp
>   virtual-template 1(or 2)
>  terminate-from hostname LAC-VPDN-1
>  source-ip aaa.bbb.ccc.ddd(+1)
>  lcp renegotiation on-mismatch
>  l2tp tunnel password VPDN2-PW
> !

almost, you need to differentiate on the "terminate-from hostname", so
the Telco needs to set the tunnel name to "LAC-VPDN-1" or "LAC-VPDN-2"
according to your groups (see above). You can use the same ip address
for both.

>>> We do have start/stop Radius records for users, may be
> able to trawl thru those based on distinct gateways/subnets given to
those users.

you could also use the Radius "Class" attribute to "tag" those users.
Just include a "Class" attribute (att # 25) in the access-accept
profile, and the LNS will send this attribute along with the accounting
records.

	oli



More information about the cisco-bba mailing list