[cisco-bba] Sample LNS and Client Router configuration

Neilrey Espino Neilrey.Espino at FundSERV.com
Thu Jan 19 10:11:20 EST 2006

Hi Kristofer,

I got some follow-up questions on the sample config.

1. How Many vpdn group should I create ? Telco gave me 12 vlans looks
like I have 12 tunnel connection to our telco, would this mean I should
configure 12 vpdn's ?
2. The <Telco-LAC-hostname> should this be a hostname or can also be an
IP ?

Thanks in advance.


-----Original Message-----
From: Kristofer Sigurdsson [mailto:kristo at ipf.is] 
Sent: Thursday, January 19, 2006 4:39 AM
To: Neilrey Espino
Cc: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] Sample LNS and Client Router configuration


On the LNS, you need to create a VPDN group to terminate
the connection:

vpdn-group Telco-DSL-LNS
  protocol l2tp
  virtual-template 1
 terminate-from hostname <Telco-LAC-hostname>
 local name Telco-DSL-LNS-hostname
 lcp renegotiation always
 l2tp tunnel password <tunnel password>

As you can see, the VPDN group references a virtual-template, which is a
template for the virtual-access interfaces that will be your customer's
access interfaces.  You need to create this virtual template:

interface Virtual-Template1
 description Telco DSL
 mtu 1492
 ip unnumbered Loopback0
 no peer default ip address
 ppp authentication pap chap ms-chap Telco-DSL-AAA
 ppp authorization Telco-DSL-AAA
 ppp accounting Telco-DSL-AAA

Here, you reference AAA groups, Telco-DSL-AAA, for authentication,
authorization and accounting.  This configuration leaves it to the AAA
server (RADIUS/TACACS+) to decide the client's IP address, if you don't
want that, you can remove the "no peer default ip address" and put in a
reference to a local IP pool. Also, this configuration uses the
loopback0's IP address as an IP for for the virtual access interfaces
facing the customers.

You need to create the AAA groups:

aaa authentication ppp Telco-DSL-AAA group Telco-RADIUS
aaa authorization network Telco-DSL-AAA group Telco-RADIUS
aaa accounting network Telco-DSL-AAA start-stop group Telco-RADIUS

The AAA groups all reference the same RADIUS group, Telco-RADIUS:

aaa group server radius Telco-RADIUS
 server-private <radius IP 1> auth-port 1812 acct-port 1813 key <key>
server-private <radius IP 2> auth-port 1812 acct-port 1813 key <key> 
 ip radius source-interface Loopback0

That's about it for the LNS.  Regarding the client, these might help you


On Wed, 2006-01-18 at 18:04 -0500, Neilrey Espino wrote:
>         Hi Guys,
>         We have just closed a deal with our telco to use a DSL
>         infrastructure and replace our remote offices which uses the
>         ISDN.
>         As a starter, We highly appreaciate if someone could send us a
>         sample config for the LNS router and a cisco client router.
>         We just wanted to get some ideas on how the configuration
>         would look like.
>         Many thanks in advance. 
>         ________________________________ 
>         Neilrey
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list