[cisco-bba] Subscriber Service Switch - Policy for Cisco LAC routers

Victor Lyapunov victor.lyapunov at gmail.com
Fri Jan 23 07:43:13 EST 2009


Hello all

I am doing some tests with Cisco routers that have to:

- Act as LAC for some domains
- Provide internet access for some other domains (terminating PPPoE
sessions localy).

I have been experimenting with subscriber profiles to selectively deny
service to users of
certain domains. I try to create the following configuration (with no
luck so far)

- Provide L2TP forwarding to users of domain e.g "domain1"
- Locally terminate PPPoE sessions of users belonging domain e.g. "domain2"
- The LAC Denies every other domain.

1. What I have seen is that the users of domain2 are correctly
terminated in the LAC (they get an IP address
and the LAC generate START / STOP accounting messages for their session)
2. The users whose domain is defined in a VPDN group are correctly
L2TP forwarding to the appropriate LNS
(unfortunately the LAC generates START / STOP for the L2TP users -
cannot find a way to disable this only
for VPDN users)
3. The LAC tries to provide local termination for the rest of the
domains. It tries to authenticate these users
with the Radius because of the default subscriber policy in the LAC.
This seems to be a waste of resources.

Is it possible to change this default policy from "local terminate" to
"deny"? I have tried to experiment with
subscriber profile <domain-name> but with no luck so far. Is there a
way to define a subscriber profile that
matches every domain?

Thnx


More information about the cisco-bba mailing list