[cisco-bba] configuration for LTS for cisco 10k

DUCAMPS, Dominique DDUCAMPS at bouyguestelecom.fr
Thu Feb 17 03:19:07 EST 2011




!--- Configuration LTS

vpdn enable /* Activation du processus VPDN (LTS + LNS) */
vpdn multihop /* activation de la fonction LTS */
vpdn authen-before-forward   /* activation de la fonction LTS */
no vpdn history failure
vpdn search-order domain
vpdn domain-delimiter @ suffix /* Caractère marquant le début du realm */
!

And the following is classical vpdn configuration.
And it is working with Radius Authentication




and the result on the LTS :

RTRDOL53#show ppp all
Interface/ID OPEN+ Nego* Fail-     Stage    Peer Address    Peer Name
------------ --------------------- -------- --------------- --------------------
Vi2.3        LCP+ CHAP+ IPCP+      LocalT   xxxx\
test11ent at yyyy
0x5E000036   LCP+ CHAP*            Fwded    0.0.0.0         \
lts2 at yyyy
0x89000048   LCP+ CHAP*            Fwded    0.0.0.0         \
lts1 at yyyy
Vi2.5        LCP+ CHAP+ IPCP+      LocalT   xxxx   \
test14ent at zzzzz
RTRDOL53#




RTRDOL53#show subscriber session username lts1 at yyyy
Unique Session ID: 928
Identifier: lts1 at yyyy
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 19:47:52, Last Changed: 19:47:52

Policy information:
  Authentication status: authen

Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 19:47:52



RTRDOL53#show subscriber session username lts2 at yyyy
Unique Session ID: 585
Identifier: lts2 at yyyy
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 17:25:57, Last Changed: 17:25:57



-----Message d'origine-----
De : cisco-bba-bounces at puck.nether.net [mailto:cisco-bba-bounces at puck.nether.net] De la part de cisco-bba-request at puck.nether.net
Envoyé : mardi 15 février 2011 18:00
À : cisco-bba at puck.nether.net
Objet : cisco-bba Digest, Vol 89, Issue 4

Send cisco-bba mailing list submissions to
        cisco-bba at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://puck.nether.net/mailman/listinfo/cisco-bba
or, via email, send a message with subject or body 'help' to
        cisco-bba-request at puck.nether.net

You can reach the person managing the list at
        cisco-bba-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-bba digest..."


Today's Topics:

   1. Per-User Multihop VPDN (Matthew Melbourne)
   2. Re: Per-User Multihop VPDN (Paul Sherratt)
   3. Re: Per-User Multihop VPDN (Arie Vayner)


----------------------------------------------------------------------

Message: 1
Date: Tue, 15 Feb 2011 09:56:56 +0000
From: Matthew Melbourne <matt at melbourne.org.uk>
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] Per-User Multihop VPDN
Message-ID:
        <AANLkTikik1r3gE8os5hjzA658uzCHsxuqZ8d5MQ=VQge at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I have a scenario where I would like to forward particular user
sessions from one LNS to another (which is VRF-aware), ideally under
the control of the RADIUS server used by the initial LNS. Is it
possible to specify RADIUS attributes which will forward a user's
session to another LNS, using Multihop VPDN?

Cheers,

Matt

--
Matthew Melbourne


------------------------------

Message: 2
Date: Tue, 15 Feb 2011 10:30:41 +0000
From: Paul Sherratt <lists at paul.sh>
To: Matthew Melbourne <matt at melbourne.org.uk>
Cc: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] Per-User Multihop VPDN
Message-ID:
        <AANLkTi=Z=npTbVBMm3WnTvYv2mXU-HrRVmnO=W0iX_dU at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

When a request comes in to RADIUS from the initial LNS, you just need
to chuck back a set VPDN tunnel attributes and the multihop should
'just work'.

There are two options,
- RADIUS Attribute 66:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
- http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693

We primarily use the first, but if you need to multihop into a
VRF-aware VPDN group, you'll need the latter.

-pts


On 15 February 2011 09:56, Matthew Melbourne <matt at melbourne.org.uk> wrote:
> Hi,
>
> I have a scenario where I would like to forward particular user
> sessions from one LNS to another (which is VRF-aware), ideally under
> the control of the RADIUS server used by the initial LNS. Is it
> possible to specify RADIUS attributes which will forward a user's
> session to another LNS, using Multihop VPDN?
>
> Cheers,
>
> Matt
>
> --
> Matthew Melbourne
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>


------------------------------

Message: 3
Date: Tue, 15 Feb 2011 15:25:42 +0200
From: Arie Vayner <ariev at vayner.net>
To: lists at paul.sh
Cc: Matthew Melbourne <matt at melbourne.org.uk>,
        cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] Per-User Multihop VPDN
Message-ID:
        <AANLkTikszAxYN_BHH6SSR29Xb3BsLswQ7-eDuCPvfPFA at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

You also need the following command on the LNS:

*authen-before-forward *

http://www.cisco.com/en/US/docs/ios/vpdn/command/reference/vpd_a1.html#wp1047138

Arie

On Tue, Feb 15, 2011 at 12:30 PM, Paul Sherratt <lists at paul.sh> wrote:

> When a request comes in to RADIUS from the initial LNS, you just need
> to chuck back a set VPDN tunnel attributes and the multihop should
> 'just work'.
>
> There are two options,
> - RADIUS Attribute 66:
> http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
> -
> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693
>
> We primarily use the first, but if you need to multihop into a
> VRF-aware VPDN group, you'll need the latter.
>
> -pts
>
>
> On 15 February 2011 09:56, Matthew Melbourne <matt at melbourne.org.uk>
> wrote:
> > Hi,
> >
> > I have a scenario where I would like to forward particular user
> > sessions from one LNS to another (which is VRF-aware), ideally under
> > the control of the RADIUS server used by the initial LNS. Is it
> > possible to specify RADIUS attributes which will forward a user's
> > session to another LNS, using Multihop VPDN?
> >
> > Cheers,
> >
> > Matt
> >
> > --
> > Matthew Melbourne
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20110215/ab8464b7/attachment-0001.html>

------------------------------

_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

End of cisco-bba Digest, Vol 89, Issue 4
****************************************



  ________________________________
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne peut être tenue responsable de son contenu ni de ses pièces jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur.

The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20110217/f0dde3b7/attachment-0001.html>


More information about the cisco-bba mailing list