[cisco-bba] Choosing LNS On A Per-Domain Basis

Dominic dominic at broadconnect.ca
Tue Oct 1 21:05:33 EDT 2013 

Thanks, Vaibhav. This certainly helps. Will give it a shot.

 

 

Dominic

From: Vaibhav Bagaria [mailto:vaibhav.bagaria at bendigotelco.com.au] 
Sent: Tuesday, October 01, 2013 7:29 PM
To: 'Dominic'; cisco-bba at puck.nether.net
Subject: RE: [cisco-bba] Choosing LNS On A Per-Domain Basis

 

Hi Dominic,

 

We achieved this in the past using two different technologies. One was VPDN
multihop and using RADIUS to forward the sessions to the desired LNS. The
other was to setup our own LAC device which received the L2TP tunnel from
upstream provider and then initiate a tunnel each to the two LNS devices
based on domain name.

 

Example config:

 

vpdn multihop

 

vpdn-group incomingtunnel

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname providerlac

local name mylac

lcp renegotiation on-mismatch

 

vpdn-group mylns1

request-dialin

  protocol l2tp

  domain domain1.com

initiate-to ip 1.1.1.1

l2tp tunnel password mypassword

 

Hope that helps.

 

Regards,

Vaibhav

 

From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
Dominic
Sent: Tuesday, 1 October 2013 7:48 AM
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] Choosing LNS On A Per-Domain Basis

 

We are using the Cisco ASR 1004 for LNS. For business reasons, we have tw
sets of  PPPOE users authenticating against the LNS -the only difference
being the @ domain part. So for example:

(a.) user at domain1.com 

(b.) user at domain2.com 

Irrespective of their domain, all users come in via the same LACs, and via
the same L2TP tunnels. We do not own the LACS, and are not able to make or
request any changes on the LAC-side.

 

Here is what  we are trying to do: we would like to choose the terminating
LNS based on the domain name.  So all users  @ domain1, for example, should
authenticate to LNS1, while all users @ domain2 should authenticate to LNS2.
As I said, we do not manage the LACs. Also, the ip address of my LNS(es) are
statically defined in the LACs, and not negotiated dynamically at
authentication time.

So is there anyway to choose the LNS according to the domain presented in
the username?  Is there some way to force users at domain1 to LNS #1, and
users at domain2 to LNS #2? If so, can anyone share some pointers as to we
accomplish it?

 

Thanks in advance.

Dominic

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20131001/b128a350/attachment-0001.html>

More information about the cisco-bba mailing list