<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<title>Choosing LNS On A Per-Domain Basis</title>
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Hi Dominic,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">We achieved this in the past using two different technologies. One was VPDN multihop and using RADIUS to forward the sessions to the desired LNS. The other was to setup our
own LAC device which received the L2TP tunnel from upstream provider and then initiate a tunnel each to the two LNS devices based on domain name.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Example config:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">vpdn multihop<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">vpdn-group incomingtunnel<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">accept-dialin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> protocol l2tp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> virtual-template 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">terminate-from hostname providerlac<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">local name mylac<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">lcp renegotiation on-mismatch<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">vpdn-group mylns1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">request-dialin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> protocol l2tp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> domain domain1.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">initiate-to ip 1.1.1.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console"">l2tp tunnel password mypassword<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Hope that helps.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Vaibhav<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-bba [mailto:cisco-bba-bounces@puck.nether.net]
<b>On Behalf Of </b>Dominic<br>
<b>Sent:</b> Tuesday, 1 October 2013 7:48 AM<br>
<b>To:</b> cisco-bba@puck.nether.net<br>
<b>Subject:</b> [cisco-bba] Choosing LNS On A Per-Domain Basis<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">We are using the Cisco ASR 1004 for LNS. For business reasons, we have tw sets of PPPOE users authenticating against the LNS -the only difference being the @ domain part. So for
example:</span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">(a.)
<a href="mailto:user@domain1.com">user@domain1.com</a> </span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">(b.)
<a href="mailto:user@domain2.com">user@domain2.com</a> </span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">Irrespective of their domain, all users come in via the same LACs, and via the same L2TP tunnels. We do not own the LACS, and are not able to make or request any changes on the LAC-side.</span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">Here is what</span><span lang="EN-US"> </span><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D"> we are trying to do: we would like to choose the terminating
LNS based on the domain name. So all users @ domain1, for example, should authenticate to LNS1, while all users @ domain2 should authenticate to LNS2. As I said, we do not manage the LACs. Also,</span><span lang="EN-US">
</span><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">the ip address of my LNS(es) are statically defined in the LACs, and not</span><span lang="EN-US">
</span><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">negotiated dynamically at authentication time.</span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">So is there anyway to choose the LNS according to the domain presented in the username?</span><span lang="EN-US"> </span><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">
Is there some way to force users at domain1 to LNS #1, and users at domain2 to LNS #2?</span><span lang="EN-US">
</span><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">If so, can anyone share some pointers as to we accomplish it?</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">Thanks in advance.</span><o:p></o:p></p>
<p><span lang="EN-US" style="font-family:"Calibri","sans-serif";color:#1F497D">Dominic</span><o:p></o:p></p>
</div>
</body>
</html>