[cisco-nas] virtual-Profile question

Aaron Leonard Aaron at cisco.com
Tue Oct 14 14:06:33 EDT 2003 

> Hello,

> My problem is that I would like to do that all ppp configuration parameters
> for a dialin user like pap or chap authentication,auth lists etc can be get
> from a virtual-template for all dialin user. And on Physical interfaces like
> group-async and serial could be only media specific parameters. This
> configuration would be ideal for configuring because we use same auth list
> for all kind of dialin user (modem/ISDN) and if an auth list changes I don't
> have to change it on every serial and group async interfaces etc. I thought
> It can be done easily with virtual profile. 

Yes, I agree with you, this is the most elegant design
(assuming that you don't want to have different policies 
for async and ISDN calls.)

The downside of having all calls use virtual profiles is that
VP's use somewhat more CPU than using physical asyncs.  This 
can be significant if you are using a platform with a low
CPU/port ratio (like a 5800 with 1000 calls.)

The one thing you're missing:

"no virtual-profile if-needed"

Aaron

---

> But life was not so easy. Or I
> misunderstanded the Virtual Profile feature.I configured " virtual-profile
> virtual-template 1" and "interface virtual-template 1 " with "encap ppp",
> "ppp authentication pap listname", etc.....On the physical interfaces I
> configured only the media specific components neither "encap ppp", nor "ppp
> authentication pap listname", etc.....
> And also the physical interfaces is neither configured for dialer profile
> and nor for legacy ddr.
> I thought it should be working. I thought that for all of the users dial-in
> (no matters async or sync) an interface will be cloned from the virtual
> template and ppp starts and the auth list on the virt. template is used for
> authentication. But it didn't work. The NAS did  wholly other thing. If I
> dial in the AS with modem the PPP starts on the async, but there is no
> "encap ppp"  on group async interface.
> I think because of the autoselect ppp on the line. And then searches the
> authentication list on group async only (there was no auth list on it) and
> don't be engaged in using the auth list on virt-template. But, the cloning
> is succesful, ios makes virt. acces interface and I dial in without
> authentication with any kind of user/pass. If I dial with ISDN there is even
> no ppp on the physical serial interfaces and the PPP didn't start.
>  If someone know the solution please help.

> Thanks everyone response!



> szicsu

> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

More information about the cisco-nas mailing list