[cisco-nas] Virtaul-profile feature Set

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Tue Mar 8 01:57:07 EST 2005 

> Is there something I have to think of before I use
> "no virtual-profile if-needed" ?

Well, only if you really want to use a vaccess for every call.
 
> This command means that for every call will be made an
> Virtual-Interface. When I made an show vtemplate, the output
> show that I have a max of 9 Vtemplate.

It shows you have one vtemplate (Vt1), but 9 virtual-access interfaces.

>  That means more than 8
> simultaneous call is not possible, if I deactivate the if-needed
> feature. Is that right ?

No, we dynamically clone new virtual-access interfaces when needed.

	oli

P.S: Another option (besides configuring "no virtual-profile if-needed") is to force a vaccess by including a per-user Attribute in your Radius profile. This could be a no-op like Cisco-avpair += "lcp:interface-config=description dial user", but could also apply NAT on a per-user basis ("lcp:interface-config=ip nat inside"). Whenever IOS finds such an attribute, it will clone a vaccess (i.e. it considers "if-needed" as true).

> 
> Oliver Boehmer (oboehmer) wrote:
>> Ahmad Cheikh Moussa <mailto:acm at netuse.de> wrote on Monday, March
>> 07, 2005 4:19 PM: 
>> 
>> 
>>> it is not really a problem. It's a matter of nat.
>>> I have configured "ip nat inside" only on the dialer Interface
>>> and on the virtual-interface. As the user gets no virtual-interface,
>>> the router use the Pri Interface. The "ip nat inside" Feature is not
>>> configured on the Pri interface and therefore the user wasn't
>>> natted. As I configured on the Pysical interface "ip nat inside"
>>> the user was properly natted. Normally I don't wanna configure any
>>> ip options on an Physical Interface and therefore it is for me a
>>> problem. 
>>> 
>>> Any ideas, how to solve that ?
>> 
>> 
>> "no virtual-profile if-needed" doesn't work?
>> 
>> 	oli
>> 
>> 
>>> Oliver Boehmer (oboehmer) wrote:
>>> 
>>>> 
>>>>> I have a dialin user, which do not get an virtual
>>>>> interface. The radius config is relatively easy:
>>>>> 
>>>>> user01     Auth-Type:= Local, User-Password == "****""
>>>>>        Service-Type = Framed-User,
>>>>>        Framed-Protocol = PPP,
>>>>>        cisco-avpair += "ip:addr-pool=POOL_NETYOU_RFC",
>>>>> Framed-Routing = None 
>>>>> 
>>>>> Any ideas, why this user get no virtual-interface ?
>>>>> Wiht 12.2 there was no problems.
>>>> 
>>>> 
>>>> Apart from the fact that the user is terminated on the physical
>>>> line, is there a problem? Can't check right now, but we shouldn't
>>>> need an vaccess for this specific user. Is this an ISDN or
>>>> Modem/async user? remove the "virtual-profile if-needed" and you'll
>>>> get a vaccess for every call..
>>>> 
>>>> 	oli
>>>> 
>>>> 
>>>> 
>>>>>> Ahmad,
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> I want to configure virtual profiles. These profiles
>>>>>>> shoul be used, when they are needed.
>>>>>>> Normally the configuration should look like this :
>>>>>>> 
>>>>>>> virtual-profile if-needed
>>>>>>> virtual-profile virtual-template 1
>>>>>>> virtual-profile aaa
>>>>>>> 
>>>>>>> Since my update from 12.2 to 12.3(T) the line
>>>>>>> "virtual-profile aaa" is away.
>>>>>>> 
>>>>>>> Any ideas, why this happen?
>>>>>>> Is this command not supported with IP Plus ?
>>>>>>> Is there a new way to configure this option ?
>>>>>> 
>>>>>> 
>>>>>> This command is obsolete, you don't need it anymore. IOS
>>>>>> automatically uses a vaccess when it sees per-user attributes in
>>>>>> the AAA response.. 
>>>>>> 
>>>>>> 	oli
>>>>> 
>>>>> 
>>>>> --
>>>>> Ahmad Cheikh-Moussa
>>>>> NetUSE AG
>>>>> Dr.-Hell-Straße, 24107 Kiel, Germany
>>>>> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
>>>>> Service: Service at NetUSE.DE --  http://NetUSE.DE
>>>> 
>>>> /
>>> 
>>> 
>>> --
>>> Ahmad Cheikh-Moussa
>>> NetUSE AG
>>> Dr.-Hell-Straße, 24107 Kiel, Germany
>>> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
>>> Service: Service at NetUSE.DE --  http://NetUSE.DE
>> 
>> /
> 
> 
> --
> Ahmad Cheikh-Moussa
> NetUSE AG
> Dr.-Hell-Straße, 24107 Kiel, Germany
> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
> Service: Service at NetUSE.DE --  http://NetUSE.DE/

More information about the cisco-nas mailing list