[cisco-nas] Cisco 7206VXR for BBA

Tihomir Dragas tiho.dragas at telekomcg.com
Tue Sep 12 11:22:52 EDT 2006


Hi Paul,

Did you consider L2TP model, in which you control LAC and your customer 
control LNS. In that approach your Customer is responsible for IP address 
pool, and for authorization of the customers. Similar like on picture:

user at realm -------PPPoE-----LAC----------L2TP--------LNS
                                                 | 
|
                                                 | 
|
                                                 | 
|
                                    SP Wholesale Radius            ISP 
Customer Radius

L2TP is opening based on "realm".

Tiho

----- Original Message ----- 
From: "Paul Stewart" <pstewart at nexicomgroup.net>
To: <cisco-nas at puck.nether.net>
Sent: Tuesday, September 12, 2006 5:01 PM
Subject: [cisco-nas] Cisco 7206VXR for BBA


> Hi there..
>
> We have a Cisco 7206VXR that is currently doing broadband aggregation
> for our ADSL services.... It uses our Cistron radius servers for
> authentication and accounting with no problem.....
>
> Now, we have a need to bring on a proxy-radius setup because we have a
> customer who wants to wholesale DSL services from us and they run their
> own radius servers.  Proxy radius seems to be the best way to offer this
> (long theads on cisco-nsp about that topic) so have some questions....
>
> It seems that we need to use [ cisco-avpair = "ip:addr-pool=POOL-A" ] on
> the radius side to instruct the router to use a specific pool such as [
> ip local pool POOL-A <start-ip> <end-ip> ]
>
> Because this is proxy radius, how do we send this attribute back to the
> router based on the realm name??  I realize this is probably a
> discussion for the Cistron list but wanted to start here first...
> The user is going to connect, get an ack or nack from the remote radius
> server - but then how do we tell it to specifically send back a
> cisco-avpair based on the realm name??
>
> Basically, stepping back a bit... We have three user at realm coming in
> across the same physical connection.  Our requirement is to take one of
> these realms and have it use it's own radius servers and ip pools.
>
> Thanks for any input...
>
> Paul Stewart
> Network Administrator
> Nexicom Inc.
> http://www.nexicom.net/
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
> 




More information about the cisco-nas mailing list