[nsp] request-dialin, some confusion about it

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Jan 15 02:05:32 EST 2004


> 
> Could you also please tell how I should specify several redundant home
> gateways with different priorities, using RADIUS authorization?
> 
> The only paper I could find about RADIUS Authentication for VPDNs is
> http://www.cisco.com/warp/public/480/vpdn_rad.html
> 
> but it does not answer my question.
> 
> Now I have in my users file:
> 
> tsu.ru Password = "cisco"
>         Tunnel-Server-Endpoint = x.x.x.x,
>         Tunnel-Type = L2TP
> 
> What attributes should I add to have several endpoints with different
> priorities (I use dictionary.tunnel from radiusd-cistron-1.6.6)?

when using Cisco AVP syntax you can specify different LNS IP addresses
delimited by "/", i.e.

tsu.ru		Password = "cisco" Service-Type = Outbound-User
	cisco-avpair = "vpdn:ip-addresses=10.1.1.1/10.2.2.2", 
	cisco-avpair = "vpdn:tunnel-type=l2tp",
	cisco-avpair = "vpdn:tunnel-id=NAME",
	cisco-avpair = "vpdn:l2tp-tunnel-password=PASSWORD"

we'll use 10.1.1.1 and fail over to 10.2.2.2 if 10.1.1.1 is no longer
reachable. You can also use round-robin load-sharing between LNS by
comma-delimiting the ip addresses:

	cisco-avpair = "vpdn:ip-addresses=10.1.1.1,10.2.2.2"

or combine the both

	cisco-avpair =
"vpdn:ip-addresses=10.1.1.1,10.2.2.2/10.3.3.3,10.4.4.4"

where we'll load-share between 10.1.1.1 and 10.2.2.2, and fail over to
load-share between 10.3.3.3 and 10.4.4.4 when the former servers both
become unreachable.

When you upgrade your LAC to 12.2(4)T or later (I recall you're using
12.2 mainline), you can also use the new tagged attribute syntax as
defined in RFC 2868.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft
/122t/122t11/ftradtun.htm describes this feature.

	oli



More information about the cisco-nsp mailing list