[c-nsp] PPPoE/RADIUS with 7206/NPE-200 and IOS 12.3(9c)
Robert E.Seastrom
rs at seastrom.com
Thu Dec 22 22:00:58 EST 2005
Stephen Fulton <cisco-nsp at lists.esoteric.ca> writes:
> 1. The 7206 authenticates a user "domain.com/cisco" against the radius
> server, which fails. Why this is happening, I do not understand. I
> can't see a reason in either the documentation I've consulted or my own
> understanding of the entire process. Any pointers on this one would be
> appreciated.
it's looking for a place to forward the pppoe session (over l2tp). if
it gets back a radius packet with a magic cisco-avpair in it, it will
send it subsequent packets in this session (as well as the first
packet) out over some existing or new l2tp tunnel, thus acting as a
tunnel switch.
get rid of this behavior with "vpdn authen-before-forward" in your config.
> 2. It then attempts to authenticate the PPPoE user, which succeeds. No
> IP address is assigned from the pool I've created, and the PPPoE
> session disconnects after a moment.
hrm, try adding "lcp renegotiation always" to the vpdn-group?
is this perchance for talking to bell canada?
---rob
More information about the cisco-nsp
mailing list