[c-nsp] VPDN Multihop on domain
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Apr 27 01:23:55 EDT 2006
Steve Wright <> wrote on Thursday, April 27, 2006 2:58 AM:
> Hi all,
>
> I'm just trying to get VPDN multihop working for a particular project,
> however, for some reason, the LAC/LNS terminates as opposed to
> forwarding the sessions associated with the domain...
>
> Can anyone see anything obviously wrong in the below config of the
> VPDN stuff? I've compared it to the Cisco docs that I can find, and it
> seems like I do everything they say, just that the sessions get
terminated
> locally, as opposed to an L2TP session forming to our test LNS box,
and the
> session being terminated there :(
Config looks fine, you have vpdn multihop enabled, but how does your AAA
config look like? In order for the LNS to match on the testlns1 group,
you need to have "aaa authorization network default local ..." enabled.
If you use Radius as your method, the tunnel parameters must come from
Radius, and locally configured groups are not searched. "debug radius"
should show an access-request for "dsltest.example.com" (which is likely
rejected by your radius server), and then the LNS tries to terminate the
user locally. If you returned any tunnel attributes instead of rejecting
"dsltest.example.com", the session would be forwarded, but based on the
Radius attributes instead of the vpdn-group settings..
oli
More information about the cisco-nsp
mailing list