[c-nsp] 7206 Config Help - DSL Aggregration
Kristofer Sigurdsson
kristosig at gmail.com
Thu Aug 17 12:47:48 EDT 2006
How about using the same RADIUS server, but letting that RADIUS server
forward the requests to different RADIUS servers if needed? That way, you
can (if you like) filter the replies and if you add aggregation routers, you
don't have to add them on the other RADIUS server(s) (I'm assuming those
other RADIUS servers are run by a 3rd party).
The RADIUS servers can send attributes that control which IP pool to use,
etc. If you'd like to keep the traffic seperate, you can let the main
RADIUS server add something like a VRF in which to place this virtual access
interface.
-Kristo
2006/8/17, Paul Stewart <pstewart at nexicomgroup.net>:
>
> Hi everyone...
>
> We have a Cisco 7206VXR that we are doing DSL aggregation on currently.
> Thanks to some help from a buddy of mine, I believe we have found a way
> to use different radius servers dependant on their domain name at login
> time.
>
> Below is current config. What I'd like to do is to have domain abc.net
> added and use another radius server (that shouldn't be hard - but the
> two listed below point to same radius server today)... My biggest
> challenge is trying to define separate IP pools for each domain name at
> login...
>
> Any ideas? The l2tp provider has talked about using a series of
> loopback addresses on our side and have each domain point to a different
> loopback....
>
> Thanks,
>
> Paul Stewart
>
>
>
> aaa group server radius Nexicom
> server-private 216.168.XX.XX auth-port 1812 acct-port 1813 key 7
> XXXXXXXXXXXX
> server-private 216.168.XX.XX auth-port 1645 acct-port 0 key 7
> XXXXXXXXXXXXX
> ip radius source-interface Loopback0
>
> aaa authentication ppp Nexicom group Nexicom
> aaa authorization network Nexicom group Nexicom
> aaa accounting delay-start
> aaa accounting network Nexicom start-stop group Nexicom
>
> ip host nexicom.net 216.168.XXX.XXX 216.168.XXX.XXX
> ip host anotherdomain.net 216.168.XX.XX 216.168.XX.XX
>
> virtual-profile if-needed
> vpdn enable
> vpdn multihop
> vpdn authen-before-forward
> vpdn authorize directed-request
>
> vpdn-group XXXXXXXXXXXXXXXXX
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname XXXXXXXXXX
> local name XXXXX
> lcp renegotiation always
> l2tp tunnel password 7 XXXXXXXXXX
>
> bba-group pppoe global
> virtual-template 1
>
> interface ATM1/0
> no ip address
> no atm ilmi-keepalive
> !
> interface ATM1/0.1 point-to-point
> description XXXXXXXXXXXXXXXXXXXXXX
> ip address 10.70.82.26 255.255.255.252
> no snmp trap link-status
> atm route-bridged ip
> pvc 2/263
> !
>
> interface Virtual-Template1
> ip unnumbered Loopback0
> ip mtu 1492
> ip mroute-cache
> no logging event link-status
> no snmp trap link-status
> peer default ip address pool default
> ppp authentication pap Nexicom
> ppp authorization Nexicom
> ppp accounting Nexicom
> no clns route-cache
>
> ip local pool default 123.123.123.1 123.123.123.254
>
> radius-server attribute 44 include-in-access-req
> radius-server attribute 32 include-in-access-req
> radius-server attribute 32 include-in-accounting-req
> radius-server attribute 55 include-in-acct-req
> radius-server attribute nas-port format d
> radius-server directed-request
> radius-server domain-stripping
> radius-server vsa send accounting
> radius-server vsa send authentication
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list