[c-nsp] PPPoE -> VRF Virtual Templates
Tim Franklin
tim at colt.net
Fri Mar 3 07:03:28 EST 2006
Hi all,
> int virtual-template1
> no ip address
> no peer default ip address
> ppp authentication chap pap ..
> !
> ! you need the "group .." only when you have overlapping pool
> addresses
> ip local pool crocker-pool <start> <end> group crocker.com
> ip local pool acme-pool <start> <end> group acme.com
>
> a Radius profile for a user would then include
>
> Cisco-avpair = "lcp:interface-config#1=ip vrf forwarding crocker.com"
> Cisco-avpair = "lcp:interface-config#2=ip unnumbered lo100"
> Cisco-avpair = "ip:addr-pool=crocker-pool"
>
> and similar for acme.
Is it possible to do the same or similar for users coming reaching the
router from the Cisco VPN client rather than a PPP session. We currently
have:
crypto isakmp client configuration group <group-name>
key <preshared-key>
pool clientpool
ip local pool clientpool <first-ip-address> <last-ip-address>
On the VPN termination router, but I now have a request for different users
to be given addresses from different pools. All the infrastructure is in
place to push back per-domain or per-user AV-pairs, I'm just looking to
confirm which AV-pair will do the right thing for a VPN client...
Thanks in advance,
Tim.
--
____________ Tim Franklin e: tim at colt.net
\C/\O/\L/\T/ Product Engineering Manager w: www.colt.net
V V V V Managed Data Services t: +44 20 7863 5714
Data | Voice | Managed Services f: +44 20 7863 5876
More information about the cisco-nsp
mailing list