[c-nsp] L2TP Question
Ahmad Cheikh Moussa
acm at netuse.de
Fri May 19 09:40:02 EDT 2006
Hi!
I have a LNS Server on which I terminate my L2tp
DSL Sessions. This works fine without any problems.
So now, I want to configure a l2tp forwarding to another
LNS Server, which is located at the customer site.
The customer wants to manage and authenticate his users
by himself. So I have to configure a forwarding of the
l2tp Session to the customer. Until now I have the problem that
my LNS Server tries to authenticate the user of the customers and
do not forward the l2tp request further to the customer.
Here a cut of my config:
vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn aaa attribute nas-port vpdn-nas
vpdn search-order domain
vpdn domain-delimiter % suffix
!
vpdn-group 1
description DSL Dialin
accept-dialin
protocol l2tp
virtual-template 1
session-limit 128
terminate-from hostname dsl_provider
lcp renegotiation always
l2tp tunnel password 7 ***************
vpdn-group 222
description L2tp forwarding to customer
request-dialin
protocol l2tp
domain %customer#home at dsl-dialin.de
initiate-to ip 1.1.1.1 limit 2
source-ip 2.2.2.2
local name NetUSE-KielNET
l2tp tunnel password **********
The goal is to forward all request, which contains
%customer#home at dsl-dialin.de to the customer, without
to authenticate this user by my own database.
Is this possible, or did I overlook soemthing ??
The command "vpdn authen-before-forward" is needed, because I have
l2tp tunnel, which is configured via radius.
I have configured "no authen-before-forward" within the vpdn-group
configuration mode. But this command is not shown in the show running
output, I think it is a default value.
Thanks in advance,
Ahmad
--
Ahmad Cheikh-Moussa
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499
Service: Service at NetUSE.DE -- http://NetUSE.DE/
More information about the cisco-nsp
mailing list