[c-nsp] L2TP Question

Tassos Chatzithomaoglou achatz at forthnet.gr
Fri May 19 10:14:10 EDT 2006 

I believe domain should be "customer#home at dsl-dialin.de" under vpdn group 222.
It shouldn't contain the delimiter "%" ;)

If this doesn't work please post vtemplate 1 and aaa config too.

--
Tassos


Ahmad Cheikh Moussa wrote on 19/5/2006 16:40:
> Hi!
> 
> I have a LNS Server on which I terminate my L2tp
> DSL Sessions. This works fine without any problems.
> So now, I want to configure a l2tp forwarding to another
> LNS Server, which is located at the customer site.
> The customer wants to manage and authenticate his users
> by himself. So I have to configure a forwarding of the
> l2tp Session to the customer. Until now I have the problem that
> my LNS Server tries to authenticate the user of the customers and
> do not forward the l2tp request further to the customer.
> 
> Here a cut of my config:
> 
> vpdn enable
> vpdn multihop
> vpdn authen-before-forward
> vpdn aaa attribute nas-port vpdn-nas
> vpdn search-order domain
> vpdn domain-delimiter % suffix
> !
> vpdn-group 1
>   description DSL Dialin
>   accept-dialin
>    protocol l2tp
>    virtual-template 1
>   session-limit 128
>   terminate-from hostname dsl_provider
>   lcp renegotiation always
>   l2tp tunnel password 7 ***************
> 
> 
> vpdn-group 222
>   description L2tp forwarding to customer
>   request-dialin
>    protocol l2tp
>    domain %customer#home at dsl-dialin.de
>   initiate-to ip 1.1.1.1  limit 2
>   source-ip 2.2.2.2
>   local name NetUSE-KielNET
>   l2tp tunnel password **********
> 
> The goal is to forward all request, which contains
> %customer#home at dsl-dialin.de to the customer, without
> to authenticate this user by my own database.
> 
> Is this possible, or did I overlook soemthing ??
> 
> The command "vpdn authen-before-forward" is needed, because I have
> l2tp tunnel, which is configured via radius.
> I have configured "no authen-before-forward" within the vpdn-group
> configuration mode. But this command is not shown in the show running
> output, I think it is a default value.
> 
> 
> 
> Thanks in advance,
>   Ahmad
> 
> 
> 
> 
> --
> Ahmad Cheikh-Moussa
> NetUSE AG
> Dr.-Hell-Straße, 24107 Kiel, Germany
> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
> Service: Service at NetUSE.DE --  http://NetUSE.DE/
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list