[c-nsp] Cisco DSL Config Question - Multiple Domains

Paul Stewart pstewart at nexicomgroup.net
Wed Sep 6 12:36:38 EDT 2006 

I'm hoping someone can help me here..;)  We have a Cisco 7206VXR that we
use for DSL termination from a telco via l2tp tunnels.  Below is some
snippets of the config.  Today, everything works fine but our goal is to
split up three domains coming in **without** using proxy-radius and/or
changing radius at all (don't go there). ;)

Our telco provider who is sending us the l2tp tunnels runs Juniper and
can route each domain to a separate loopback on our side.  This all made
sense until I started looking at vpdn-group configuration etc...

If they terminate each domain onto a separate loopback interface, how
can I bind that to a separate virtual-template where I can also define
separate radius servers and Ip pools for each domain?  Is there a way to
do this?  I had this figured out I thought until I found the
"virtual-template 1" statement on the vpdn-group.. Is there a way to
remove this and do it from the loopback instead?

Config:

aaa group server radius ABC
 server-private xxx.xxx.xxx.28 auth-port 1812 acct-port 1813 key 7
XXXXXXXXXXXXX
 server-private xxx.xxx.xxx.13 auth-port 1645 acct-port 0 key 7
XXXXXXXXXXXXXXX
 ip radius source-interface Loopback0
!
aaa group server radius XYZ
 server-private xxx.xxx.xxx.28 auth-port 1812 acct-port 1813 key 7
XXXXXXXXXXXXXX
 server-private xxx.xxx.xxx.13 auth-port 1645 acct-port 0 key 7
XXXXXXXXXXXXXX
 ip radius source-interface Loopback0

aaa authentication ppp ABC group ABC
aaa authentication ppp XYZ group XYZ
aaa authorization network ABC group ABC
aaa authorization network XYZ group XYZ
aaa accounting delay-start
aaa accounting network ABC start-stop group ABC
aaa accounting network XYZ start-stop group XYZ

virtual-profile if-needed
vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn authorize directed-request

vpdn-group TSW1-KITCHENER06
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname nexxia1013
 local name whatever
 lcp renegotiation always
 l2tp tunnel password 7 XXXXXXXXXXXXXXX

bba-group pppoe global
 virtual-template 1

interface Loopback1
 description ABC
 ip address XXX.XXX.XXX.178 255.255.255.255
!
interface Loopback2
 description XYZ
 ip address XXX.XXX.XXX.179 255.255.255.255

interface ATM1/0.13 point-to-point
 description TSW1-KITCHENER06/nexxia1013
 ip address 10.70.82.50 255.255.255.252
 no snmp trap link-status
 atm route-bridged ip
 pvc 1/46

interface Virtual-Template1
 description ABC
 ip unnumbered Loopback1
 ip mtu 1492
 ip mroute-cache
 no logging event link-status
 no snmp trap link-status
 peer default ip address pool ABC
 ppp authentication pap ABC
 ppp authorization ABC
 ppp accounting ABC
 no clns route-cache

interface Virtual-Template2
 description XYZ
 ip unnumbered Loopback2
 ip mtu 1492
 ip mroute-cache
 no logging event link-status
 no snmp trap link-status
 peer default ip address pool XYZ
 ppp authentication pap XYZ
 ppp authorization XYZ
 ppp accounting XYZ
 no clns route-cache

ip local pool ABC XXX.XXX.XXX.1 XXX.XXX.XXX.254
ip local pool XYZ YYY.YYY.YYY.1 YYY.YYY.YYY.254

radius-server attribute 44 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute nas-port format d
radius-server directed-request
radius-server domain-stripping
radius-server vsa send accounting
radius-server vsa send authentication

Paul Stewart
Network Administrator
Nexicom Inc.
http://www.nexicom.net/

More information about the cisco-nsp mailing list