[c-nsp] Cisco DSL Config Question - Multiple Domains
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Sep 6 12:54:34 EDT 2006
cisco-nsp-bounces at puck.nether.net <> wrote on Wednesday, September 06,
2006 6:37 PM:
> I'm hoping someone can help me here..;) We have a Cisco 7206VXR that
> we use for DSL termination from a telco via l2tp tunnels. Below is
> some snippets of the config. Today, everything works fine but our
> goal is to
> split up three domains coming in **without** using proxy-radius and/or
> changing radius at all (don't go there). ;)
>
> Our telco provider who is sending us the l2tp tunnels runs Juniper and
> can route each domain to a separate loopback on our side.
> This all made
> sense until I started looking at vpdn-group configuration etc...
>
> If they terminate each domain onto a separate loopback interface, how
> can I bind that to a separate virtual-template where I can also define
> separate radius servers and Ip pools for each domain? Is
> there a way to
> do this? I had this figured out I thought until I found the
> "virtual-template 1" statement on the vpdn-group.. Is there a way to
> remove this and do it from the loopback instead?
Paul,
have the LAC/SP send you the tunnels using different tunnel names. Then
you can use the "terminate-from hostname <name>" command in your
vpdn-group to match the tunnel to the vpdn-group, and use different
virtual-templates with different AAA methods for your different domains.
So far, we can't assign a tunnel to a vpdn-group based on the L2TP
dest-address (your loopbacks), you need to use different names:
vpdn-group domain1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname domain1
...
vpdn-group domain2
accept-dialin
protocol l2tp
virtual-template 2
terminate-from hostname domain2
...
etc..
oli
More information about the cisco-nsp
mailing list