[c-nsp] Cisco DSL Config Question - Multiple Domains

David Freedman david.freedman at uk.clara.net
Wed Sep 6 13:06:17 EDT 2006 

I'm guessing if you want multiple tunnels? (between multiple loopbacks)

If so you might want to split this into distinct vpdn groups.

Something like the following:

vpdn-group 1
  description Inbound Tunnels from Telco Loopback A
  accept-dialin
   protocol l2tp
   virtual-template 1
   source-ip <IP Of int Loopback1>
   terminate-from <telco specific>
   local name whatever
   lcp renegotiation always
   l2tp tunnel password 7 XXXXXXXXXXXXXXX

vpdn-group 2
  description Inbound Tunnels from Telco Loopback B
  accept-dialin
   protocol l2tp
   virtual-template 2
   source-ip <IP Of int Loopback2>
   terminate-from <telco specific>
   local name whatever
   lcp renegotiation always
   l2tp tunnel password 7 XXXXXXXXXXXXXXX


Dave.


Paul Stewart wrote:
> I'm hoping someone can help me here..;)  We have a Cisco 7206VXR that we
> use for DSL termination from a telco via l2tp tunnels.  Below is some
> snippets of the config.  Today, everything works fine but our goal is to
> split up three domains coming in **without** using proxy-radius and/or
> changing radius at all (don't go there). ;)
> 
> Our telco provider who is sending us the l2tp tunnels runs Juniper and
> can route each domain to a separate loopback on our side.  This all made
> sense until I started looking at vpdn-group configuration etc...
> 
> If they terminate each domain onto a separate loopback interface, how
> can I bind that to a separate virtual-template where I can also define
> separate radius servers and Ip pools for each domain?  Is there a way to
> do this?  I had this figured out I thought until I found the
> "virtual-template 1" statement on the vpdn-group.. Is there a way to
> remove this and do it from the loopback instead?
> 
> Config:
> 
> aaa group server radius ABC
>  server-private xxx.xxx.xxx.28 auth-port 1812 acct-port 1813 key 7
> XXXXXXXXXXXXX
>  server-private xxx.xxx.xxx.13 auth-port 1645 acct-port 0 key 7
> XXXXXXXXXXXXXXX
>  ip radius source-interface Loopback0
> !
> aaa group server radius XYZ
>  server-private xxx.xxx.xxx.28 auth-port 1812 acct-port 1813 key 7
> XXXXXXXXXXXXXX
>  server-private xxx.xxx.xxx.13 auth-port 1645 acct-port 0 key 7
> XXXXXXXXXXXXXX
>  ip radius source-interface Loopback0
> 
> aaa authentication ppp ABC group ABC
> aaa authentication ppp XYZ group XYZ
> aaa authorization network ABC group ABC
> aaa authorization network XYZ group XYZ
> aaa accounting delay-start
> aaa accounting network ABC start-stop group ABC
> aaa accounting network XYZ start-stop group XYZ
> 
> virtual-profile if-needed
> vpdn enable
> vpdn multihop
> vpdn authen-before-forward
> vpdn authorize directed-request
> 
> vpdn-group TSW1-KITCHENER06
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  terminate-from hostname nexxia1013
>  local name whatever
>  lcp renegotiation always
>  l2tp tunnel password 7 XXXXXXXXXXXXXXX
> 
> bba-group pppoe global
>  virtual-template 1
> 
> interface Loopback1
>  description ABC
>  ip address XXX.XXX.XXX.178 255.255.255.255
> !
> interface Loopback2
>  description XYZ
>  ip address XXX.XXX.XXX.179 255.255.255.255
> 
> interface ATM1/0.13 point-to-point
>  description TSW1-KITCHENER06/nexxia1013
>  ip address 10.70.82.50 255.255.255.252
>  no snmp trap link-status
>  atm route-bridged ip
>  pvc 1/46
> 
> interface Virtual-Template1
>  description ABC
>  ip unnumbered Loopback1
>  ip mtu 1492
>  ip mroute-cache
>  no logging event link-status
>  no snmp trap link-status
>  peer default ip address pool ABC
>  ppp authentication pap ABC
>  ppp authorization ABC
>  ppp accounting ABC
>  no clns route-cache
> 
> interface Virtual-Template2
>  description XYZ
>  ip unnumbered Loopback2
>  ip mtu 1492
>  ip mroute-cache
>  no logging event link-status
>  no snmp trap link-status
>  peer default ip address pool XYZ
>  ppp authentication pap XYZ
>  ppp authorization XYZ
>  ppp accounting XYZ
>  no clns route-cache
> 
> ip local pool ABC XXX.XXX.XXX.1 XXX.XXX.XXX.254
> ip local pool XYZ YYY.YYY.YYY.1 YYY.YYY.YYY.254
> 
> radius-server attribute 44 include-in-access-req
> radius-server attribute 32 include-in-access-req
> radius-server attribute 32 include-in-accounting-req
> radius-server attribute 55 include-in-acct-req
> radius-server attribute nas-port format d
> radius-server directed-request
> radius-server domain-stripping
> radius-server vsa send accounting
> radius-server vsa send authentication
> 
> Paul Stewart
> Network Administrator
> Nexicom Inc.
> http://www.nexicom.net/ 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list