[c-nsp] LNS PPPoE session into VRF via Radius

Tihomir Dragas tiho.dragas at telekomcg.com
Fri Sep 15 02:15:57 EDT 2006 

Joe,

Below is config which I use for my dial to VPN customers.

lcp:interface-config#2=ip unnumbered loopback10
-lcp:interface-config#1=ip vrf forwarding test-1
-ip:addr-pool=vrf-test-1-ra

Similar case is with PPPoE to VPN customers.

Regards,
Tiho

----- Original Message ----- 
From: "Joe Freeman" <joe at netbyjoe.com>
To: <cisco-nsp at puck.nether.net>
Sent: Friday, September 15, 2006 6:26 AM
Subject: [c-nsp] LNS PPPoE session into VRF via Radius


> Greetings-
>
> I've spent awhile pouring over the archives. I've seen discussions related
> to portions of what I need, but nothing on it directly.
>
> I am terminating via L2TP wholesale LEC DSL PPPoE sessions on a
> 7206vxr/npe-g1 running c7200-is-mz.122-16.B.
>
> I have this working for existing customers. However, I have customers that
> are currently on a PVC based product wherein they are passed to me on
> discreete PVC's. I'm switching these PVC's in my ATM switch into an ATM 
> DS3
> that feeds a customer's router. This was done as a DSL Access network. I 
> now
> need to move these connections to the session based product.
>
> I'm planning on terminating these sessions into a VRF dedicated for this
> customer, connected to a specific vlan/VPLS instance and transporting the
> traffic to them via ethernet. I've got the VRF and ethernet portions
> working, but I can't get the sessions to be inserted into the VRF
> correctly.I'm passing cisco-avpair="ip:vrf-id=TestVRF" and
> cisco-avpair="ip:ip-unnumbered=loopback10" where loopback10 is in the
> TestVRF. Int G0/2.95 (dot1q vlan 95) is also in TestVRF. I can ping from 
> the
> customer's edge to the loopback10 interface.
>
> I see the attributes being passed in a debug radius authentication output.
> The 7206 isn't marking those attributes IGNORED (it was at first, till I
> realized the radius guy had entered them in all caps). When I do a show ip
> route TestVRF, the route to the session isn't in the table, and when I do 
> a
> show ip vrf TestVRF, only the loopback10 and g0/2.95 interfaces are in the
> VRF. The VAccess interface isn't there.
>
> Anyone have any thoughts, suggestions, or (even better) sample configs?
>
> Thanks-
> Joe
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list