[c-nsp] Terminating L2TP sessions into a VRF
Bryan King
bking at inline.com
Thu Mar 22 15:55:44 EST 2007
If you are establishing the vpdn tunnel from the LAC within the vrf
LAB_LNS then everything is correct. As Oliver points out you will need
to have "ip unnumbered Loopback1" in your virtual template. Otherwise,
you can assign it from RADIUS using AVP's. Using AVP's will override any
settings you are assigning in the Virtual-Template. Hopefully you are
not using an NSE-1, but if you are and routing doesn't seem to be
working, turn off PXF (using "no ip pxf") and see if everything starts
working (credit to Rodney Dunn). You may also run into MTU issues. You
can specify your MTU either in the vpdn-group configuration or the
Virtual-Template configuration.
b r y a n king | Network Engineer
InLine> Solutions Through Technology
600 Lakeshore Pkwy
Birmingham AL, 35209
205-278-8139 [p]
205-941-1934[f]
bking at inline.com
www.InLine.com
--------------------------------------------------------
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Everton da Silva
Marques
Sent: Wednesday, March 21, 2007 4:04 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Terminating L2TP sessions into a VRF
The intent is to run a Cisco 7206 router
as LNS server at address 1.1.1.1, which is
assigned to Loopback1 (bound to vrf LAB_LNS).
The PPP sessions over the L2TP tunnel
must terminate at that VRF.
Assuming L2TP packets from LAC can reach
this LNS at 1.1.1.1 (thru a MPLS VPN), does
the following sample config make sense?
That is, are those VRF references a valid
way to deliver PPP sessions (over L2TP)
into the vrf named LAB_LNS?
vpdn-group LAB
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
vpn vrf LAB_LNS ! <-- VRF pointer here
source-ip 1.1.1.1
local name LNS
!
interface Loopback1
ip vrf forwarding LAB_LNS ! <-- VRF pointer here
ip address 1.1.1.1 255.255.255.255
!
interface Virtual-Template1
ip vrf forwarding LAB_LNS ! <-- VRF pointer here
Please advise.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--------------------------------------------------------
All Quotes from InLine are only valid for 30 days. This message and any attached files may contain confidential information and are intended solely for the message recipient. If you are not the message recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
More information about the cisco-nsp
mailing list