[c-nsp] Where to apply Policy-Based Routing?

[Euan Galloway]

> We were hoping to achieve this via Policy-Based Routing and RADIUS
> attributes.

Do you mean have radius hand back a cisco av pair of 
"lcp:interface-config=ip policy route-map <locally configured route-map>" ?

Which will attach the route-map to the Virtual Access interface / sub interface.

Then just configure "locally configured route-map" on each box, and only
users that you identify with an appropriate radius response will be 
subject to the PBR?

e.g.
route-map PBR-OLD-USERS permit 10
 set ip next-hop <special next hop>

route-map PBR-OLD-USERS permit 20

Or you could do something harder by handing back special IPs to users you wanted 
to PBR, just configured the route-map on the virtual-template, and have an 
access list in the route-map (match ip address NAME) control whether or not 
to manipulate the next hop?
(but why have the overhead of the PBR for the stuff you'll never match?).

Or did you mean something else and I misunderstood?

-- 
Euan