[c-nsp] L2TP arriving inside a VRF?

[Nathan]

Hi,

I have PPP over L2TP arriving on a router on a dedicated interface,
and radius tells the router in which VRF to place the PPP connection;
so far so good.

I would like to have the network on which the L2TP connections arrive
placed into a VRF. The IP address that the L2TP sessions are
established with would be in a VRF. Of course the PPP connections must
still arrive in the same VRF as before. Radius requests could be made
using the global table or in the L2TP vrf, it doesn't matter to me.

The reason for this is that the L2TP tunnels are coming from a network
that should not be accessed by my clients, and by very few of my
routers, I'd prefer to keep it apart.

On a hunch I tried setting a "vpn vrf XXXX" in the vpdn group, but it
doesn't seem to be that simple.

Is this easily done / well tested / well supported enough to be used
in production?

Thanks,
-- 
Nathan