[c-nsp] vrf-lite and pppoA interfaces

Brian Turnbow b.turnbow at twt.it
Fri Nov 7 03:48:35 EST 2008 

Hi Wayne,

Take a look into assigning via radius the vrf for the ppoa sessions.
If you google on the list you will find several discussions on the issue.

You can then use vrf aware firewall features (like vrf aware nat ecc) for internet access.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_vrfaw.html
Other options are listed here 
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_paper09186a00801281f1.shtml



Regards
Brian


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Wayne Lee
Sent: giovedì 6 novembre 2008 18.51
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] vrf-lite and pppoA interfaces

Hello List

I have a dedicated LNS for what we call our pwan customers, all
connections are ADSL PPPoA and they all use private IP ranges as there
is currently no internet access. We have about 150 connections spread
over 8 customers, these are currently grouped by customer and then
separated from other pwans using access-lists which are applied via
radius. We want to allow internet access to these pwans and move them
into a vrf-lite setup with one vrf per pwan so this also gives us the
abillty to allow over-lapping IP space. My vrf knowledge is (very)
limited and I'm struggling to understand the best way to make this
work. I have tested a basic vrf setup (with success) in the lab but
this was with 3 routers and no PPPoA/virtual-access interfaces.

My confusion is about the ip vrf forwarding, in the lab I put this on
each ethernet on the main router but in the PPPoA setup there will not
be a dedicated ethernet per vrf, also I'll not need traffic between
vrf's so do I just need to export the routes to the rib so the
customers can get internet traffic?

Help, clue sticks and any advice will be very welcome.


Thanks

Wayne
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list