[c-nsp] How to show ADSL customers two different GW!

Heath Jones hj1980 at gmail.com
Thu Sep 16 05:51:09 EDT 2010 

Yes, you need to assign from radius, but have the vrf's existing on the
cisco (it must know to map vrf 10 to vlan 10 on the interface to the core
router).

The cisco documentation is here, there are some examples down the bottom.
http://www.ciscosystems.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftvrfaaa.html
It's been a long time since I have done any of this, otherwise I would give
you a snippet of a working config.. Hope this helps though!


On 16 September 2010 10:10, Sheremet Roman <romka at kharkov.org.ua> wrote:

> Hi Jon,
>
> Few question:
>
> 1. Did i understand right?  I will set VRF to customer via Radius attribute
> but not via Cisco. I just need create this VRF's on Cisco?
> 2. Can you please show me few examples for VRF ?
> 3. Which attribute i should set ? give me link please where i can read more
> about this.
>
> Yes, i understand about routing on the core side, I always use one subnet
> for this, now need this "two groups", and i just add one more to same
> interface, sure i will route from core needed ips to another VLAN / 7204 IP.
>
> Thanks for your time.
>
>
>
> Hi
> Just quickly looking at it, you want to also show a different ip on the
> next hop router (#2):
> 1. x.x.x.2 < - 7204
> 2. x.x.x.1 < - core router
> 3. n.n.n.n < - my upstream
>
> In order to do that, you will probably have to:
> - set link 7204 <-> core to be trunk, with 2 different vlans (1 for group1,
> 2 for group2)
> - set 2 VRFs that match the 2 vlans.
> - set radius attribute to drop the customers into each vrf.
>
> Don't forget to change your routing on the core side - the x's and the y's
> will be routed differently now..
>
>
> Hope this helps
>
>
>
> On 16 September 2010 07:28, Sheremet Roman <romka at kharkov.org.ua> wrote:
> Hello,
>
> (From start.... Sorry for my english guys....)
>
> I have cisco 7204, l2tp customers, which auth via radius server.
>
> So i have Uplink to my CORE router from 7204 with next subnets:
> x.x.x.0/30
> y.y.y.0/30
>
> So, in one physical interface i have two subnets /30 for link (core -
> x.x.x.1, 7204 - x.x.x.2 ; same with y.y.y.0/30 subnets)
>
> When my DSL customers do traceroute <anyhost> they get next route:
>
> 1. x.x.x.2 < - 7204
> 2. x.x.x.1 < - core router
> 3. n.n.n.n < - my upstream
>
> I  want  next,  i  want devide my customers to two groups depend on IP
> ranges,  Group1 & Group2 (for example) then i want show to Group1 only
> x.x.x.0/30 route and y.y.y.0/30 route for Group2.
>
> So  ,  when  customer  from  group2  do  trace  they  should  see only
> y.y.y.0/30 hops....
>
>
> So my guys tell me use VRF for this, i have this option in my 7204 but
> i  not  sure  if  i  can  use  VRF  if  i have only one in and one out
> interface  in  my  7204.  I  want  show two different gateways via one
> physical  link  and  one  physical  router....  But its should be hard
> separate... customers from Group1 never will see Group2 hops...
>
>
> When   my   customers  connect  they  get  IP  (/32)  from  pool (from
> radius). Clients on DSL have next settings:
> ip: g.g.g.g/32
> gw: g.g.g.g <- Same AS IP!
> mask: 255.255.255.255
>
>
>
> Interface going to my Core router from 7204:
>
> interface GigabitEthernet0/1
> description "DSL UPLINK"
> ip address y.y.y.2 255.255.255.252 secondary
> ip address x.x.x.2 255.255.255.252
> load-interval 60
> duplex full
> speed 1000
> media-type rj45
> no negotiation auto
>
> Interface where i get clients from DSL peer:
>
> interface GigabitEthernet0/2
> description "DSL PEER"
> no ip address
> load-interval 60
> duplex full
> speed 1000
> media-type rj45
> no negotiation auto
>
> interface GigabitEthernet0/2.1017
> encapsulation dot1Q 1017
> ip address v.v.v.v 255.255.255.248
> no snmp trap link-status
>
>
> And my VPDN settings:
>
> vpdn-template xxxxx.com
> description "xxxxx.com Cuscometrs"
> local name xxxxx.com
> l2tp tunnel password x xxxxxxxxxxxxxxxxx
> !
>
> vpdn-group l2tp-1017
> ! Default L2TP VPDN group
> accept-dialin
>  protocol l2tp
>  virtual-template 1
> lcp renegotiation always
> source vpdn-template xxxxx.com
> !
>
> interface Virtual-Template1
> ip unnumbered GigabitEthernet0/1
> ip mtu 1460
> ip tcp header-compression
> ip tcp adjust-mss 1420
> load-interval 60
> no peer default ip address
> keepalive 30
> ppp mru match
> ppp authentication pap chap xxxxx.com
> ppp authorization xxxxx.com
> ppp accounting xxxxx.com
> ppp multilink
> ppp multilink links maximum 4
> ppp multilink links minimum 2
> ppp multilink interleave
>
>
> So,  if  anyone  know  how to use VRF in my situation its will be very
> helpful for me.
>
> ----------------
> >sh ip route g.g.g.g < Customer IP
> Routing entry for g.g.g.g/32
>  Known via "connected", distance 0, metric 0 (connected, via interface)
>  Routing Descriptor Blocks:
>  * directly connected, via Virtual-Access50
>    Route metric is 0, traffic share count is 1
>
> >sh int vi50
> Virtual-Access50 is up, line protocol is up
>  Hardware is Virtual Access interface
>  Interface   is   unnumbered.  Using  address  of  GigabitEthernet0/1
>  (x.x.x.2)
>  MTU 1500 bytes, BW 1000000 Kbit, DLY 100000 usec,
>     reliability 255/255, txload 1/255, rxload 1/255
>  Encapsulation PPP, LCP Open, multilink Closed
>  Open: IPCP
>  PPPoVPDN vaccess, cloned from AAA, Virtual-Template1
>  Vaccess status 0x44
>  Protocol l2tp, tunnel id 46297, session id 25230, loopback not set
>  Keepalive set (30 sec)
>  DTR is pulsed for 5 seconds on reset
>  Last input 00:00:10, output never, output hang never
>  Last clearing of "show interface" counters 22:49:15
>  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>  Queueing strategy: fifo
>  Output queue: 0/40 (size/max)
>  1 minute input rate 0 bits/sec, 0 packets/sec
>  1 minute output rate 0 bits/sec, 0 packets/sec
>     17199 packets input, 1144344 bytes, 0 no buffer
>     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>     13192 packets output, 1366607 bytes, 0 underruns
>     0 output errors, 0 collisions, 0 interface resets
>     0 output buffer failures, 0 output buffers swapped out
>     0 carrier transitions
> ----------------
>
>
> If need more info from me i can take all ;)
>
> With Best Regards,
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> *--
> С уважением,
>  Sheremet                          mailto:romka at kharkov.org.ua<romka at kharkov.org.ua>
> *
>

More information about the cisco-nsp mailing list