[c-nsp] How to show ADSL customers two different GW!

David Freedman david.freedman at uk.clara.net
Fri Sep 17 03:12:46 EDT 2010 



On 17/09/2010 06:36, "Sheremet Roman" <romka at kharkov.org.ua> wrote:

> Hi David,
> 
> I  think your config will be very helpful for me, big thanks for this,
> but i look your config and seems i see one more problem in my case..
> 
> Look, i have no VRF setuped now... just thinking, i have no problem to
> send  attribute  to  static  customers,  i just add to rad_reply table
> needed  attribute and then add VRF on the cisco... But how i should do
> same with DYNAMIC ip pool? I don't know which IP gustomer get in next
> connect, so i don't know which VRF should be used for this customer.
> 
You use a dynamic ip pool, you can even re-use the same pool amongst
multiple vrfs , see
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/se
c_per_vrf_aaa.html


> 
> Also,  you show me VRF which export/import from BGP AS as i see, how i
> can  set ips for VRF which should be matched i dont want export/import
> from BGP... I have no neighbors for this.

Ok, there is no need to have the bgp portion of this configuration in such
case

Dave.


> 
> Regards,
> 
>> Heath Jones wrote:
>>> Yes, you need to assign from radius, but have the vrf's existing on the
>>> cisco (it must know to map vrf 10 to vlan 10 on the interface to the core
>>> router).
>>> 
>>> The cisco documentation is here, there are some examples down the bottom.
>>> http://www.ciscosystems.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftvrf
>>> aaa.html
>>> It's been a long time since I have done any of this, otherwise I would give
>>> you a snippet of a working config.. Hope this helps though!
>>> 
> 
>> foo at realm1        Auth-Type:= Local, User-Password == "bar"
>>         Service-Type = Framed-User,
>>         Framed-IP-Address = 192.168.243.2,
>>         Framed-Netmask = 255.255.255.255,
>>         Framed-Protocol = PPP,
>> Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPNA\nip
>> unnumbered loop0",
> 
>> foo at realm2        Auth-Type:= Local, User-Password == "bar"
>>         Service-Type = Framed-User,
>>         Framed-IP-Address = 192.168.244.2,
>>         Framed-Netmask = 255.255.255.255,
>>         Framed-Protocol = PPP,
>> Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPNB\nip
>> unnumbered loop0",
> 
> 
>> ip vrf VPNA
>>  description VPNA
>>  rd 1:1
>>  vpn id 1:1
>>  route-target both 1:1
>> !
>> ip vrf VPNB
>>  description VPNB
>>  rd 1:2
>>  vpn id 1:2
>>  route-target both 1:2
>>  !
>>  router bgp 1
>>  !
>>   address-family ipv4 vrf VPNA
>>   redistribute connected
>>   redistribute static
>>   no auto-summary
>>   no synchronization
>>   exit-address-family
>> !
>>   address-family ipv4 vrf VPNB
>>   redistribute connected
>>   redistribute static
>>   no auto-summary
>>   no synchronization
>>   exit-address-family
>>   end
>> !
> 
>> interface GigabitEthernet1/0.100
>>  desc VPNA uplink
>>  encapsulation dot1q 100
>>  ip address 10.0.0.1 255.255.255.252
>> !
>> interface GigabitEthernet1/0.200
>>  desc VPNB uplink
>>  encapsulation dot1q 200
>>  ip address 172.16.10.1 255.255.255.252
>> !
> 
>> ip route VPNA 0.0.0.0 0.0.0.0 10.0.0.2
>> ip route VPNB 0.0.0.0 0.0.0.0 172.16.10.2
> 
> 
> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 

-- 

David Freedman
Claranet 
http://www.clara.net

More information about the cisco-nsp mailing list