[c-nsp] BRAS PPPOE vpn
Anthony McGarry
anthony.mcgarry at plannet21.ie
Tue May 10 07:35:09 EDT 2011
Hey,
No you can reuse your virtual templates for all customers, vrf or internet. See below config for BRAS and av-pairs required on AAA server.
You might not want to use DHCP for IP assignment and just use AAA as it will be cleaner.
I also found that you will have more flexibility using aaa instead of defining local ISG policies on the router.
ip dhcp pool DHCP_VRF_TEST
vrf xxxxxxxx
relay source xxx.xxx.2.161 255.255.255.224
class DHCP_VRF_TEST
relay target xxx.xxx.xxx.xxx (DHCP Server)
ip dhcp class DHCP_VRF_TEST
bba-group pppoe GROUP_1102
virtual-template 2
interface Loopback301
description xxxxx
ip vrf forwarding xxxxx
ip address xxx.xxx.2.161 255.255.255.255
interface GigabitEthernet0/0.1102
encapsulation dot1Q 1102 second-dot1q 10-500
pppoe enable group GROUP_1102
no cdp enable
ip subscriber l2-connected
initiator radius-proxy
!
interface Virtual-Template2
description xxxxxx
mtu 1472
ip unnumbered Loopback0
no ip redirects
no ip proxy-arp
ip flow ingress
ip tcp adjust-mss 1452
no logging event link-status
load-interval 30
peer default ip address dhcp
no snmp trap link-status
ppp lcp delay 3
ppp authentication pap chap
ppp direction callin
router bgp xxxx
address-family ipv4 vrf xxxxx
no synchronization
bgp router-id xxx.xxx.2.161
redistribute connected
exit-address-family
may need a route back for dhcp response
ip route xxx.xxx.2.161 255.255.255.255 Loopback301
MySQL config for freeradius
insert into radgroupreply values ('325', 'test-qos-7mb', 'Cisco-AVPair', '+=', 'ip:sub-qos-policy-in=qos-dsl-7mb-in-parent');
insert into radgroupreply values ('326', 'test-qos-7mb', 'Cisco-AVPair', '+=', 'ip:sub-qos-policy-out=qos-dsl-7mb-out-parent');
insert into radgroupreply values ('300', 'VRF-TEST-A', 'Service-Type', '=', 'Framed-User');
insert into radgroupreply values ('301', 'VRF-TEST-A', 'Framed-Protocol', '=', 'ppp');
insert into radgroupreply values ('302', 'VRF-TEST-A', 'Framed-Routing', '=', 'Broadcast-Listen');
insert into radgroupreply values ('303', 'VRF-TEST-A', 'Framed-MTU', '=', '1500');
insert into radgroupreply values ('304', 'VRF-TEST-A', 'Framed-Compression', '=', 'Van-Jacobson-TCP-IP');
insert into radgroupreply values ('305', 'VRF-TEST-A', 'Cisco-AVPair', '=', 'subscriber:classname=DHCP-VRF-TEST');
insert into radgroupreply values ('306', 'VRF-TEST-A', 'Cisco-AVPair', '+=', 'subscriber:accounting-list=FLOWACCT');
insert into radgroupreply values ('307', 'VRF-TEST-A', 'Cisco-AVPair', '+=', 'ip:vrf-id=XXXXX');
insert into radgroupreply values ('308', 'VRF-TEST-A', 'Cisco-AVPair', '+=', '"ip:ip-unnumbered=loopback 301"');
insert into radgroupreply values ('310', 'VRF-TEST-A', 'Cisco-AVPair', '+=', 'subscriber:sg-service-type=primary');
insert into radgroupreply values ('311', 'VRF-TEST-A', 'Cisco-AVPair', '+=', 'subscriber:sg-service-group=TEST');
insert into usergroup values ('testuser, 'VRF-TEST-A', '1');
Anthony
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of zaidoon h
Sent: 10 May 2011 10:38
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] BRAS PPPOE vpn
Hi
I have BRAS 7201 and AAA server , I want to configure vpn for ADSL subscribers through our core , how can implement this service and can pppoe session terminated into vrf ? do i need to configure a new template interface for every customer ?
anyone can help me in this issue
Regards
Zaid
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list