[c-nsp] LNS av-pair vrf
Matthew Melbourne
matt at melbourne.org.uk
Fri Nov 11 10:36:47 EST 2011
On 11 November 2011 14:41, <cisco-nsp-request at puck.nether.net> wrote:
>
> Message: 2
> Date: Fri, 11 Nov 2011 09:58:33 +0100
> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> To: "Ghassan.khalil" <ghassan.khalil at gmail.com>,
> <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] LNS av-pair vrf
> Message-ID:
> <6E4D2678AC543844917CA081C9D6B33F05D2E547 at XMB-AMS-103.cisco.com>
> Content-Type: text/plain; charset="us-ascii"
>
>>
> the VRF itself as well as an "interface Loopback <n>" belonging to this
> VRF need to be defined on the ASR, and you need to nable Radius
> authorization (i.e. "aaa authorization network default group radius" or
> something like this). You need to define a virtual-template (I guess you
> already have one for your other users).
> Then you can include the below attributes to assign the user(s) to the
> VRF:
>
> Cisco-Avpair = "ip:vrf-id=<vrf-name>",
> Cisco-Avpair = "ip:ip-unnumbered=Loopback<n>",
>
> There is also the Cisco-Avpair="lcp:interface-config=ip vrf forwarding
> ...\nip unnumbered ..." way of assigning vrf membership, but the former
> is more effecient...
Is there a preference these days to run with the virtual-access
sub-interface capable av-pairs:
Cisco-Avpair = "ip:vrf-id=<vrf-name>",
Cisco-Avpair = "ip:ip-unnumbered=Loopback<n>",
over the classical ones using "lcp:interface-config"?
What additional attributes are required for forward the session from
one non-PE LNS to another PE-capable LNS for certain customers?
Presumably it's a matter of sending back more av-pairs with additional
tunnel forwarding information?
Cheers,
Matt
--
Matthew Melbourne
More information about the cisco-nsp
mailing list