[c-nsp] "Forward" vpdn sessions based on realm?

CiscoNSP_list CiscoNSP_list cisconsp_list at hotmail.com
Thu Nov 15 04:08:33 EST 2012



Legend!  Thanks Mat.


> From: matw at iseek.com.au
> To: cisconsp_list at hotmail.com; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] "Forward" vpdn sessions based on realm?
> Date: Thu, 15 Nov 2012 08:50:46 +0000
> 
> This is definitely possible, and we do this on a large number of platforms.
> 
> An example config would be;
> 
> vpdn enable
> vpdn multihop
> vpdn logging
> vpdn logging local
> vpdn logging user
> vpdn logging tunnel-drop
> no vpdn history failure cause normal
> vpdn history failure table-size 50
> vpdn search-order domain
> 
> vpdn-group TESTGROUP
>  description Test Group for VPDN Multihop
>  request-dialin
>   protocol l2tp
>   domain xyz.com
>  initiate-to ip x.x.x.x
>  source-ip y.y.y.y
>  local name 7206L2TP
>  l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxx
>  l2tp tunnel timeout no-session never
> 
> 
> This setup uses static configuration, however you can do the same thing via radius, and allows you to scale to many termination points and dynamically change the destinations. We use both, let me know if you want a sample radius setup. 
> 
> We have dial platforms that use "vpdn search-order dnis", but in this setup, the router checks the @domain of the username and then creates an L2TP tunnel to the "initiate-to" IP. 
> 
> It is possible to terminate PPP sessions and forward them on via L2TP on the same chassis. 
> 
> 
> Mat
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of CiscoNSP_list CiscoNSP_list
> Sent: Thursday, 15 November 2012 8:34 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] "Forward" vpdn sessions based on realm?
> 
> 
> 
> Hi Guys,
> 
> We currently run 7200's as LNS for DSL services (Carrier has multiple LACs and sends session requests for various realms to our LNS's, which we then auth via radius).
> 
> Is it possible for one of our 7200's to receive vpdn sessions for a given realm, but then establish an L2TP tunnel to one of our other LNS's and have the session terminate there? (So L2TP tunnel from LAC(Carrier)->LNS(7200), then based on realm, the 7200 creates another L2TP tunnel to one of our other 7200's where the session will be auth'd/terminated) 
> 
> Thanks in advance. 		 	   		  
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
 		 	   		  


More information about the cisco-nsp mailing list