[c-nsp] VPDN multihop/forwarding not working

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Jan 31 13:25:48 EST 2013


>
>
>Hi Guys,  Have a 7200 (LNS) that terminates DSL tails from multiple
>carriers (Using our radius for auth) - Attempting to forward connection
>requests for a specific realm to an alternate LNS (So create an L2TP
>tunnel)  Have the following vpdn setup, but the tunnel is not getting
>created to the "initiate-to" IP....and if the new realm DSL accounts are
>created on our radius server, they auth?

when you configure "vpdn multihop", the LNS will try to authorize the
domain part of the user (with password "cisco") against the configured
network authorization method on the vtemplate to retrieve the tunnel
forwarding information. IN your scenario this is radius, and the locally
configured information is ignored. so either you create a Radius profile
like

testrealm.com.au	Password = "cisco"

	Service-Type = Outbound,
	Cisco-avpair = "vpdn:tunnel-type=l2tp",
	Cisco-avpair = "vpdn:tunnel-id=TEST7200",
	Cisco-avpair = "vpdn:ip-addresses=x.x.x.x",
	Cisco-avpair = "vpdn:source-ip=y.y.y.y",

	Cisco-avpair = "vpdn:l2tp-tunnel-password=xxx"

or you do something like

aaa authorization network LOCAL_AUTH local
!
interface virtual-template <number>
 vpdn authorization LOCAL_AUTH

to use the locally configured tunnel information.

my vpdn knowledge is a bit rusty, so not 100% sure if this is still how
it's supposed to work ;-)

	oli




More information about the cisco-nsp mailing list