[c-nsp] Can Cisco be used for LAC features?

Lukas Tribus luky-37 at hotmail.com
Wed Dec 10 14:15:24 EST 2014


Hi James,


> What happens is a PPPoE request comes in to the LAC from the CPE with
> CHAP authentication containing hostname "testuser at example.net". The
> LAC sends an access-request to the lab RADIUS server just for
> "example.net", RADIUS responds with access-accept and the details to
> initiate the L2TP tunnel to the LNS. Next the LAC sends in another
> access-request for the full username "testuser at example.net" and the
> RADIUS responds with the access-request and the user proile. The LAC
> terminates the connection locally and it never gets forwarded on to
> the LNS.

I think the LAC will always send those two requests and will take what it
likes better; in this case, a good old non-L2TP PPPoE.

Don't use the same radius server for LAC and LNS, or at least, make sure
testuser at example.net authenticates only when the NAS is the LNS, but not
when the LAC is querying.



Lukas

 		 	   		  


More information about the cisco-nsp mailing list