[c-nsp] Can Cisco be used for LAC features?

Steve Glendinning steve at netthatworks.com
Thu Dec 11 02:39:37 EST 2014


>
> I think the LAC will always send those two requests and will take what it
> likes better; in this case, a good old non-L2TP PPPoE.
>
> Don't use the same radius server for LAC and LNS, or at least, make sure
> testuser at example.net authenticates only when the NAS is the LNS, but not
> when the LAC is querying.
>

Also worth knowing that "vpdn authen-before-forward" changes this
behaviour, so it never sends the first "example.com" query (just skips
straight to the full user at example.com one).  In this case you have to
arrange for your RADIUS server to respond to ANYTHING at example.com with the
L2TP forwarding details (when queried by the LAC).

I've had to use this setting in some vpdn multihop scenarios, where we did
want to terminate some users in a realm locally and forward the rest on to
somewhere else.


More information about the cisco-nsp mailing list