[c-nsp] Vpdn config ?

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Mar 20 03:01:24 EDT 2015


You might need

vpdn multihop 
vpdn authen-before-forward

the first cmd will enable forwarding of sessions to another LNS, and the
2nd will allow this forwarding to be done on a per-user (as opposed to
per-domain/realm) basis

	oli


-----Original Message-----
From: Olivier CALVANO <o.calvano at gmail.com>
Date: Friday, 20 March 2015 06:39
To: CiscoNSP List <cisconsp_list at hotmail.com>
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Vpdn config ?

>Yes based on realm but based on radius attributs ,  not a physical config
>on the router.
>
>The tunnel destination is sent by the radius of my customer
>
>
>
>Le vendredi 20 mars 2015, CiscoNSP List <cisconsp_list at hotmail.com> a
>écrit :
>
>>
>> You want to do VPDN Multihop based on a specific domain? (i.e. forward
>> connection requests for a specific realm to an alternate LNS (So create
>>an
>> L2TP tunnel))
>>
>>
>> If so, I set one of these up a couple of years ago....ill dig up the
>> working conf if that's what you are trying to do.
>>
>>
>>
>>
>>
>> > Date: Fri, 20 Mar 2015 04:29:43 +0100
>> > From: o.calvano at gmail.com
>> <javascript:_e(%7B%7D,'cvml','o.calvano at gmail.com');>
>> > To: cisco-nsp at puck.nether.net
>> <javascript:_e(%7B%7D,'cvml','cisco-nsp at puck.nether.net');>
>> > Subject: Re: [c-nsp] Vpdn config ?
>> >
>> > i have one vpdn-group only:
>> >
>> >
>> > vpdn-group UserLNS
>> > accept-dialin
>> > protocol l2tp
>> > virtual-template 1
>> > terminate-from hostname LAC-172-20-1-1
>> > local name LNS-172-20-1-1
>> > lcp renegotiation always
>> > no l2tp tunnel authentication
>> > l2tp tunnel receive-window 500
>> > l2tp tunnel retransmit retries 7
>> > l2tp tunnel retransmit timeout min 2
>> > l2tp tunnel retransmit timeout max 7
>> >
>> >
>> > interface Virtual-Template1
>> > description DSL User
>> > mtu 1460
>> > ip unnumbered Loopback100
>> > ip tcp adjust-mss 1420
>> > no logging event link-status
>> > no peer default ip address
>> > keepalive 20
>> > ppp mtu adaptive
>> > ppp authentication chap ppp-radius
>> > ppp multilink
>> >
>> >
>> > It's linked with the loopback100 but i put:
>> > Tunnel-Client-Endpoint:0 = "172.20.1.1"
>> >
>> > "172.20.1.1" is not the IP of Loopback100, it's a problems ?
>> >
>> >
>> >
>> > because the first tunnel (my supplier to my router) work, this
>> > vpdn/virtual-template
>> > is good i think's
>> >
>> > but for the second tunnel, my router to my customer, it should not be
>>a
>> > second
>> > vpdn/virtual-template in "out" ?
>> >
>> >
>> > thanks for your help
>> >
>> >
>> >
>> >
>> >
>> > 2015-03-19 10:37 GMT+01:00 Olivier CALVANO <o.calvano at gmail.com
>> <javascript:_e(%7B%7D,'cvml','o.calvano at gmail.com');>>:
>> >
>> > > Hi
>> > >
>> > > i am search a vpdn config sample for my cisco 7301. I want forward a
>> ppp
>> > > connexion
>> > > to another router.
>> > >
>> > > My radius sent to my router a Tunnel-End-Point but he don't forward
>>(i
>> see
>> > > the connection
>> > > in sh users)
>> > >
>> > > thanks for your help
>> > > olivier
>> > >
>> > _______________________________________________
>> > cisco-nsp mailing list cisco-nsp at puck.nether.net
>> <javascript:_e(%7B%7D,'cvml','cisco-nsp at puck.nether.net');>
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list