[c-nsp] PPPoE and HTTP Redirect

Brian Turnbow b.turnbow at twt.it
Mon Oct 5 03:37:58 EDT 2020


> Hello all, I’m looking for some recommendations.  I have a customer, an ISP,
> who is doing PPPoE for residential and “some” smaller business accounts.
> PPPoE terminated on an ASR9010, DaloRadius for authentication and IP
> assignments.  DaloRadius is configured for static IP per customer.
> All that is working fine.  Recently, we enabled HTTP redirect on the 9010
> because the customer wanted to try out a walled garden for past due accounts.
> So, past due accounts are handed a static 10.x.x.x IP, and password changed.
> Next time customer re-auth’s, they get the 10.x IP because of the bad pass, and
> put into the HTTP redirect jail, and are supposed to be redirected to a http site.
> “Sometimes” http redirect works, sometimes it doesn’t.  It seems as though it
> depends on the destination address the end user is trying to go to.
> At any rate, the ISP is wanting to investigate something else for PPPoE and
> their walled garden.  Has anyone used anything else successfully for PPPoE
> auth, and walled garden jail?  Something that is a bit more seamless?  

We throw them into a vrf  via radius and use a firewall for redirection to walled garden site.
Then remove the vrf and reset the session to bring them back online when all is ok.
We found it more reliable than pure redirection from the BNG.


More information about the cisco-nsp mailing list