[j-nsp] Placing a subscriber in a VRF

Thomas Salmen tsalmen at orcon.net.nz
Sun May 7 15:41:44 EDT 2006 

Hello,

I can't seem to figure out how to place a subscriber in a VRF using radius
under junose. I've tried sending back:

ERX-Virtual-Router-Name = "default:test_vrf"

and:

ERX-Virtual-Router-Name = ":test_vrf"

and even just:

ERX-Virtual-Router-Name = "test_vrf"

but connection attempts just hang and eventually time out (L2TP connections;
the ERX I'm testing against is an LNS). Testing the login from the CLI seems
okay, and so does testing when not attempting to specify a VRF:

nct_erx01#test aaa ppp vpn at test.orcon.net.nz vpn123
************ user attributes *************
Authentication Grant
    idle Timeout - 0
    session Timeout - 0
    accounting Timeout - 1800
    Client IP Address - 192.168.128.24
    Client IP Netmask - 255.255.255.255
    Client IPv6 Interface Id - 0:0:0:0
    primary DNS IP Address - 10.34.1.1
    secondary DNS IP Address - 10.34.2.2
    primary IPv6 DNS IP Address - ::
    secondary IPv6 DNS IP Address - ::
    primary WINS IP Address - 0.0.0.0
    secondary WINS IP Address - 0.0.0.0
    SA Validate - disabled 
    IGMP - disabled 
    Ignore-DF-Bit - disabled 
    MLD Version - MLD Version not set 
    IGMP Version - IGMP Version not set 
    router context - default:test_vrf
    local interface - <NULL>
    IGMP Access Group Name - <NULL>
    IGMP Access Source Group Name - <NULL>
    IGMP OIF Map Name - <NULL>
    IP Multicast Admission Bandwidth Limit - not set
    IPv6 router context - No Router
    IPv6 local interface - <NULL>
    MLD Access Group Name - <NULL>
    MLD Access Source Group Name - <NULL>
    MLD OIF Map Name - <NULL>
    IPv6 Multicast Admission Bandwidth Limit - not set
IPv6 inhibited
************ no ppp attributes *************
pausing 5 seconds before disconnecting test user, vpn at test.orcon.net.nz


Can anyone offer any further guidance? I can't find any working radius
examples in the junose docs or anywhere else, and I can't see any other
radius attributes that look appropriate. The VPN config seems okay;
statically adding interfaces to it works fine. 

Cheers,
Thomas

More information about the juniper-nsp mailing list