[j-nsp] Placing a subscriber in a VRF

Goldschmidt, Bernd bernd.goldschmidt at siemens.com
Mon May 8 04:34:35 EDT 2006 

Hi Thomas,

the RADIUS-Attribute is the right one!

The problem seems to be that in the VRF no looback interface is configured.?
>     local interface - <NULL>  <-----------------
see below.

It must be:
>     local interface - looback 0 
for example.

Could you configure the same looback interface in the VRF as in the VR default?


Gruß
Bernd.


 

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Thomas Salmen
> Sent: Sunday, May 07, 2006 9:42 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Placing a subscriber in a VRF
> 
> 
> Hello,
> 
> I can't seem to figure out how to place a subscriber in a VRF 
> using radius
> under junose. I've tried sending back:
> 
> ERX-Virtual-Router-Name = "default:test_vrf"
> 
> and:
> 
> ERX-Virtual-Router-Name = ":test_vrf"
> 
> and even just:
> 
> ERX-Virtual-Router-Name = "test_vrf"
> 
> but connection attempts just hang and eventually time out 
> (L2TP connections;
> the ERX I'm testing against is an LNS). Testing the login 
> from the CLI seems
> okay, and so does testing when not attempting to specify a VRF:
> 
> nct_erx01#test aaa ppp vpn at test.orcon.net.nz vpn123
> ************ user attributes *************
> Authentication Grant
>     idle Timeout - 0
>     session Timeout - 0
>     accounting Timeout - 1800
>     Client IP Address - 192.168.128.24
>     Client IP Netmask - 255.255.255.255
>     Client IPv6 Interface Id - 0:0:0:0
>     primary DNS IP Address - 10.34.1.1
>     secondary DNS IP Address - 10.34.2.2
>     primary IPv6 DNS IP Address - ::
>     secondary IPv6 DNS IP Address - ::
>     primary WINS IP Address - 0.0.0.0
>     secondary WINS IP Address - 0.0.0.0
>     SA Validate - disabled 
>     IGMP - disabled 
>     Ignore-DF-Bit - disabled 
>     MLD Version - MLD Version not set 
>     IGMP Version - IGMP Version not set 
>     router context - default:test_vrf
>     local interface - <NULL>  <-----------------
>     IGMP Access Group Name - <NULL>
>     IGMP Access Source Group Name - <NULL>
>     IGMP OIF Map Name - <NULL>
>     IP Multicast Admission Bandwidth Limit - not set
>     IPv6 router context - No Router
>     IPv6 local interface - <NULL>
>     MLD Access Group Name - <NULL>
>     MLD Access Source Group Name - <NULL>
>     MLD OIF Map Name - <NULL>
>     IPv6 Multicast Admission Bandwidth Limit - not set
> IPv6 inhibited
> ************ no ppp attributes *************
> pausing 5 seconds before disconnecting test user, 
> vpn at test.orcon.net.nz
> 
> 
> Can anyone offer any further guidance? I can't find any working radius
> examples in the junose docs or anywhere else, and I can't see 
> any other
> radius attributes that look appropriate. The VPN config seems okay;
> statically adding interfaces to it works fine. 
> 
> Cheers,
> Thomas
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list