Hi! Radius attribute is correct : ERX-Virtual-Router-Name = "test_vrf" //// I have created like this for Steelbelt RADIUS Just check Profile applied to subscribers interface , if any virtual router configuration is there please remove that , and loopback 0 should be present in that VR also. ! profile pppinfo ip unnumbered loopback 0 ppp authentication pap chap ! Regards Amin On Mon, 08 May 2006 juniper-nsp-request@puck.nether.net wrote : >Send juniper-nsp mailing list submissions to > juniper-nsp@puck.nether.net > >To subscribe or unsubscribe via the World Wide Web, visit > http://puck.nether.net/mailman/listinfo/juniper-nsp >or, via email, send a message with subject or body 'help' to > juniper-nsp-request@puck.nether.net > >You can reach the person managing the list at > juniper-nsp-owner@puck.nether.net > >When replying, please edit your Subject line so it is more >specific >than "Re: Contents of juniper-nsp digest..." > > >Today's Topics: > > 1. Placing a subscriber in a VRF (Thomas Salmen) > 2. Re: Placing a subscriber in a VRF (Goldschmidt, Bernd) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Mon, 8 May 2006 07:41:44 +1200 > From: "Thomas Salmen" >Subject: [j-nsp] Placing a subscriber in a VRF >To: >Message-ID: ><200605071941.k47Jfbxw004119@dbmail-mx1.orcon.net.nz> >Content-Type: text/plain; charset="us-ascii" > > >Hello, > >I can't seem to figure out how to place a subscriber in a VRF >using radius >under junose. I've tried sending back: > >ERX-Virtual-Router-Name = "default:test_vrf" > >and: > >ERX-Virtual-Router-Name = ":test_vrf" > >and even just: > >ERX-Virtual-Router-Name = "test_vrf" > >but connection attempts just hang and eventually time out (L2TP >connections; >the ERX I'm testing against is an LNS). Testing the login from >the CLI seems >okay, and so does testing when not attempting to specify a VRF: > >nct_erx01#test aaa ppp vpn@test.orcon.net.nz vpn123 >************ user attributes ************* >Authentication Grant > idle Timeout - 0 > session Timeout - 0 > accounting Timeout - 1800 > Client IP Address - 192.168.128.24 > Client IP Netmask - 255.255.255.255 > Client IPv6 Interface Id - 0:0:0:0 > primary DNS IP Address - 10.34.1.1 > secondary DNS IP Address - 10.34.2.2 > primary IPv6 DNS IP Address - :: > secondary IPv6 DNS IP Address - :: > primary WINS IP Address - 0.0.0.0 > secondary WINS IP Address - 0.0.0.0 > SA Validate - disabled > IGMP - disabled > Ignore-DF-Bit - disabled > MLD Version - MLD Version not set > IGMP Version - IGMP Version not set > router context - default:test_vrf > local interface - > IGMP Access Group Name - > IGMP Access Source Group Name - > IGMP OIF Map Name - > IP Multicast Admission Bandwidth Limit - not set > IPv6 router context - No Router > IPv6 local interface - > MLD Access Group Name - > MLD Access Source Group Name - > MLD OIF Map Name - > IPv6 Multicast Admission Bandwidth Limit - not set >IPv6 inhibited >************ no ppp attributes ************* >pausing 5 seconds before disconnecting test user, >vpn@test.orcon.net.nz > > >Can anyone offer any further guidance? I can't find any working >radius >examples in the junose docs or anywhere else, and I can't see any >other >radius attributes that look appropriate. The VPN config seems >okay; >statically adding interfaces to it works fine. > >Cheers, >Thomas > > > > > >------------------------------ > >Message: 2 >Date: Mon, 8 May 2006 10:34:35 +0200 > From: "Goldschmidt, Bernd" >Subject: Re: [j-nsp] Placing a subscriber in a VRF >To: "Thomas Salmen" , > >Message-ID: > ><202F7B4A01DCCC4A9913C5F187FE5E54FE62CC@mlhw163a.ww002.siemens.net> >Content-Type: text/plain; charset="iso-8859-1" > >Hi Thomas, > >the RADIUS-Attribute is the right one! > >The problem seems to be that in the VRF no looback interface is >configured.? > > local interface - <----------------- >see below. > >It must be: > > local interface - looback 0 >for example. > >Could you configure the same looback interface in the VRF as in >the VR default? > > >Gru? >Bernd. > > > > > > -----Original Message----- > > From: juniper-nsp-bounces@puck.nether.net > > [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of > > Thomas Salmen > > Sent: Sunday, May 07, 2006 9:42 PM > > To: juniper-nsp@puck.nether.net > > Subject: [j-nsp] Placing a subscriber in a VRF > > > > > > Hello, > > > > I can't seem to figure out how to place a subscriber in a >VRF > > using radius > > under junose. I've tried sending back: > > > > ERX-Virtual-Router-Name = "default:test_vrf" > > > > and: > > > > ERX-Virtual-Router-Name = ":test_vrf" > > > > and even just: > > > > ERX-Virtual-Router-Name = "test_vrf" > > > > but connection attempts just hang and eventually time out > > (L2TP connections; > > the ERX I'm testing against is an LNS). Testing the login > > from the CLI seems > > okay, and so does testing when not attempting to specify a >VRF: > > > > nct_erx01#test aaa ppp vpn@test.orcon.net.nz vpn123 > > ************ user attributes ************* > > Authentication Grant > > idle Timeout - 0 > > session Timeout - 0 > > accounting Timeout - 1800 > > Client IP Address - 192.168.128.24 > > Client IP Netmask - 255.255.255.255 > > Client IPv6 Interface Id - 0:0:0:0 > > primary DNS IP Address - 10.34.1.1 > > secondary DNS IP Address - 10.34.2.2 > > primary IPv6 DNS IP Address - :: > > secondary IPv6 DNS IP Address - :: > > primary WINS IP Address - 0.0.0.0 > > secondary WINS IP Address - 0.0.0.0 > > SA Validate - disabled > > IGMP - disabled > > Ignore-DF-Bit - disabled > > MLD Version - MLD Version not set > > IGMP Version - IGMP Version not set > > router context - default:test_vrf > > local interface - <----------------- > > IGMP Access Group Name - > > IGMP Access Source Group Name - > > IGMP OIF Map Name - > > IP Multicast Admission Bandwidth Limit - not set > > IPv6 router context - No Router > > IPv6 local interface - > > MLD Access Group Name - > > MLD Access Source Group Name - > > MLD OIF Map Name - > > IPv6 Multicast Admission Bandwidth Limit - not set > > IPv6 inhibited > > ************ no ppp attributes ************* > > pausing 5 seconds before disconnecting test user, > > vpn@test.orcon.net.nz > > > > > > Can anyone offer any further guidance? I can't find any >working radius > > examples in the junose docs or anywhere else, and I can't >see > > any other > > radius attributes that look appropriate. The VPN config seems >okay; > > statically adding interfaces to it works fine. > > > > Cheers, > > Thomas > > > > > > > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > http://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > >------------------------------ > >_______________________________________________ >juniper-nsp mailing list >juniper-nsp@puck.nether.net >http://puck.nether.net/mailman/listinfo/juniper-nsp > > >End of juniper-nsp Digest, Vol 42, Issue 6 >****************************************** Warm Regards Ehtesham Amin