[rbak-nsp] Redback as a LAC

Tomas Lynch tomas.lynch at gmail.com
Thu Dec 11 11:50:00 EST 2014


Dermont,

Verify your port/vlan configuration, if you have the binding pointing
to context local then all the subscribers independent of the realm
will try to authenticate in context local.

You should have something like the following (please do not copy and
paste since some commands maybe wrong):


context local
domain domain1
domain domain2
!whatever you have here for example
aaa authentication subscribers radius
radius server 3.3.3.3 key djsjsi98d9id

interface pppoesubscribers multibind
 ip address 10.0.0.1/24
ip pool 10.0.0.0/24

subscribers default
ip pool
!
!
context customers-lac
aaa authentication subscribers none
l2tp peer name LNS-the-other-side media udp remote 1.1.1.1 local 2.2.2.2
domain nameoftheLNSdomain
!
subscriber default
tunnel-domain
!
!end of context
port ethernet 1/2
encap dot1q
dot1q pvc 100 encap pppoe
bind authentication pap chap
!endofconfig

The trick then is in the binding without context if you have a
customer user at domain1 is going to authenticate against 3.3.3.3 in
context local; a user at nameoftheLNSdomain is going to pppoe against
your lac and the ppp to the lns.

Tomas Lynch




On Wed, Dec 10, 2014 at 11:12 PM, Yury Shefer <shefys at gmail.com> wrote:
> Hello,
>
> May I ask you to share yours access port/dot1q pvc/circuit configuration?
>
> On Wed, Dec 10, 2014 at 4:07 PM, Dermot Williams
> <dermot.williams at imaginegroup.ie> wrote:
>>
>> Hi Soe,
>>
>> Not at present but I'm not expecting it to come up until I have my
>> subscribers going into the right context.
>>
>> Regards,
>>
>> Dermot
>>
>> IP Engineering Manager
>> Imagine Communications Group Ltd.
>>
>> On 10 December 2014 at 16:31, Soe Prapti <prapti.soe at gmail.com> wrote:
>>>
>>> Hi William,
>>>
>>> Is your tunnel established ? example like this :
>>>
>>> show l2tp summary
>>>
>>> Context Name         Peer Name            Local Name           Count
>>> Count
>>> -------------------- -------------------- -------------------- -----
>>> -----
>>> local                            ABC                           123
>>> 1               0
>>>
>>>
>>>
>>>
>>> On Wed, Dec 10, 2014 at 10:29 PM, Dermot Williams
>>> <dermot.williams at imaginegroup.ie> wrote:
>>>>
>>>> Hi list,
>>>>
>>>> I have some subscribers coming in over PPPoE, some of whom I need to
>>>> forward over an L2TP tunnel to an LNS on another provider's network. These
>>>> subscribers are identified by their realm. I've got a context configured for
>>>> this realm/domain - it's basically the same as the config outlined here:
>>>> https://puck.nether.net/pipermail/redback-nsp/2013-September/001576.html
>>>>
>>>> The problem I have is that when my test subscriber's PPPoE session comes
>>>> into the local context, the Redback tries to authenticate against my RADIUS
>>>> servers (which fails, obviously) instead of binding the subscriber to the
>>>> context that I've defined for that domain.
>>>>
>>>> Is there something that I need to configure in the local context to make
>>>> it bind sessions for these subscribers to the correct context?
>>>>
>
> --
> Best regards,
> Yury.
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>


More information about the redback-nsp mailing list