[rbak-nsp] Redback as a LAC
Dermot Williams
dermot.williams at imaginegroup.ie
Thu Dec 11 14:17:35 EST 2014
Hi Tomas,
This is what I have:
dot1q pvc 10 encapsulation multi
circuit protocol pppoe
bind authentication chap context local maximum 10
are you suggesting that I remove the context from the bind auth... line?
What impact will that have on my existing subscribers?
Thanks,
Dermot
IP Engineering Manager
Imagine Communications Group Ltd.
On 11 December 2014 at 16:50, Tomas Lynch <tomas.lynch at gmail.com> wrote:
> Dermont,
>
> Verify your port/vlan configuration, if you have the binding pointing
> to context local then all the subscribers independent of the realm
> will try to authenticate in context local.
>
> You should have something like the following (please do not copy and
> paste since some commands maybe wrong):
>
>
> context local
> domain domain1
> domain domain2
> !whatever you have here for example
> aaa authentication subscribers radius
> radius server 3.3.3.3 key djsjsi98d9id
>
> interface pppoesubscribers multibind
> ip address 10.0.0.1/24
> ip pool 10.0.0.0/24
>
> subscribers default
> ip pool
> !
> !
> context customers-lac
> aaa authentication subscribers none
> l2tp peer name LNS-the-other-side media udp remote 1.1.1.1 local 2.2.2.2
> domain nameoftheLNSdomain
> !
> subscriber default
> tunnel-domain
> !
> !end of context
> port ethernet 1/2
> encap dot1q
> dot1q pvc 100 encap pppoe
> bind authentication pap chap
> !endofconfig
>
> The trick then is in the binding without context if you have a
> customer user at domain1 is going to authenticate against 3.3.3.3 in
> context local; a user at nameoftheLNSdomain is going to pppoe against
> your lac and the ppp to the lns.
>
> Tomas Lynch
>
>
>
>
> On Wed, Dec 10, 2014 at 11:12 PM, Yury Shefer <shefys at gmail.com> wrote:
> > Hello,
> >
> > May I ask you to share yours access port/dot1q pvc/circuit configuration?
> >
> > On Wed, Dec 10, 2014 at 4:07 PM, Dermot Williams
> > <dermot.williams at imaginegroup.ie> wrote:
> >>
> >> Hi Soe,
> >>
> >> Not at present but I'm not expecting it to come up until I have my
> >> subscribers going into the right context.
> >>
> >> Regards,
> >>
> >> Dermot
> >>
> >> IP Engineering Manager
> >> Imagine Communications Group Ltd.
> >>
> >> On 10 December 2014 at 16:31, Soe Prapti <prapti.soe at gmail.com> wrote:
> >>>
> >>> Hi William,
> >>>
> >>> Is your tunnel established ? example like this :
> >>>
> >>> show l2tp summary
> >>>
> >>> Context Name Peer Name Local Name Count
> >>> Count
> >>> -------------------- -------------------- -------------------- -----
> >>> -----
> >>> local ABC 123
> >>> 1 0
> >>>
> >>>
> >>>
> >>>
> >>> On Wed, Dec 10, 2014 at 10:29 PM, Dermot Williams
> >>> <dermot.williams at imaginegroup.ie> wrote:
> >>>>
> >>>> Hi list,
> >>>>
> >>>> I have some subscribers coming in over PPPoE, some of whom I need to
> >>>> forward over an L2TP tunnel to an LNS on another provider's network.
> These
> >>>> subscribers are identified by their realm. I've got a context
> configured for
> >>>> this realm/domain - it's basically the same as the config outlined
> here:
> >>>>
> https://puck.nether.net/pipermail/redback-nsp/2013-September/001576.html
> >>>>
> >>>> The problem I have is that when my test subscriber's PPPoE session
> comes
> >>>> into the local context, the Redback tries to authenticate against my
> RADIUS
> >>>> servers (which fails, obviously) instead of binding the subscriber to
> the
> >>>> context that I've defined for that domain.
> >>>>
> >>>> Is there something that I need to configure in the local context to
> make
> >>>> it bind sessions for these subscribers to the correct context?
> >>>>
> >
> > --
> > Best regards,
> > Yury.
> >
> > _______________________________________________
> > redback-nsp mailing list
> > redback-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/redback-nsp
> >
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20141211/7071cb20/attachment.html>
More information about the redback-nsp
mailing list