Mailing List Archive: Per-User Multihop VPDN

Per-User Multihop VPDN

Feb 15, 2011, 1:56 AM

Post #1 of 3 (3757 views)

Hi,

I have a scenario where I would like to forward particular user
sessions from one LNS to another (which is VRF-aware), ideally under
the control of the RADIUS server used by the initial LNS. Is it
possible to specify RADIUS attributes which will forward a user's
session to another LNS, using Multihop VPDN?

Cheers,

Matt

--
Matthew Melbourne
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: Per-User Multihop VPDN [ In reply to ]

lists at paul

Feb 15, 2011, 2:30 AM

Post #2 of 3 (3574 views)

Permalink

When a request comes in to RADIUS from the initial LNS, you just need
to chuck back a set VPDN tunnel attributes and the multihop should
'just work'.

There are two options,
- RADIUS Attribute 66:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
- http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693

We primarily use the first, but if you need to multihop into a
VRF-aware VPDN group, you'll need the latter.

-pts

On 15 February 2011 09:56, Matthew Melbourne <matt@melbourne.org.uk> wrote:
> Hi,
>
> I have a scenario where I would like to forward particular user
> sessions from one LNS to another (which is VRF-aware), ideally under
> the control of the RADIUS server used by the initial LNS. Is it
> possible to specify RADIUS attributes which will forward a user's
> session to another LNS, using Multihop VPDN?
>
> Cheers,
>
> Matt
>
> --
> Matthew Melbourne
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: Per-User Multihop VPDN [ In reply to ]

ariev at vayner

Feb 15, 2011, 5:25 AM

Post #3 of 3 (3560 views)

Permalink

You also need the following command on the LNS:

*authen-before-forward *

http://www.cisco.com/en/US/docs/ios/vpdn/command/reference/vpd_a1.html#wp1047138

Arie

On Tue, Feb 15, 2011 at 12:30 PM, Paul Sherratt <lists@paul.sh> wrote:

> When a request comes in to RADIUS from the initial LNS, you just need
> to chuck back a set VPDN tunnel attributes and the multihop should
> 'just work'.
>
> There are two options,
> - RADIUS Attribute 66:
> http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
> -
> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693
>
> We primarily use the first, but if you need to multihop into a
> VRF-aware VPDN group, you'll need the latter.
>
> -pts
>
>
> On 15 February 2011 09:56, Matthew Melbourne <matt@melbourne.org.uk>
> wrote:
> > Hi,
> >
> > I have a scenario where I would like to forward particular user
> > sessions from one LNS to another (which is VRF-aware), ideally under
> > the control of the RADIUS server used by the initial LNS. Is it
> > possible to specify RADIUS attributes which will forward a user's
> > session to another LNS, using Multihop VPDN?
> >
> > Cheers,
> >
> > Matt
> >
> > --
> > Matthew Melbourne
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>