!--- Configuration LTS
vpdn enable /* Activation du processus VPDN (LTS + LNS) */
vpdn multihop /* activation de la fonction LTS */
vpdn authen-before-forward /* activation de la fonction LTS */
no vpdn history failure
vpdn search-order domain
vpdn domain-delimiter @ suffix /* Caractère marquant le début du realm */
!
And the following is classical vpdn configuration.
And it is working with Radius Authentication
and the result on the LTS :
RTRDOL53#show ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Vi2.3 LCP+ CHAP+ IPCP+ LocalT xxxx\
test11ent@yyyy
0x5E000036 LCP+ CHAP* Fwded 0.0.0.0 \
lts2@yyyy
0x89000048 LCP+ CHAP* Fwded 0.0.0.0 \
lts1@yyyy
Vi2.5 LCP+ CHAP+ IPCP+ LocalT xxxx \
test14ent@zzzzz
RTRDOL53#
RTRDOL53#show subscriber session username lts1@yyyy
Unique Session ID: 928
Identifier: lts1@yyyy
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 19:47:52, Last Changed: 19:47:52
Policy information:
Authentication status: authen
Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 19:47:52
RTRDOL53#show subscriber session username lts2@yyyy
Unique Session ID: 585
Identifier: lts2@yyyy
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 17:25:57, Last Changed: 17:25:57
-----Message d'origine-----
De : cisco-bba-bounces@puck.nether.net [mailto:cisco-bba-bounces@puck.nether.net] De la part de cisco-bba-request@puck.nether.net
Envoyé : mardi 15 février 2011 18:00
À : cisco-bba@puck.nether.net
Objet : cisco-bba Digest, Vol 89, Issue 4
Send cisco-bba mailing list submissions to
cisco-bba@puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/cisco-bba
or, via email, send a message with subject or body 'help' to
cisco-bba-request@puck.nether.net
You can reach the person managing the list at
cisco-bba-owner@puck.nether.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-bba digest..."
Today's Topics:
1. Per-User Multihop VPDN (Matthew Melbourne)
2. Re: Per-User Multihop VPDN (Paul Sherratt)
3. Re: Per-User Multihop VPDN (Arie Vayner)
----------------------------------------------------------------------
Message: 1
Date: Tue, 15 Feb 2011 09:56:56 +0000
From: Matthew Melbourne <matt@melbourne.org.uk>
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] Per-User Multihop VPDN
Message-ID:
<AANLkTikik1r3gE8os5hjzA658uzCHsxuqZ8d5MQ=VQge@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi,
I have a scenario where I would like to forward particular user
sessions from one LNS to another (which is VRF-aware), ideally under
the control of the RADIUS server used by the initial LNS. Is it
possible to specify RADIUS attributes which will forward a user's
session to another LNS, using Multihop VPDN?
Cheers,
Matt
--
Matthew Melbourne
------------------------------
Message: 2
Date: Tue, 15 Feb 2011 10:30:41 +0000
From: Paul Sherratt <lists@paul.sh>
To: Matthew Melbourne <matt@melbourne.org.uk>
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] Per-User Multihop VPDN
Message-ID:
<AANLkTi=Z=npTbVBMm3WnTvYv2mXU-HrRVmnO=W0iX_dU@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
When a request comes in to RADIUS from the initial LNS, you just need
to chuck back a set VPDN tunnel attributes and the multihop should
'just work'.
There are two options,
- RADIUS Attribute 66:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
- http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693
We primarily use the first, but if you need to multihop into a
VRF-aware VPDN group, you'll need the latter.
-pts
On 15 February 2011 09:56, Matthew Melbourne <matt@melbourne.org.uk> wrote:
> Hi,
>
> I have a scenario where I would like to forward particular user
> sessions from one LNS to another (which is VRF-aware), ideally under
> the control of the RADIUS server used by the initial LNS. Is it
> possible to specify RADIUS attributes which will forward a user's
> session to another LNS, using Multihop VPDN?
>
> Cheers,
>
> Matt
>
> --
> Matthew Melbourne
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
------------------------------
Message: 3
Date: Tue, 15 Feb 2011 15:25:42 +0200
From: Arie Vayner <ariev@vayner.net>
To: lists@paul.sh
Cc: Matthew Melbourne <matt@melbourne.org.uk>,
cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] Per-User Multihop VPDN
Message-ID:
<AANLkTikszAxYN_BHH6SSR29Xb3BsLswQ7-eDuCPvfPFA@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
You also need the following command on the LNS:
*authen-before-forward *
http://www.cisco.com/en/US/docs/ios/vpdn/command/reference/vpd_a1.html#wp1047138
Arie
On Tue, Feb 15, 2011 at 12:30 PM, Paul Sherratt <lists@paul.sh> wrote:
> When a request comes in to RADIUS from the initial LNS, you just need
> to chuck back a set VPDN tunnel attributes and the multihop should
> 'just work'.
>
> There are two options,
> - RADIUS Attribute 66:
> http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
> -
> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693
>
> We primarily use the first, but if you need to multihop into a
> VRF-aware VPDN group, you'll need the latter.
>
> -pts
>
>
> On 15 February 2011 09:56, Matthew Melbourne <matt@melbourne.org.uk>
> wrote:
> > Hi,
> >
> > I have a scenario where I would like to forward particular user
> > sessions from one LNS to another (which is VRF-aware), ideally under
> > the control of the RADIUS server used by the initial LNS. Is it
> > possible to specify RADIUS attributes which will forward a user's
> > session to another LNS, using Multihop VPDN?
> >
> > Cheers,
> >
> > Matt
> >
> > --
> > Matthew Melbourne
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20110215/ab8464b7/attachment-0001.html>
------------------------------
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
End of cisco-bba Digest, Vol 89, Issue 4
****************************************
________________________________
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne peut être tenue responsable de son contenu ni de ses pièces jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur.
The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.
vpdn enable /* Activation du processus VPDN (LTS + LNS) */
vpdn multihop /* activation de la fonction LTS */
vpdn authen-before-forward /* activation de la fonction LTS */
no vpdn history failure
vpdn search-order domain
vpdn domain-delimiter @ suffix /* Caractère marquant le début du realm */
!
And the following is classical vpdn configuration.
And it is working with Radius Authentication
and the result on the LTS :
RTRDOL53#show ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Vi2.3 LCP+ CHAP+ IPCP+ LocalT xxxx\
test11ent@yyyy
0x5E000036 LCP+ CHAP* Fwded 0.0.0.0 \
lts2@yyyy
0x89000048 LCP+ CHAP* Fwded 0.0.0.0 \
lts1@yyyy
Vi2.5 LCP+ CHAP+ IPCP+ LocalT xxxx \
test14ent@zzzzz
RTRDOL53#
RTRDOL53#show subscriber session username lts1@yyyy
Unique Session ID: 928
Identifier: lts1@yyyy
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 19:47:52, Last Changed: 19:47:52
Policy information:
Authentication status: authen
Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 19:47:52
RTRDOL53#show subscriber session username lts2@yyyy
Unique Session ID: 585
Identifier: lts2@yyyy
SIP subscriber access type(s): VPDN/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 17:25:57, Last Changed: 17:25:57
-----Message d'origine-----
De : cisco-bba-bounces@puck.nether.net [mailto:cisco-bba-bounces@puck.nether.net] De la part de cisco-bba-request@puck.nether.net
Envoyé : mardi 15 février 2011 18:00
À : cisco-bba@puck.nether.net
Objet : cisco-bba Digest, Vol 89, Issue 4
Send cisco-bba mailing list submissions to
cisco-bba@puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/cisco-bba
or, via email, send a message with subject or body 'help' to
cisco-bba-request@puck.nether.net
You can reach the person managing the list at
cisco-bba-owner@puck.nether.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-bba digest..."
Today's Topics:
1. Per-User Multihop VPDN (Matthew Melbourne)
2. Re: Per-User Multihop VPDN (Paul Sherratt)
3. Re: Per-User Multihop VPDN (Arie Vayner)
----------------------------------------------------------------------
Message: 1
Date: Tue, 15 Feb 2011 09:56:56 +0000
From: Matthew Melbourne <matt@melbourne.org.uk>
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] Per-User Multihop VPDN
Message-ID:
<AANLkTikik1r3gE8os5hjzA658uzCHsxuqZ8d5MQ=VQge@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi,
I have a scenario where I would like to forward particular user
sessions from one LNS to another (which is VRF-aware), ideally under
the control of the RADIUS server used by the initial LNS. Is it
possible to specify RADIUS attributes which will forward a user's
session to another LNS, using Multihop VPDN?
Cheers,
Matt
--
Matthew Melbourne
------------------------------
Message: 2
Date: Tue, 15 Feb 2011 10:30:41 +0000
From: Paul Sherratt <lists@paul.sh>
To: Matthew Melbourne <matt@melbourne.org.uk>
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] Per-User Multihop VPDN
Message-ID:
<AANLkTi=Z=npTbVBMm3WnTvYv2mXU-HrRVmnO=W0iX_dU@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
When a request comes in to RADIUS from the initial LNS, you just need
to chuck back a set VPDN tunnel attributes and the multihop should
'just work'.
There are two options,
- RADIUS Attribute 66:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
- http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693
We primarily use the first, but if you need to multihop into a
VRF-aware VPDN group, you'll need the latter.
-pts
On 15 February 2011 09:56, Matthew Melbourne <matt@melbourne.org.uk> wrote:
> Hi,
>
> I have a scenario where I would like to forward particular user
> sessions from one LNS to another (which is VRF-aware), ideally under
> the control of the RADIUS server used by the initial LNS. Is it
> possible to specify RADIUS attributes which will forward a user's
> session to another LNS, using Multihop VPDN?
>
> Cheers,
>
> Matt
>
> --
> Matthew Melbourne
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
------------------------------
Message: 3
Date: Tue, 15 Feb 2011 15:25:42 +0200
From: Arie Vayner <ariev@vayner.net>
To: lists@paul.sh
Cc: Matthew Melbourne <matt@melbourne.org.uk>,
cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] Per-User Multihop VPDN
Message-ID:
<AANLkTikszAxYN_BHH6SSR29Xb3BsLswQ7-eDuCPvfPFA@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
You also need the following command on the LNS:
*authen-before-forward *
http://www.cisco.com/en/US/docs/ios/vpdn/command/reference/vpd_a1.html#wp1047138
Arie
On Tue, Feb 15, 2011 at 12:30 PM, Paul Sherratt <lists@paul.sh> wrote:
> When a request comes in to RADIUS from the initial LNS, you just need
> to chuck back a set VPDN tunnel attributes and the multihop should
> 'just work'.
>
> There are two options,
> - RADIUS Attribute 66:
> http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtdt4.html
> -
> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftvpdnmh.html#wp1044693
>
> We primarily use the first, but if you need to multihop into a
> VRF-aware VPDN group, you'll need the latter.
>
> -pts
>
>
> On 15 February 2011 09:56, Matthew Melbourne <matt@melbourne.org.uk>
> wrote:
> > Hi,
> >
> > I have a scenario where I would like to forward particular user
> > sessions from one LNS to another (which is VRF-aware), ideally under
> > the control of the RADIUS server used by the initial LNS. Is it
> > possible to specify RADIUS attributes which will forward a user's
> > session to another LNS, using Multihop VPDN?
> >
> > Cheers,
> >
> > Matt
> >
> > --
> > Matthew Melbourne
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20110215/ab8464b7/attachment-0001.html>
------------------------------
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
End of cisco-bba Digest, Vol 89, Issue 4
****************************************
________________________________
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne peut être tenue responsable de son contenu ni de ses pièces jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur.
The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.