Mailing List Archive

Choosing LNS On A Per-Domain Basis
We are using the Cisco ASR 1004 for LNS. For business reasons, we have tw
sets of PPPOE users authenticating against the LNS -the only difference
being the @ domain part. So for example:

(a.) user@domain1.com
(b.) user@domain2.com

Irrespective of their domain, all users come in via the same LACs, and via
the same L2TP tunnels. We do not own the LACS, and are not able to make or
request any changes on the LAC-side.

Here is what we are trying to do: we would like to choose the terminating
LNS based on the domain name. So all users @ domain1, for example, should
authenticate to LNS1, while all users @ domain2 should authenticate to LNS2.
As I said, we do not manage the LACs. Also, the ip address of my LNS(es) are
statically defined in the LACs, and not negotiated dynamically at
authentication time.

So is there anyway to choose the LNS according to the domain presented in
the username? Is there some way to force users at domain1 to LNS #1, and
users at domain2 to LNS #2? If so, can anyone share some pointers as to we
accomplish it?


Thanks in advance.
Dominic
Re: Choosing LNS On A Per-Domain Basis [ In reply to ]
Hi Dominic,

We achieved this in the past using two different technologies. One was VPDN multihop and using RADIUS to forward the sessions to the desired LNS. The other was to setup our own LAC device which received the L2TP tunnel from upstream provider and then initiate a tunnel each to the two LNS devices based on domain name.

Example config:

vpdn multihop

vpdn-group incomingtunnel
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname providerlac
local name mylac
lcp renegotiation on-mismatch

vpdn-group mylns1
request-dialin
protocol l2tp
domain domain1.com
initiate-to ip 1.1.1.1
l2tp tunnel password mypassword

Hope that helps.

Regards,
Vaibhav

From: cisco-bba [mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Dominic
Sent: Tuesday, 1 October 2013 7:48 AM
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] Choosing LNS On A Per-Domain Basis


We are using the Cisco ASR 1004 for LNS. For business reasons, we have tw sets of PPPOE users authenticating against the LNS -the only difference being the @ domain part. So for example:

(a.) user@domain1.com<mailto:user@domain1.com>

(b.) user@domain2.com<mailto:user@domain2.com>

Irrespective of their domain, all users come in via the same LACs, and via the same L2TP tunnels. We do not own the LACS, and are not able to make or request any changes on the LAC-side.



Here is what we are trying to do: we would like to choose the terminating LNS based on the domain name. So all users @ domain1, for example, should authenticate to LNS1, while all users @ domain2 should authenticate to LNS2. As I said, we do not manage the LACs. Also, the ip address of my LNS(es) are statically defined in the LACs, and not negotiated dynamically at authentication time.

So is there anyway to choose the LNS according to the domain presented in the username? Is there some way to force users at domain1 to LNS #1, and users at domain2 to LNS #2? If so, can anyone share some pointers as to we accomplish it?


Thanks in advance.

Dominic
Re: Choosing LNS On A Per-Domain Basis [ In reply to ]
Thanks, Vaibhav. This certainly helps. Will give it a shot.





Dominic

From: Vaibhav Bagaria [mailto:vaibhav.bagaria@bendigotelco.com.au]
Sent: Tuesday, October 01, 2013 7:29 PM
To: 'Dominic'; cisco-bba@puck.nether.net
Subject: RE: [cisco-bba] Choosing LNS On A Per-Domain Basis



Hi Dominic,



We achieved this in the past using two different technologies. One was VPDN
multihop and using RADIUS to forward the sessions to the desired LNS. The
other was to setup our own LAC device which received the L2TP tunnel from
upstream provider and then initiate a tunnel each to the two LNS devices
based on domain name.



Example config:



vpdn multihop



vpdn-group incomingtunnel

accept-dialin

protocol l2tp

virtual-template 1

terminate-from hostname providerlac

local name mylac

lcp renegotiation on-mismatch



vpdn-group mylns1

request-dialin

protocol l2tp

domain domain1.com

initiate-to ip 1.1.1.1

l2tp tunnel password mypassword



Hope that helps.



Regards,

Vaibhav



From: cisco-bba [mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of
Dominic
Sent: Tuesday, 1 October 2013 7:48 AM
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] Choosing LNS On A Per-Domain Basis



We are using the Cisco ASR 1004 for LNS. For business reasons, we have tw
sets of PPPOE users authenticating against the LNS -the only difference
being the @ domain part. So for example:

(a.) user@domain1.com

(b.) user@domain2.com

Irrespective of their domain, all users come in via the same LACs, and via
the same L2TP tunnels. We do not own the LACS, and are not able to make or
request any changes on the LAC-side.



Here is what we are trying to do: we would like to choose the terminating
LNS based on the domain name. So all users @ domain1, for example, should
authenticate to LNS1, while all users @ domain2 should authenticate to LNS2.
As I said, we do not manage the LACs. Also, the ip address of my LNS(es) are
statically defined in the LACs, and not negotiated dynamically at
authentication time.

So is there anyway to choose the LNS according to the domain presented in
the username? Is there some way to force users at domain1 to LNS #1, and
users at domain2 to LNS #2? If so, can anyone share some pointers as to we
accomplish it?



Thanks in advance.

Dominic
Re: Choosing LNS On A Per-Domain Basis [ In reply to ]
You can also pass these forwarding details along via AV pairs from RADIUS.

Though if youve only got two domains and a couple of LNS it might be
easier to configure it statically on the LNS.

On 2 October 2013 02:05, Dominic <dominic@broadconnect.ca> wrote:
> Thanks, Vaibhav. This certainly helps. Will give it a shot.
>
>
>
>
>
> Dominic
>
> From: Vaibhav Bagaria [mailto:vaibhav.bagaria@bendigotelco.com.au]
> Sent: Tuesday, October 01, 2013 7:29 PM
> To: 'Dominic'; cisco-bba@puck.nether.net
> Subject: RE: [cisco-bba] Choosing LNS On A Per-Domain Basis
>
>
>
> Hi Dominic,
>
>
>
> We achieved this in the past using two different technologies. One was VPDN
> multihop and using RADIUS to forward the sessions to the desired LNS. The
> other was to setup our own LAC device which received the L2TP tunnel from
> upstream provider and then initiate a tunnel each to the two LNS devices
> based on domain name.
>
>
>
> Example config:
>
>
>
> vpdn multihop
>
>
>
> vpdn-group incomingtunnel
>
> accept-dialin
>
> protocol l2tp
>
> virtual-template 1
>
> terminate-from hostname providerlac
>
> local name mylac
>
> lcp renegotiation on-mismatch
>
>
>
> vpdn-group mylns1
>
> request-dialin
>
> protocol l2tp
>
> domain domain1.com
>
> initiate-to ip 1.1.1.1
>
> l2tp tunnel password mypassword
>
>
>
> Hope that helps.
>
>
>
> Regards,
>
> Vaibhav
>
>
>
> From: cisco-bba [mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of
> Dominic
> Sent: Tuesday, 1 October 2013 7:48 AM
> To: cisco-bba@puck.nether.net
> Subject: [cisco-bba] Choosing LNS On A Per-Domain Basis
>
>
>
> We are using the Cisco ASR 1004 for LNS. For business reasons, we have tw
> sets of PPPOE users authenticating against the LNS -the only difference
> being the @ domain part. So for example:
>
> (a.) user@domain1.com
>
> (b.) user@domain2.com
>
> Irrespective of their domain, all users come in via the same LACs, and via
> the same L2TP tunnels. We do not own the LACS, and are not able to make or
> request any changes on the LAC-side.
>
>
>
> Here is what we are trying to do: we would like to choose the terminating
> LNS based on the domain name. So all users @ domain1, for example, should
> authenticate to LNS1, while all users @ domain2 should authenticate to LNS2.
> As I said, we do not manage the LACs. Also, the ip address of my LNS(es) are
> statically defined in the LACs, and not negotiated dynamically at
> authentication time.
>
> So is there anyway to choose the LNS according to the domain presented in
> the username? Is there some way to force users at domain1 to LNS #1, and
> users at domain2 to LNS #2? If so, can anyone share some pointers as to we
> accomplish it?
>
>
>
> Thanks in advance.
>
> Dominic
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba