Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. BBA
vpdn multihop
eric.laporte at deckpoint
Jul 29, 2003, 7:24 AM
Post #1 of 2 (1721 views)
Permalink
Hello,

We would like to implement a vpdn multihop switch using radius attributes on a 7204vxr router acting as LNS.
The LNS should in normal condition simply terminate PPPoE clients overt L2TP (this works already) and depending on the user id ( not
domain.. ) we'd like to forward to another LNS using multihop.

is it possible to do that at all?

multihop documentation only mentions domain, hostname and dnis matching.


The following configuration we tried gives us errors that we don't understand:
RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp

thanks,
Eric


--- multihop router configuration -------------------------------------------------------------

ip address-pool local
virtual-profile virtual-template 1
multilink virtual-template 7
vpdn enable
vpdn multihop
!
vpdn-group incoming
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
lcp renegotiation on-mismatch
!
vpdn-group out_test
request-dialin
protocol l2tp
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
peer default ip address pool deckpoint
ppp authentication chap ms-chap
ppp multilink

--- radius log ------------------------------------------------------------------------------

rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=29, length=78
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "saml2tp"
CHAP-Password = 0x0e8c54282f65e16da39856fd0736e0ebd7
Service-Type = Framed-User
Framed-Protocol = PPP
Sending Access-Accept of id 29 to xxx.xxx.xxx.xxx:1645
Cisco-AVPair += "vpdn:tunnel-id=testsam"
Cisco-AVPair += "vpdn:l2tp-tunnel-password=secret"
Cisco-AVPair += "vpdn:tunnel-type=l2tp"
Cisco-AVPair += "vpdn:vpdn-group=out_test"
Cisco-AVPair += "vpdn:ip-addresses=xxx.xxx.xxx.xxx"
Service-Type := Outbound-User
Framed-Protocol := PPP

--- multihop router log ---------------------------------------------------------------------

Vi1 VPDN: Clone from Vtemplate 1
Vi1 VPDN: Bind interface direction=2
%LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Vi1 VPDN: Looking for tunnel -- --
Vi1 VPDN: Looking for tunnel -- --
Vi1 VPDN: Continue PPP authentication for saml2tp
RADIUS: ustruct sharecount=2
Radius: radius_port_info() success=1 radius_nas_port=1
RADIUS: Initial Transmit Virtual-Access1 id 29 xxx.xxx.xxx.xxx:1645, Access-Request, len 78
Attribute 4 6 C226A802
Attribute 5 6 00000001
Attribute 61 6 00000005
Attribute 1 9 73616D6C
Attribute 3 19 0E8C5428
Attribute 6 6 00000002
Attribute 7 6 00000001
RADIUS: Received from id 29 xxx.xxx.xxx.xxx:1645, Access-Accept, len 203
Attribute 26 30 0000000901187670
Attribute 26 40 0000000901227670
Attribute 26 29 0000000901177670
Attribute 26 32 00000009011A7670
Attribute 26 40 0000000901227670
Attribute 6 6 00000005
Attribute 7 6 00000001
RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=secret" not applied for lcp
RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp" not applied for lcp
RADIUS: cisco AVPair "vpdn:vpdn-group=out_test" not applied for lcp
RADIUS: cisco AVPair "vpdn:ip-addresses=xxx.xxx.xxx.xxx" not applied for lcp
Vi1 AAA/AUTHOR/LCP: Denied
Vi1 VPDN: Cleanup
Vi1 VPDN: Reset
Vi1 VPDN: Reset
Vi1 VPDN: Unbind interface
Vi1 VPDN: Unbind interface
Vi1 VPDN: Reset
Vi1 VPDN: Unbind interface
Re: vpdn multihop [ In reply to ]
dpeng at cisco
Jul 29, 2003, 8:23 AM
Post #2 of 2 (1712 views)
Permalink
Yes, you can do multihop as you describe below. Try adding "vpdn
authen-before-forward" to your configuration and give it another shot.

Dennis

Eric Laporte [eric.laporte@deckpoint.com] wrote:
>
> Hello,
>
> We would like to implement a vpdn multihop switch using radius attributes on a 7204vxr router acting as LNS.
> The LNS should in normal condition simply terminate PPPoE clients overt L2TP (this works already) and depending on the user id ( not
> domain.. ) we'd like to forward to another LNS using multihop.
>
> is it possible to do that at all?
>
> multihop documentation only mentions domain, hostname and dnis matching.
>
>
> The following configuration we tried gives us errors that we don't understand:
> RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
>
> thanks,
> Eric
>
>
> --- multihop router configuration -------------------------------------------------------------
>
> ip address-pool local
> virtual-profile virtual-template 1
> multilink virtual-template 7
> vpdn enable
> vpdn multihop
> !
> vpdn-group incoming
> ! Default PPTP VPDN group
> accept-dialin
> protocol pptp
> virtual-template 1
> lcp renegotiation on-mismatch
> !
> vpdn-group out_test
> request-dialin
> protocol l2tp
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet0/0
> peer default ip address pool deckpoint
> ppp authentication chap ms-chap
> ppp multilink
>
> --- radius log ------------------------------------------------------------------------------
>
> rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=29, length=78
> NAS-IP-Address = xxx.xxx.xxx.xxx
> NAS-Port = 1
> NAS-Port-Type = Virtual
> User-Name = "saml2tp"
> CHAP-Password = 0x0e8c54282f65e16da39856fd0736e0ebd7
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Sending Access-Accept of id 29 to xxx.xxx.xxx.xxx:1645
> Cisco-AVPair += "vpdn:tunnel-id=testsam"
> Cisco-AVPair += "vpdn:l2tp-tunnel-password=secret"
> Cisco-AVPair += "vpdn:tunnel-type=l2tp"
> Cisco-AVPair += "vpdn:vpdn-group=out_test"
> Cisco-AVPair += "vpdn:ip-addresses=xxx.xxx.xxx.xxx"
> Service-Type := Outbound-User
> Framed-Protocol := PPP
>
> --- multihop router log ---------------------------------------------------------------------
>
> Vi1 VPDN: Clone from Vtemplate 1
> Vi1 VPDN: Bind interface direction=2
> %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
> Vi1 VPDN: Looking for tunnel -- --
> Vi1 VPDN: Looking for tunnel -- --
> Vi1 VPDN: Continue PPP authentication for saml2tp
> RADIUS: ustruct sharecount=2
> Radius: radius_port_info() success=1 radius_nas_port=1
> RADIUS: Initial Transmit Virtual-Access1 id 29 xxx.xxx.xxx.xxx:1645, Access-Request, len 78
> Attribute 4 6 C226A802
> Attribute 5 6 00000001
> Attribute 61 6 00000005
> Attribute 1 9 73616D6C
> Attribute 3 19 0E8C5428
> Attribute 6 6 00000002
> Attribute 7 6 00000001
> RADIUS: Received from id 29 xxx.xxx.xxx.xxx:1645, Access-Accept, len 203
> Attribute 26 30 0000000901187670
> Attribute 26 40 0000000901227670
> Attribute 26 29 0000000901177670
> Attribute 26 32 00000009011A7670
> Attribute 26 40 0000000901227670
> Attribute 6 6 00000005
> Attribute 7 6 00000001
> RADIUS: cisco AVPair "vpdn:tunnel-id=test" not applied for lcp
> RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=secret" not applied for lcp
> RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp" not applied for lcp
> RADIUS: cisco AVPair "vpdn:vpdn-group=out_test" not applied for lcp
> RADIUS: cisco AVPair "vpdn:ip-addresses=xxx.xxx.xxx.xxx" not applied for lcp
> Vi1 AAA/AUTHOR/LCP: Denied
> Vi1 VPDN: Cleanup
> Vi1 VPDN: Reset
> Vi1 VPDN: Reset
> Vi1 VPDN: Unbind interface
> Vi1 VPDN: Unbind interface
> Vi1 VPDN: Reset
> Vi1 VPDN: Unbind interface
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal