Mailing List Archive: Cisco 7301 as LTS With Hundreds of Domains

Cisco 7301 as LTS With Hundreds of Domains

Apr 8, 2008, 7:21 AM

Post #1 of 3 (3934 views)

Hi

We currently have 8 x 7301'S running as LTS's to terminate ATM from
carrier and switch the tunnel to
3 LNS (2 as primary using priority 1 and backup using priority 2)

Copy of config below

<< From carrier >>

vpdn-group IN-FROM-CARRIER
accept-dialin
protocol any
virtual-template 2
terminate-from hostname XX-XX-XX
lcp renegotiation on-mismatch
l2tp tunnel password 0 XXXXXXX

<< TO LNS FARM >>

vpdn-group OUT-TO-LNS
request-dialin
protocol l2tp
domain 1
domain 2
domain 100
domain 300
initiate-to ip 1.1.1.1 priority 1
initiate-to ip 2.2.2.2 priority 1
initiate-to ip 3.3.3.3 priority 2
source-ip 9.9.9.9
local name OUT-TO-LNS
l2tp tunnel password 0 XXXXXXX

We now have about 300 domains, so the config is very long with every
domain listed in there becomes a nightmare to manage, so my question is
there
Any way to put a wildcard * domain into this tunnel (the box only has 1
request-dialin vpdn group) so that all realms received from carrier and
tunnelled to the LNS's

Thanks in advance

Gareth
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: Cisco 7301 as LTS With Hundreds of Domains [ In reply to ]

eh at solnet

Apr 8, 2008, 3:19 PM

Post #2 of 3 (3775 views)

Permalink

Hi

I suggest to get the domain information via radius server. Also have a
quick look about the command "tunnel share" which might help you to
reduce the number of tunnels to your lns.

Regards
Erich

>
> We currently have 8 x 7301'S running as LTS's to terminate ATM from
> carrier and switch the tunnel to
> 3 LNS (2 as primary using priority 1 and backup using priority 2)
>
> Copy of config below
>
> << From carrier >>
>
> vpdn-group IN-FROM-CARRIER
> accept-dialin
> protocol any
> virtual-template 2
> terminate-from hostname XX-XX-XX
> lcp renegotiation on-mismatch
> l2tp tunnel password 0 XXXXXXX
>
> << TO LNS FARM >>
>
> vpdn-group OUT-TO-LNS
> request-dialin
> protocol l2tp
> domain 1
> domain 2
> domain 100
> domain 300
> initiate-to ip 1.1.1.1 priority 1
> initiate-to ip 2.2.2.2 priority 1
> initiate-to ip 3.3.3.3 priority 2
> source-ip 9.9.9.9
> local name OUT-TO-LNS
> l2tp tunnel password 0 XXXXXXX
>
> We now have about 300 domains, so the config is very long with every
> domain listed in there becomes a nightmare to manage, so my question
> is
> there
> Any way to put a wildcard * domain into this tunnel (the box only
> has 1
> request-dialin vpdn group) so that all realms received from carrier
> and
> tunnelled to the LNS's
>
> Thanks in advance
>
> Gareth
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Re: Cisco 7301 as LTS With Hundreds of Domains [ In reply to ]

tom at snnap

Apr 8, 2008, 6:20 PM

Post #3 of 3 (3760 views)

Permalink

The ISP I work for uses "authenticate before forward" for some private VPN
services we offer.

Essentially your LTS/LACs will authenticate the user, and the RADIUS
response contains details about where the session should be forwarded
(rather than what details to terminate the session with), which can be a
list of your LNSs which the LAC can load balance accross.

Once the session has been forwarded on, your LNSs will authenticate the
user, and terminate the session.

I believe we are using two RADIUS instances for this, one for the auth
before forward stuff, and the second to actually authenticate the users
for termination on the destination LNS.

> Hi
>
> I suggest to get the domain information via radius server. Also have a
> quick look about the command "tunnel share" which might help you to
> reduce the number of tunnels to your lns.
>
> Regards
> Erich
>
>>
>> We currently have 8 x 7301'S running as LTS's to terminate ATM from
>> carrier and switch the tunnel to
>> 3 LNS (2 as primary using priority 1 and backup using priority 2)
>>
>> Copy of config below
>>
>> << From carrier >>
>>
>> vpdn-group IN-FROM-CARRIER
>> accept-dialin
>> protocol any
>> virtual-template 2
>> terminate-from hostname XX-XX-XX
>> lcp renegotiation on-mismatch
>> l2tp tunnel password 0 XXXXXXX
>>
>> << TO LNS FARM >>
>>
>> vpdn-group OUT-TO-LNS
>> request-dialin
>> protocol l2tp
>> domain 1
>> domain 2
>> domain 100
>> domain 300
>> initiate-to ip 1.1.1.1 priority 1
>> initiate-to ip 2.2.2.2 priority 1
>> initiate-to ip 3.3.3.3 priority 2
>> source-ip 9.9.9.9
>> local name OUT-TO-LNS
>> l2tp tunnel password 0 XXXXXXX
>>
>> We now have about 300 domains, so the config is very long with every
>> domain listed in there becomes a nightmare to manage, so my question
>> is
>> there
>> Any way to put a wildcard * domain into this tunnel (the box only
>> has 1
>> request-dialin vpdn group) so that all realms received from carrier
>> and
>> tunnelled to the LNS's
>>
>> Thanks in advance
>>
>> Gareth
>>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba