×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

MPLS - remote access

Unanswered Question
May 15th, 2007
User Badges:
  • Silver, 250 points or more

Hi folks,


I've to realize a RAS/PE for dialup connections, and use a vrf selection authentication based.


Any advice will be appreciated

Regards

Andrea


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mohammedmahmoud Tue, 05/15/2007 - 10:40
User Badges:
  • Green, 3000 points or more

Hi Andrea,


Are you talking about MPLS VPDN.


BR,

Mohammed Mahmoud.

ariela Wed, 05/16/2007 - 03:29
User Badges:
  • Silver, 250 points or more

Hi Mohammed,


well, I think yes ...

I've a number of mobile users, that via ISDN (dialup) would be authenticated and added to their VRF ...


Hope this clear enough

Thanks for your support

Andrea

mohammedmahmoud Wed, 05/16/2007 - 03:56
User Badges:
  • Green, 3000 points or more

Hi,


Well thats nice, i work for an ISP and we are doing this solution, some customers' sites access their VRF using ISDN (VPDN), you'll find here all what you need:


You'll need a LAC (Access server), LNS (PE router) and a RADIUS server (we are using Cisco CAR).


http://www.cisco.com/en/US/tech/tk801/tk703/tsd_technology_support_protocol_home.html


Please do not hesitate for any further questions.


HTH, please do rate all helpful replies,

Mohammed Mahmoud.

ariela Wed, 05/16/2007 - 04:25
User Badges:
  • Silver, 250 points or more

Hi,


thanks for your informations.

Is it possible to implement the RAS and the PE function on the same device (obviously with an external radius server for PPP authentication)?


Thanks

Andrea

mohammedmahmoud Wed, 05/16/2007 - 04:34
User Badges:
  • Green, 3000 points or more

Hi,


Yes this what exactly what we are doing, our LNS is also acting as a PE, but since we have more and more VPDN customers, we are thinking of separating the LNS (having a PE acting just as an LNS). We are using Cisco CAR as the RADIUS server.


Check the attached topology for general network layout.



HTH, please do rate all helpful replies,

Mohammed Mahmoud.



mohammedmahmoud Wed, 05/16/2007 - 04:54
User Badges:
  • Green, 3000 points or more

Hi,


Sorry i guess that i got your question wrong, i think you meant having a single device acting as a LAC and a LNS at the same time, i don't think that this doable as the whole idea is built upon L2TP between both the LAC and the LNS.


The LAC provides authentication and access concentration for remote users. After a remote user is authenticated, that user's communications session is then forwarded to the LNS, which provides access to that user's VRF.


Although most remote access technologies bundle these functions into a single device, L2TP separates them into two physically separate devices LAC and LNS.



HTH, please do rate all helpful replies,

Mohammed Mahmoud.


mohammedmahmoud Thu, 05/17/2007 - 10:25
User Badges:
  • Green, 3000 points or more

Hi Andrea,


I didn't see this before, please keep me updated if it worked out.


Good Luck :)


BR,

Mohammed Mahmoud.

Actions

This Discussion