Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1388
Views
0
Helpful
3
Replies

LAC with many LNS for PPPoE user

intermediasud
Level 1
Level 1

‎06-12-2007 06:40 AM

My schema likes that

PC(PPPoE)---Modem---DSLAM(ATM)----LAC(7206)--------------LNS

Any suggestion to configure these devices (LAC, LNS and Radius) that satisfy these conditions followings:

- LAC terminates PPPoE session from user1 and distributes it an IP based on the informations from RADIUS

- LAC terminates PPPoE session from user2 and establishes a tunnel L2TP with a LNS whom IP is given by RADIUS (every group user has a LSN different)

-

I haved succeed to configure LAC that terminates PPPoE or establishes a tunnel L2TP with only one LNS (using initiate-to ip) but not both, not many LNS.

I want to combine 2 functions on LAC and LAC can communicate with many LNS, it?s possible or not?

Thanks so much for any suggestion

Labels:
0 Helpful
3 Replies 3

kerek
Level 4
Level 4

‎06-15-2007 02:47 AM

Yes it is possible. You can do it based on different domain names used by the clients i.e. one domain (@domain1.net) is terminated on LAC and the other domain (@domain2.net) is forwarded to LNS.

Let's take a look to the link below.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087465.html

Hope it helps, rate if does,

Krisztian

0 Helpful

intermediasud
Level 1
Level 1

‎06-15-2007 04:04 AM

Thanks so much for your answer but i have found the solution by configuring RADIUS and vpdn to terminates PPPOE on LAC.

Now, i have another question on PPPOE

PC(PPPOE)-Modem-DSLAM(ATM)-LAC(7200)

All interface MTU on LAC (interface Virtual-Template) is 1460.

I can't ping any IP on LAC from PC with MTU greater 172 ????

ping -l 172 x.x.x.x

what's the problem ?

Please help me

0 Helpful

kerek
Level 4
Level 4
In response to intermediasud

‎06-15-2007 04:44 AM

Answering your the first question:

You have to have one vpdn group configured for terminating pppoe and another for initiate lt2tp.

aaa authentication ppp dsl_auth group radius

aaa authorization network dsl_auth group radius

aaa accounting delay-start

aaa accounting update periodic 60

aaa accounting network dsl_acc start-stop group radius

aaa accounting resource dsl_acc start-stop group radius

!

vpdn enable

vpdn multihop

vpdn search-order domain

!

vpdn-group 1

request-dialin

protocol l2tp

domain domain.com

initiate-to ip

local name testgw

!

vpdn-group 2

description Local ADSL testing

accept-dialin

protocol pppoe

virtual-template 1

!

!

interface Virtual-Template1

description Local PPPOE termination

mtu 1492

ip unnumbered FastEthernet0/1.10

ppp authentication chap pap dsl_auth

ppp authorization dsl_auth

ppp accounting dsl_acc

!

I use for instance freeradius based on mysql db and it works well.

For the MTU related question.

As far as I know the most typical minimum MTU is 576 bytes.

If the packet size exceed the minimum MTU of the path it is being fragmented, however if the DF bit set in the header the packet will be dropped. In case of 172 bytes ping shouldn't be a problem. Try do make some icmp debug to see the LAC get the ismp at all.

Anyway on the LAC it is enough to set the MTU to 1492 (pppoe header 8 bytes) and on the LNS you have to use 1452 because of the l2tp overhead (new IP packet+UDP+l2tp=40 bytes).

Hope it helps, rate if does

Krisztian

0 Helpful
Customers Also Viewed These Support Documents