select virtual-template used by vpdn-group via radius

Unanswered Question
Oct 9th, 2007

Hi all,

is it possible to let the RADIUS server decide which one of the 'interface virtual-template' configured on an router should be used? So that one can assign different virtual-templates to different users, when they dial in.

In my case I have to configure the LNS of a L2TP connection using a vpdn-group and want to bind different users to different bridge-groups/VLANs.

It would be nice if someone out there could give me a hint.

Thanks in advance and kind regards

Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (2 ratings)
Loading.

Hi,

As far as I know when the LNS terminate an l2tp tunnel from the LAC the ppp session within that will be assigned to the configured virtual-template and you can't influence this behavior. If you want to terminate the session on different vt then try to configure the LAC to initiate another l2tp tunnel. You can distinguish the group of users by means of different domains ([email protected]).

The LAC when receives an incoming ppp session it will build up the l2tp tunnel to the appropriate LNS based on the domain (or by means of the appropriate radius attribute).

Hope it helps, rate if does

Krisztian

d-mark Wed, 10/10/2007 - 05:57

Hi Krisztian,

thanks for your reply. Unfortunately I don't have any access to the LAC or the radius-server which the LAC asks.

kind regards

Mark

aravindhs Wed, 10/10/2007 - 02:56

Mark,

I understand you want to be able to get a per-user/per-connection/per-customer control. You could use one virtual template and let it talk to the RADIUS and create multiple loopback interfaces (one per customer). Set your RADIUS to bind the incoming PPP request to your appropriate loopback and configure your loopbacks as you like. RADIUS profile/loopback will override the virtual template config although it will use it to arbiter the link initially.

HTH

Do let us know how you get on with this.

Cheers

Arav

d-mark Wed, 10/10/2007 - 06:05

Hi Arav,

thanks for your reply. What did you mean exactly with "Set your RADIUS to bind the incoming PPP request to your appropriate loopback and configure your loopbacks as you like"?

I've found the option to configure the virtual-access interface (created for each connection) by the radius server using the cisco-avpair "lcp:interface-config=". But I haven't yet tested it.

kind regards

Mark

Actions

This Discussion