Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
4
Helpful
4
Replies

select virtual-template used by vpdn-group via radius

d-mark
Level 1
Level 1

‎10-09-2007 01:32 AM

Hi all,

is it possible to let the RADIUS server decide which one of the 'interface virtual-template' configured on an router should be used? So that one can assign different virtual-templates to different users, when they dial in.

In my case I have to configure the LNS of a L2TP connection using a vpdn-group and want to bind different users to different bridge-groups/VLANs.

It would be nice if someone out there could give me a hint.

Thanks in advance and kind regards

Mark

Labels:
0 Helpful
4 Replies 4

kerek
Level 4
Level 4

‎10-10-2007 02:32 AM

Hi,

As far as I know when the LNS terminate an l2tp tunnel from the LAC the ppp session within that will be assigned to the configured virtual-template and you can't influence this behavior. If you want to terminate the session on different vt then try to configure the LAC to initiate another l2tp tunnel. You can distinguish the group of users by means of different domains (username@domain.com).

The LAC when receives an incoming ppp session it will build up the l2tp tunnel to the appropriate LNS based on the domain (or by means of the appropriate radius attribute).

Hope it helps, rate if does

Krisztian

d-mark
Level 1
Level 1
In response to kerek

‎10-10-2007 05:57 AM

Hi Krisztian,

thanks for your reply. Unfortunately I don't have any access to the LAC or the radius-server which the LAC asks.

kind regards

Mark

0 Helpful

aravindhs
Level 1
Level 1

‎10-10-2007 02:56 AM

Mark,

I understand you want to be able to get a per-user/per-connection/per-customer control. You could use one virtual template and let it talk to the RADIUS and create multiple loopback interfaces (one per customer). Set your RADIUS to bind the incoming PPP request to your appropriate loopback and configure your loopbacks as you like. RADIUS profile/loopback will override the virtual template config although it will use it to arbiter the link initially.

HTH

Do let us know how you get on with this.

Cheers

Arav

d-mark
Level 1
Level 1
In response to aravindhs

‎10-10-2007 06:05 AM

Hi Arav,

thanks for your reply. What did you mean exactly with "Set your RADIUS to bind the incoming PPP request to your appropriate loopback and configure your loopbacks as you like"?

I've found the option to configure the virtual-access interface (created for each connection) by the radius server using the cisco-avpair "lcp:interface-config=". But I haven't yet tested it.

kind regards

Mark

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents