Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

remote access MPLS/VPN issue

I am running some tests with Remote Access Dial In MPLS/VPN. First I configured the VPDN to authenticate locally on the VG(LNS) and everything was OK. Then I configured to authenticate and manage IP addressing on a Radius Server in the following way:

I configured virtual-profiles with virtual-template so the Radius Server gives me the following commands through AVpairs:

lcd:interfaceconfig#1=ip vrf forwarding VRFname

lcd:interfaceconfig#2=ip unnumbered loopback 0

lcd:interfaceconfig#3=peer default ip address pool <pool name>

whereas in the virtual template I only have the following configuration:

interface Virtual-Template1

no ip address

no peer default ip address

ppp authentication chap callin

ppp multilink

And everything works OK!!!

Then the customer wants the radius server to manage the Ip addressing, so I mantain the virtual-template as before, and I change the radius AVpairs to:

lcd:interfaceconfig#2=ip vrf forwarding VRF

lcd:interfaceconfig#3=ip add x.x.x.x

And it never works... so I try to enter these commands manually and I notice that the virtual template interface does not accept the /32 mask.

Is there a way to change that?. In case I can not assign the IP address with this mask, what is the best approach to the radius to assign the IP address.

Thanks for your help



Re: remote access MPLS/VPN issue

I think the /32 mask is valid only on a loopback interface since there cannot be any other host on such an interface. Probably you will have to find a workaorund that uses a loopback interface in this case.