Hello Team,
Good morning...Hope you all are safe :)
I am in the middle of implementation and i have some doubt with the below scenario. I read about on ISG (Intelligent Services Gateway) on Cisco but not sure whether it should be use or it will work without ISG as well. Will you help me to understand if I have to use this feature or not..
I have searched many documents but not able to get any solution.
Below is the scenario and the requirements.
Scenario:
Customer currently has Redback BRAS router and has procured ASR1009-X as a replacement for it.
Customer is a Service Provider and he wants to use ASR1009-X as an LNS for L2TP connection. He has around 50+ plus branches and all the branches acts like LAC for this L2tP session. And all this LAC connects to LNS router on both the VRF(LNS1 and LNS2).
ASR router has many VRFs(Bronze, Silver, Platinum etc.) towards internet routers and VRF LNS1/LNS2 towards LAC routers.
All the L2tp sessions terminate on LNS1 or LNS2 for the end users(subscriber).
Below is the sample configuration.
Below is the configuration on LNS:
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname R-PPPoE
vpn vrf LNS-001
source-ip x.x.x.x
local name BRAS-02-PNH-DC1
lcp renegotiation always
no l2tp tunnel authentication
interface Virtual-Template1
vrf forwarding LNS-001
ip unnumbered Loopback100
peer default ip address pool mypool
ppp authentication pap
end
ip local pool mypool 110.235.254.10 110.235.254.15
aaa authentication ppp default local
username user1@cisco.com password user1
***************************************************
This is the sample configuration we tested with local authentication. In the above case clients get the IPs from dhcp pool “mypool” mapped to virtual-interface 1 and local authenticated.
Requirements:
1) All the end user will be connected using L2tp.
2) These users should be authenticated by Radius server.
3) In the above scenario dhcp pool was assigned from statically mapped pool"my pool", but customer wants it to be dynamic based on the username and that will be defined in the Radius server.
Eg: if user1 is connected with domain user1@cisco.com then he will be authenticated from radius and then radius will inform router he should be assigned IP from “pool1” (NOTE: IP pools are configured on LNS router.)
and user2 is connected with different domain user2@ftth then he will be authenticated from radius and he should be assigned IP pool from “pool2”.
NOTE: All IP pools should be configured on the router only but authorisation will be depend on radius( that means radius will inform ASR from which pool it should assign IP addresses)
3) Also in the Radius server they have configured other parameters as well based on the username, such as if the user1 is authenticated he will be assinged particular VRFs eg. Silver to access internet and Qos policy eg:Qos name "o*3ytbe" for downloading and "i*3ytbe" for uploading with particular speed and if user2 is authenticated he will be assinged particular VRFs eg. Bronze to access internet and Qos policy eg. Qos name "o*5mte" for downloading and "i*5mte" for uploading with particular speed.
Now user will access internet from the mapped VRFs (Silver, Bronze or Platinum)
NOTE: these VRFs and Qos policies for uploading and downloading are configured on the local router(ASR1009-X)
4) They have the billing system integrated with the radius server. So they want all the subscribers(end users) data usage to be sent to the billing system.
ASR1009-X should send the data usage to the billing server so that they can bill the end users based on the consumed data.
So this is the requirement. how can i achieve this? Do i need to configure ISG and if yes what all are needed to configure?
What are the radius attributes required for authorisation?
I have attached the diagram as well.
Thanks alot in advance :)
Thanks and Regards,
Vikas G
