Hi,

This is my first time to use ISG feature on my ASR1k routers which will be acting as a LAC, terminating PPPoE sessions and tunnel them to LNS.

My objective is very straightforward. Upon receiving a protocol PPP, fetch for the unauthenticated-username test1 and use vpdn-group LAC to tunnel it to the LNS.

Hereunder the complete configuration which doesn't seem to be working. When I debug, PPPoE discovery stage gets finished successfully along with the PPP LCP session stage and the authentication, but the tunnel don't get created!

Do I miss something here?

aaa authentication ppp LAC local

username test1 password 7 021201481F57

interface GigabitEthernet0/0/3.34
 encapsulation dot1Q 34
 pppoe enable group LAC-LNS
 service-policy type control COLLECT-UNAUTH-USERNAME

bba-group pppoe LAC-LNS
 virtual-template 34
 service profile RELAY-PPPOE
 sessions per-mac limit 20
 sessions auto cleanup

interface Virtual-Template34
 ip unnumbered Loopback0
 no peer default ip address
 ppp authentication chap
end

vpdn enable
vpdn source-ip 217.139.253.29
vpdn-group LAC
 request-dialin
  protocol l2tp
  domain cisco.com
 initiate-to ip 172.17.30.122
 source-ip 217.139.253.29
 local name LAC
 l2tp tunnel password 7 045802150C2E

policy-map type control COLLECT-UNAUTH-USERNAME
 class type control RESELLERS event session-start
  1 collect identifier unauthenticated-username
  2 service-policy type control USERNAME

policy-map type control USERNAME
 class type control USERNAME event session-start
  1 authenticate aaa list LAC
  2 service-policy type service name FORWARD-TO-VPDN

policy-map type service FORWARD-TO-VPDN
 service vpdn group LAC

class-map type control match-all USERNAME
 match unauthenticated-username test1

class-map type control match-all RESELLERS
 match protocol ppp