Hello Everybody,

i realized the following IPoE scenario :

- IP Address assignment : DHCP-server-radius-proxy ( Circuit-id, remote-id)

- Subscribers Session authenticated : session initiator source ip-address

subscribers use 3 channels depending on the vlan they are connected to; 

so I thought of assigning a vrf to each session through Cisco-AV-Pair attribute :

Cisco-AVPair", "+=", "ip:vrf-id=beeline

For the policy to work, it is necessary to configure a multiservice interface for each vrf (should act as a boundary between vrf routing table and default routing table)

So I did : (let's take the beeline channel for example)

interface multiservice 1

ip vrf forwarding beeline

ip addres a.a.a.a

no keepalive

it all works fine : the ip is assigned, the session is authenticated, the traffic goes out through the right vrf...but it does not go back to the subscriber..the multiservice interface does not forward traffic to the subscriber. 

In the routing table of the vrf beeline I see this route :

213.33.180.178/32 via 213.33.180.178 multiservice1 

If I try to ping the subscriber's ip from vrf :

ping vrf beeline 213.33.180.178 

it works!! the traffic reaches the subscriber with the source ip of the multiservice interface (and then manages to get out of the vrf)...but the traffic from the internet seems to hang in the vrf.

i tried to use the primary service :

policy-map type service VPN

ip vrf forwarding beeline

sg-service-type primary

and to assign the policy via the attribute Cisco-Account-Info :

Cisco-Account-Info", "+=", "AVPN")

but in this way the session is not even authenticated and nothing works...

I've been searching eveywhere but I can't find a solution...(I only find information about VPN services but that's not my case)

maybe i could use PBR to forward traffic based on source ip but i don't know how to do in this case

Thanks for your help.