cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1472
Views
0
Helpful
8
Replies

Multiple virtual-templates using L2TP?

michael.whittle
Level 1
Level 1

Hi,

At the moment I've got one virtual-template bound to a VPDN group. I now have a different service that will require a different virtual-template. How does the VPDN group determine which virtual-template to use?

Would it be done using the domain name portion of the username or is there a different way of doing it?

Basically I want one virtual-template to allow Radius to assign an IP address statically and the other to use a "peer default ip address" with an address pool?

Any ideas?

Thanks,

Mike

1 Accepted Solution

Accepted Solutions

Mike,

in the vpdn-group you can specify the tunnel hostname from the LAC, by means of the command "terminate-from hostname ".

The tunnel hostname at the LAC is equal to the router hostname by default, but it's better to overrule the default and have it specified e.g. by means of the RADIUS attribute 90 "Tunnel-Client-Auth-Id" so that you can terminate L2TP tunnels from multiple virtual LAC's into the same VPDN service at the LNS. This RADIUS attribute is returned to the LAC during the "pre-authentication" which can be based on DNIS or domain.

regards

Jan

View solution in original post

8 Replies 8

dbellaze
Level 4
Level 4

If I remember correctly you specify the virtual template to terminate on under the vpdn group configuration.

Daniel

zahmed
Cisco Employee
Cisco Employee

Hi Michael,

Under each vpdn-group, you can configure a specific "virtual-template x" and then define your virtual-template x accordingly.

Thanx and Regards,

~Zulfiqar

Hi Zulfiqar,

I think you've misunderstood what I was asking. I have that configured already and it works. What I want to know is if you have two virtual-template's that are bound to separate vpdn-groups's how does the L2TP know which vpdn-group to use? I was asking if that is done by the domain suffix of the username or by some other means.

Regards,

Mike

Mike,

in the vpdn-group you can specify the tunnel hostname from the LAC, by means of the command "terminate-from hostname ".

The tunnel hostname at the LAC is equal to the router hostname by default, but it's better to overrule the default and have it specified e.g. by means of the RADIUS attribute 90 "Tunnel-Client-Auth-Id" so that you can terminate L2TP tunnels from multiple virtual LAC's into the same VPDN service at the LNS. This RADIUS attribute is returned to the LAC during the "pre-authentication" which can be based on DNIS or domain.

regards

Jan

Thanks a lot.

Hi Jan/Michael,

I know this thread has passed on but have you any thoughts on the following?

Is there anyway to pipe particular users using static ip's to a different vpdn-group/virtual-template in order to measure bandwidht from that user subset.

Unfortunately, they are on same realm(s) as dynamic users.

Maybe there is an easier way to do this without channeling those users to seperate vpdn-group/template?

Any thoughts,

Thanks,

Mark

michael.whittle
Level 1
Level 1

I'm not clear as what you're trying to do. The virtual-template would be generic. Depending on the user you would just include the two sets of attributes depending on what you want to do.

If you want to identify the users by their static routes why don't you just tag them in their framed-route in Radius.

Did that help or answer your question?

Michael,

Im trying to measure bandwidth for a particualr set of users who recieve static ip's. These users use distinct subnets but come in on common L2TP tunnel with dynamic users. Also, they do not have a distinct realm, unfortunately.

It may not be the quickest way to get stats as Telco would need to set this up also, I believe.

Others have mentioned tagging, i think this would still mean trawling thru stop/start records provided by radius accounting.

Maybe Policy-Based-Routing, route them out in different interfaces and poll these. I wonder would this be a big hit on 7204VXR/NPEG1?

Thanks,

Mark