06-29-2008 10:55 PM
I'm trying to set up a single router to terminate PPPoE connections and offer different rates using virtual templates. All the documentation seems to be focused on LAC/LNS installs. In this case we effectively just have a single router performing both functions.
RADIUS will be used for AAA.
Solved! Go to Solution.
06-30-2008 12:22 AM
Hi David,
Nice document, enjoy :) And please keep us updated.
By the way, since IOS 12.4(2)T:
cisco-avpair = "ip:sub-policy-In=in-policy-name"
cisco-avpair = "ip:sub-policy-Out=out-policy-name"
Are replaced with the following new attributes:
cisco-avpair = "ip:sub-qos-policy-in=in-policy-name"
cisco-avpair = "ip:sub-qos-policy-out=out-policy-name"
But anyway as per Cisco, the replaced attributes will be supported for several more software releases, but profiles should be updated with the new attributes as soon as it is feasible to do so.
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/htipmaaa.html
BR,
Mohammed Mahmoud.
06-29-2008 11:42 PM
Hi,
It should look something like this:
aaa authentication ppp vpdn group radius
aaa authorization network vpdn group radius
aaa accounting network vpdn start-stop group radius
!
bba-group pppoe VPDN1
virtual-template 10
sessions auto cleanup
!
bba-group pppoe VPDN2
virtual-template 20
sessions auto cleanup
!
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip unnumbered Loopback0
pppoe enable group VPDN1
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip unnumbered Loopback0
pppoe enable group VPDN2
!
interface Virtual-Template10
description VPDN1
ip unnumbered Loopback0
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
!
interface Virtual-Template10
description VPDN2
ip unnumbered Loopback0
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
radius-server host
And you can do whatever you want under each virtual-template.
BR,
Mohammed Mahmoud.
06-29-2008 11:48 PM
This is similar to the sample configs I've been looking at however I can't see how service is differentiated based on login details. I would appear to differentiate based on the incoming VLAN.
What I'm trying to do is have a user login using PPPoE and be given a virtual template based on their RADIUS profile. The idea being that I can a embed QoS policing policy in the virtual template to provide different service levels to customers.
06-29-2008 11:54 PM
Hi,
AFAIK, to apply a different virtual-template you need to apply a different bba-group, and to apply a different bba-group you need to use VLANs and subinterfaces - i think that you can work around and use this model.
Another prospective to think with, is that you can search if what you require to do can be sent by the RADIUS as a Cisco RADIUS AV Pair according to the customer profile.
BR,
Mohammed Mahmoud.
06-29-2008 11:56 PM
I understand that it is a RADIUS AVP, the question being how to apply it.
D
06-30-2008 12:04 AM
Hi,
Fine, this doesn't mean that you'll apply a different virtual-template per each class, what you are going to do is to apply a Cisco AVP per customer profile to be used to clone the virtual-access.
cisco-avpair = "ip:sub-qos-policy-in=in-policy-name"
cisco-avpair = "ip:sub-qos-policy-out=out-policy-name"
BR,
Mohammed Mahmoud.
06-30-2008 12:12 AM
Ok, so single bba group with a single virtual template on a single interface.
Then a policy map for each user grouping.
I found this document which looks like it has most of the info I need.
http://www-europe.cisco.com/univercd/cc/td/doc/product/aggr/10000/swconfig/cfggdes/qoscf/10qrad.htm
Once I have it sussed I'll post the final config snippet
06-30-2008 12:22 AM
Hi David,
Nice document, enjoy :) And please keep us updated.
By the way, since IOS 12.4(2)T:
cisco-avpair = "ip:sub-policy-In=in-policy-name"
cisco-avpair = "ip:sub-policy-Out=out-policy-name"
Are replaced with the following new attributes:
cisco-avpair = "ip:sub-qos-policy-in=in-policy-name"
cisco-avpair = "ip:sub-qos-policy-out=out-policy-name"
But anyway as per Cisco, the replaced attributes will be supported for several more software releases, but profiles should be updated with the new attributes as soon as it is feasible to do so.
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/htipmaaa.html
BR,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide