List Info

Thread: Re: Cisco 7301 as LTS With Hundreds of Domains
Re: Cisco 7301 as LTS With Hundreds of Domains
user name
 2008-04-08 20:58:24 
The ISP I work for uses "authenticate before
forward" for some private VPN
services we offer.

Essentially your LTS/LACs will authenticate the user, and
the RADIUS
response contains details about where the session should be
forwarded
(rather than what details to terminate the session with),
which can be a
list of your LNSs which the LAC can load balance accross.

Once the session has been forwarded on, your LNSs will
authenticate the
user, and terminate the session.

I believe we are using two RADIUS instances for this, one
for the auth
before forward stuff, and the second to actually
authenticate the users
for termination on the destination LNS.

> Hi
>
> I suggest to get the domain information via radius
server. Also have a
> quick look about the command "tunnel share"
which might help you to
> reduce the number of tunnels to your lns.
>
> Regards
> 	Erich
>
>>
>> We currently have 8 x 7301'S running as LTS's to
terminate ATM from
>> carrier and switch the tunnel to
>> 3 LNS (2 as primary using priority 1 and backup
using priority 2)
>>
>> Copy of config below
>>
>> << From carrier >>
>>
>> vpdn-group IN-FROM-CARRIER
>> accept-dialin
>>  protocol any
>>  virtual-template 2
>> terminate-from hostname XX-XX-XX
>> lcp renegotiation on-mismatch
>> l2tp tunnel password 0 XXXXXXX
>>
>> << TO LNS FARM >>
>>
>> vpdn-group OUT-TO-LNS
>> request-dialin
>>  protocol l2tp
>> domain 1
>> domain 2
>> domain 100
>> domain 300
>> initiate-to ip 1.1.1.1 priority 1
>> initiate-to ip 2.2.2.2 priority 1
>> initiate-to ip 3.3.3.3 priority 2
>> source-ip 9.9.9.9
>> local name OUT-TO-LNS
>> l2tp tunnel password 0 XXXXXXX
>>
>> We now have about 300 domains, so the config is
very long with every
>> domain listed in there becomes a nightmare to
manage, so my question
>> is
>> there
>> Any way to put a wildcard * domain into this tunnel
(the box only
>> has 1
>> request-dialin vpdn group) so that all realms
received from carrier
>> and
>> tunnelled to the LNS's
>>
>> Thanks in advance
>>
>> Gareth
>>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bbapuck.nether.net
> ht
tps://puck.nether.net/mailman/listinfo/cisco-bba
>


_______________________________________________
cisco-bba mailing list
cisco-bbapuck.nether.net
ht
tps://puck.nether.net/mailman/listinfo/cisco-bba
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )