Cistron - Radius

RE: Radius Connectivity for MPLS VRF Forwarding and L2TP Tunnels

View: New views
1 Messages — Rating Filter:   Alert me  

RE: Radius Connectivity for MPLS VRF Forwarding and L2TP Tunnels

by Pratik Singh-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

Hi,

 

The fix came via the LNS. Apparently the main issue was the router sending the Radius attributes in a non-standard format. For that the command on the router was:
#radius-server host <IP> auth-port 1812 acct-port 1813 non-standard key <key>.

 

Regarding the VRF forwarding through the RADIUS the following lines in the users file helped:

user  Auth-Type = Local, Password ="xyz", Simultaneous-Use = 1

        Port-Limit = 1,

        Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-MTU = 1500,

        Framed-IP-Address = 192.168.1.1,

        Framed-IP-Netmask = 255.255.255.255,

        Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPNA",

        Cisco-AVPair = "lcp:interface-config=ip unnumbered loopback 1",

        Cisco-AVPair = "lcp:interface-config=peer default ip address pool dialin"

 

Rgds

Pratik

 

From: Pratik Singh [mailto:pratik.singh@...]
Sent: Tuesday, May 16, 2006 12:35 PM
To: 'Cistron Radius users mailing list'
Subject: Radius Connectivity for MPLS VRF Forwarding and L2TP Tunnels

 

Hi All,

 

I need some help regarding the configuration of Cistron RADIUS for MPLS VRF Forwarding and L2TP Tunnels.

 

The setup is as follows:

A client dials to the NAS in this case a Cisco AS5400 for his backup link to the Service Provider MPLS Cloud. The Radius replies back with the attributes required for setting up a L2TP tunnel between the AS5400 (LAC – L2TP Access Concentrator) and a Cisco 7206 router (LNS – L2TP Network Server). The following is the entry in the RADIUS users file for setting this up –

test Auth-Type = Local, Password = "test", Simultaneous-Use =1

        Port-Limit =1 ,

        Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-MTU = 1500,

        Tunnel-Type = L2TP,

        Tunnel-Server-Endpoint = 10.10.10.1,

        Framed-IP-Address = 10.66.8.211,

        Framed-IP-Netmask = 255.255.255.255

 

Is this configuration enough or do I need to add additional attributes?

 

Secondly the Radius also needs to forward attributes regarding the VRF of the customer. The VRF details are maintained in the PE router of the MPLS cloud. What changes are needed to be made in the users file?

 

Many Thanks.

 

Rgds

Pratik Singh

 


-
List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/
Free embeddable forum powered by Nabble Forum Help