Radius Connectivity for MPLS VRF Forwarding and L2TP Tunnels

Pratik Singh pratik.singh at hcl.in
Sat May 27 11:11:36 CEST 2006 

Hi,

 

The fix came via the LNS. Apparently the main issue was the router sending
the Radius attributes in a non-standard format. For that the command on the
router was:
#radius-server host <IP> auth-port 1812 acct-port 1813 non-standard key
<key>.

 

Regarding the VRF forwarding through the RADIUS the following lines in the
users file helped:

user  Auth-Type = Local, Password ="xyz", Simultaneous-Use = 1

        Port-Limit = 1,

        Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-MTU = 1500,

        Framed-IP-Address = 192.168.1.1,

        Framed-IP-Netmask = 255.255.255.255,

        Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPNA",

        Cisco-AVPair = "lcp:interface-config=ip unnumbered loopback 1",

        Cisco-AVPair = "lcp:interface-config=peer default ip address pool
dialin"

 

Rgds

Pratik

 

  _____  

From: Pratik Singh [mailto:pratik.singh at hcl.in] 
Sent: Tuesday, May 16, 2006 12:35 PM
To: 'Cistron Radius users mailing list'
Subject: Radius Connectivity for MPLS VRF Forwarding and L2TP Tunnels

 

Hi All,

 

I need some help regarding the configuration of Cistron RADIUS for MPLS VRF
Forwarding and L2TP Tunnels.

 

The setup is as follows:

A client dials to the NAS in this case a Cisco AS5400 for his backup link to
the Service Provider MPLS Cloud. The Radius replies back with the attributes
required for setting up a L2TP tunnel between the AS5400 (LAC - L2TP Access
Concentrator) and a Cisco 7206 router (LNS - L2TP Network Server). The
following is the entry in the RADIUS users file for setting this up -

test Auth-Type = Local, Password = "test", Simultaneous-Use =1

        Port-Limit =1 ,

        Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-MTU = 1500,

        Tunnel-Type = L2TP,

        Tunnel-Server-Endpoint = 10.10.10.1,

        Framed-IP-Address = 10.66.8.211,

        Framed-IP-Netmask = 255.255.255.255

 

Is this configuration enough or do I need to add additional attributes?

 

Secondly the Radius also needs to forward attributes regarding the VRF of
the customer. The VRF details are maintained in the PE router of the MPLS
cloud. What changes are needed to be made in the users file?

 

Many Thanks.

 

Rgds

Pratik Singh

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cistron.nl/pipermail/cistron-radius/attachments/20060527/a7b4a61a/attachment.html>

More information about the Cistron-radius mailing list