IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
I'm trying to set up a single router to terminate PPPoE connections and offer different rates using virtual templates. All the documentation seems to be focused on LAC/LNS installs. In this case we effectively just have a single router performing both functions.RADIUS will be used for AAA.
Hi,It should look something like this:aaa authentication ppp vpdn group radiusaaa authorization network vpdn group radius aaa accounting network vpdn start-stop group radius! bba-group pppoe VPDN1 virtual-template 10 sessions auto cleanup!bba-group pppoe VPDN2 virtual-template 20 sessions auto cleanup!!interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip unnumbered Loopback0 pppoe enable group VPDN1!interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip unnumbered Loopback0 pppoe enable group VPDN2!interface Virtual-Template10 description VPDN1 ip unnumbered Loopback0 ppp authentication pap vpdn ppp authorization vpdn ppp accounting vpdn!interface Virtual-Template10 description VPDN2 ip unnumbered Loopback0 ppp authentication pap vpdn ppp authorization vpdn ppp accounting vpdnradius-server host <IP address of the AAA server> <key>And you can do whatever you want under each virtual-template.BR,Mohammed Mahmoud.
This is similar to the sample configs I've been looking at however I can't see how service is differentiated based on login details. I would appear to differentiate based on the incoming VLAN.What I'm trying to do is have a user login using PPPoE and be given a virtual template based on their RADIUS profile. The idea being that I can a embed QoS policing policy in the virtual template to provide different service levels to customers.
Hi,AFAIK, to apply a different virtual-template you need to apply a different bba-group, and to apply a different bba-group you need to use VLANs and subinterfaces - i think that you can work around and use this model.Another prospective to think with, is that you can search if what you require to do can be sent by the RADIUS as a Cisco RADIUS AV Pair according to the customer profile.BR,Mohammed Mahmoud.