Hi Wayne, Take a look into assigning via radius the vrf for the ppoa sessions. If you google on the list you will find several discussions on the issue.
You can then use vrf aware firewall features (like vrf aware nat ecc) for internet access. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_vrfaw.html Other options are listed here http://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_paper09186a00801281f1.shtml Regards Brian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wayne Lee Sent: giovedì 6 novembre 2008 18.51 To: cisco-nsp@puck.nether.net Subject: [c-nsp] vrf-lite and pppoA interfaces Hello List I have a dedicated LNS for what we call our pwan customers, all connections are ADSL PPPoA and they all use private IP ranges as there is currently no internet access. We have about 150 connections spread over 8 customers, these are currently grouped by customer and then separated from other pwans using access-lists which are applied via radius. We want to allow internet access to these pwans and move them into a vrf-lite setup with one vrf per pwan so this also gives us the abillty to allow over-lapping IP space. My vrf knowledge is (very) limited and I'm struggling to understand the best way to make this work. I have tested a basic vrf setup (with success) in the lab but this was with 3 routers and no PPPoA/virtual-access interfaces. My confusion is about the ip vrf forwarding, in the lab I put this on each ethernet on the main router but in the PPPoA setup there will not be a dedicated ethernet per vrf, also I'll not need traffic between vrf's so do I just need to export the routes to the rib so the customers can get internet traffic? Help, clue sticks and any advice will be very welcome. Thanks Wayne _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/