> > Then you can include the below attributes to assign the user(s) to the > > VRF: > > > > Cisco-Avpair = "ip:vrf-id=<vrf-name>", > > Cisco-Avpair = "ip:ip-unnumbered=Loopback<n>", > > > > There is also the Cisco-Avpair="lcp:interface-config=ip vrf forwarding > > ...\nip unnumbered ..." way of assigning vrf membership, but the former > > is more effecient... > > Is there a preference these days to run with the virtual-access > sub-interface capable av-pairs: > > Cisco-Avpair = "ip:vrf-id=<vrf-name>", > Cisco-Avpair = "ip:ip-unnumbered=Loopback<n>", > > over the classical ones using "lcp:interface-config"?
Well, with the knob "aaa policy interface-config allow-subinterface", most "lcp:interface-config" commands will no longer force a full VAI, so you can still benefit from the higher sub-VAI scalability. But even if you use this knob, "lcp:interface-config" can be a bit slower when it comes to bringing up the session, which can be a concern when you need to bring up lots of session within a short while. So as long as you use the knob (or lcp:interface-config allow-subinterface=yes" in the profile), scalability is quite ok.. BTW: I also recall that new releases actually have this knob on per default.. It's been a while since I did radius/lns stuff :-} > What additional attributes are required for forward the session from > one non-PE LNS to another PE-capable LNS for certain customers? > Presumably it's a matter of sending back more av-pairs with additional > tunnel forwarding information? indeed. For that to work, I would enable vpdn multihop vpdn authen-before-forward ! see [1] for the 2nd cmd and then you can include ! if you use "," instead of "/", you can load-share across addresses instead of failing over. Cisco-AVPair = "vpdn:ip-addresses=x.x.x.x/y.y.y.y ", Cisco-AVPair = "vpdn:l2tp-tunnel-password=cisco", Cisco-AVPair = "vpdn:tunnel-type=l2tp" to forward the session to another LNS. You can also use IETF attributes (check http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/rad_attr.html). oli [1] http://www.cisco.com/en/US/tech/tk801/tk703/technologies_configuration_example09186a0080094860.shtml _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
