vrf-aware vpdn / l2tp termination / cisco-avpair

Alexander alexander_austria at yahoo.com
Mon Mar 15 14:35:13 CET 2010 

Hello all,

I am using FreeRadius 2.1.8 with MySQL to authenticate BBA users. I get L2TP sessions from my ISP (=LAC) arriving in VRF l2tp_vrf which I want to terminate in a different VRF (e.g. inet_vrf). Basic authentication works as long as I do not intruduce cisco-avpair attributes.

Which ones do I need? I tried "lcp:interface-config#1=ip vrf forwarding (inet_vrf)" and "ip:vrf-id:=inet_vrf" in my radgroupreply table - without success. From the "debug radius authentication" I see "AAA Unsupported Attr: interface" and "parse unknown cisco vsa "vrf-id:". Here are some parts of my Cisco config:

aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting update newinfo
aaa accounting exec default
 action-type start-stop
 group radius
aaa accounting network default
 action-type start-stop
 broadcast
 group radius
aaa accounting connection default
 action-type start-stop
 group radius
aaa session-id common

vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC
 vpn vrf l2tp_vrf
 source-ip xxx.xxx.xxx.xxx
 local name LNS
 l2tp tunnel password 0 xyz
 ip mtu adjust

interface Virtual-Template1
 mtu 1460
 ip unnumbered Loopback0
 no snmp trap link-status
 peer default ip address pool INET_ADDR_POOL
 no keepalive
 ppp mru match
 ppp authentication pap callin
 ppp ipcp mask 255.255.255.255
end

What am I missing? Thanks in advance!

Cheers,
Alexander


      
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radgroupreply-table.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100315/aede4754/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd-X.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100315/aede4754/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug-radius-auth.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100315/aede4754/attachment-0002.txt>

More information about the Freeradius-Users mailing list