On 22/03/11 14:07, Vladimir Litovka wrote: > Colleagues hi > > I'm running LNS (Cisco-based) in my network. At the moment, there is > only class of home subscribers - those ones, who use L2TP tunnel > immeidately between their CPE and my LNS (avoiding LAC). Configuration > on LNS is the following: > > vpdn enable > ! > vpdn-group L2TP > accept-dialin > protocol l2tp > virtual-template 1 > *no l2tp tunnel authentication* > ! > > Now I need to setup classic L2TP scheme: client--LAC--LNS, where client > will be running PPP to LAC and LAC will create tunnel to LNS. The > problem is that owner of LAC requires L2TP tunnel authentication. At the > moment, authentication is switched off (no l2tp tunnel authentication) > and if I will just turn it on, I will break current subscribers. So, > questions are: > > 1) how to configure LNS to authenticate L2TP tunnels only with > particular endpoints? In my case - with just one LAC.
Different vpdn group with its own match criteria See http://www.cisco.com/en/US/docs/ios/vpdn/configuration/guide/12_4/vpd_12_4t_book.html > 2) how to configure L2TP authentication locally? vpdn-group 2 description Second group for auth request-dialin protocol l2tp domain my.bypass.realm.1 domain my.bypass.realm.2 source-ip my.tunnel.source.ip local name mylns l2tp tunnel authentication l2tp tunnel password 0 mypassword ! > 3) how to configure L2TP authentication using Radius? > http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbtunaut.html > Many thanks. > -- David Freedman Group Network Engineering Claranet Group _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/