Hi, Perhaps i Will Say a mistake, but why do not you use radius account type to accure thé sécurity of your ppp sessions With two l2tp tunnels.
Best regards, -- Christophe Envoyé de mon téléphone, veuillez excuser ma brièveté. Le 4 mai 2012 à 11:09, ar <[email protected]> a écrit : > Yeah right...good info. > thanks. > > What if HSRP doesnt have preempt so it wont switch back after a failure? > > Im thinking of dual protection. > LACs has two initiate-to commands for 2 LNS. > Then LNS with HSRP without preempt. > > any thoughts? > > > > > ________________________________ > From: Arie Vayner (avayner) <[email protected]> > To: ar <[email protected]>; cisco-nsp <[email protected]> > Sent: Friday, May 4, 2012 12:42 AM > Subject: RE: [c-nsp] 7206 LNS/L2TP using HSRP > > > With HSRP, every time you do a failover, all sessions would drop, and have to > be reestablished. > > Using the redundancy model, you can have graceful recovery and switchover if > you want to control it. > > For example, if you had a failure, and one LNS went down, all sessions would > reestablish on the 2nd one (that is the same as in HSRP), but now when the > other box comes up it does not drop all the sessions again and switches them > back. > Only new sessions would be sent to the recovered LNS, and you can move the > other sessions during a maintenance window… > > Actually, I would just suggest running them in active/active mode. This way > you actually know they are both up and running and do not have to worry about > making sure the backup is ready… > > Arie > > From:ar [mailto:[email protected]] > Sent: Thursday, May 03, 2012 07:27 > To: Arie Vayner (avayner); cisco-nsp > Subject: Re: [c-nsp] 7206 LNS/L2TP using HSRP > > Thanks Arie. > > Any disadvantage of using HSRP compared to multiple initiate-to commands on > the LAC? > I want HSRP due to the reason i can control who is the active and standby LNS. > LNS is mine, while LAC is on the access provider side. > > thanks > > > ________________________________ > > From:Arie Vayner (avayner) <[email protected]> > To: ar <[email protected]>; cisco-nsp <[email protected]> > Sent: Thursday, May 3, 2012 7:09 PM > Subject: RE: [c-nsp] 7206 LNS/L2TP using HSRP > > Better use discrete IP addresses. Loopbacks are mostly recommended. > On your LAC you can specify multiple IPs (that can come from RADIUS...). > > This would allow you to load share, running your LNSs in Act/Act mode... > > Look here: > http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800a43e9.shtml#wp1002265 > > > Arie > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of ar > Sent: Thursday, May 03, 2012 00:37 > To: cisco-nsp > Subject: [c-nsp] 7206 LNS/L2TP using HSRP > > Guys, > > > I'm planning to terminate L2TP to LNS using HSRP. > So there will be LNS redundancy. > Is this possible? > I've read that terminating L2TP to the HSRP address has some issues. > > Or better to use multiple initiate-to commands on the LAC? > Any other options for fail-over/redundancy? > > thanks > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
