The following output in Example 2-26 shows the state of the FastFoods routing table on the San Jose VHG/PE router with no dialer interface active. You can see the two static routes that were configured previously, ultimately allowing the Fresno subnet 10.4.1.0/24 to be accessed via interface Dialer20.
Example 2-26. FastFoods VRF with No Dialer Active
SanJose_PE#show ip route vrf FastFoods [snip]
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks B 10.2.1.0/24 [200/0] via 194.22.15.1, 3d20h
S 10.4.1.0/24 [1/0] via 192.168.2.51
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced C 10.66.162.0/23 is directly connected, Ethernet5/1
192.168.2.0/24 is variably subnetted, 3 subnets, 2 masks C 192.168.2.100/32 is directly connected, Loopback10 S 192.168.2.51/32 is directly connected, Dialer20 B 192.168.2.20/30 [200/0] via 194.22.15.1, 3d20h
192.168.3.0/24 is variably subnetted, 3 subnets, 2 masks C 192.168.3.2/32 is directly connected, virtual-Access3 C 192.168.3.1/32 is directly connected, virtual-Access1 B 192.168.3.0/26 [200/0] via 0.0.0.0, 3d19h, Null0
When a packet arrives at the San Jose VHG/PE router destined for 10.4.1.0/24, it is routed toward interface Dialer20. It is deemed an interesting packet because it matches the dialer-list 2 configured.
Because no dial connection is active, an access-request message for dialing information is forwarded to the SuperCom RADIUS server, as shown in the following debug output (see Example 2-27). When the attributes are returned, a dynamic dialer map and an L2TP tunnel based on the vpdn-group information (using the vpdn-group with dialer rotary-group 20 configured) are created. Access to the PPP session over the dialer tunnel is via virtual-access5.
Example 2-27. RADIUS Access-Request for LSDO
RADIUS/ENCODE(00000024): acct_session_id: 44 RADIUS(00000024): sending
RADIUS: Send to unknown id 40 194.22.16.2:1645, Access-Request, len 103 RADIUS: authenticator CD 17 02 7A B7 A5 D4 AC - 4A FB 9B 76 D4 DB 3B BA RADIUS: User-Name [1] 30 "Fresno_Vending-out-FastFoods"
RADIUS: User-Password [2] 18 *
RADIUS: Service-Type [6] 6 Outbound [5]
RADIUS: NAS-IP-Address [4] 6 192.22.15.2 RADIUS: Acct-Session-Id [44] 10 "0000002C"
RADIUS: Nas-Identifier [32] 13 "SanJose_PE."
RADIUS: Received from id 40 194.22.16.2:1645, Access-Accept, len 208 RADIUS: authenticator 52 D6 BF C7 13 10 03 B8 - 48 A5 D7 59 95 DD F5 E3
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced RADIUS: Service-Type [6] 6 Outbound [5]
RADIUS: Vendor, Cisco [26] 37
RADIUS: Cisco AVpair [1] 31 "outbound:dial-number=99065890"
RADIUS: Vendor, Cisco [26] 40
RADIUS: Cisco AVpair [1] 34 "outbound:send-name=Fresno_Dialer"
RADIUS: Vendor, Cisco [26] 43
RADIUS: Cisco AVpair [1] 37 "outbound:send-secret=showmethemoney"
RADIUS: Vendor, Cisco [26] 28
RADIUS: Cisco AVpair [1] 22 "outbound:send-auth=2"
RADIUS: Vendor, Cisco [26] 34
RADIUS: Cisco AVpair [1] 28 "outbound:addr=192.168.2.51"
RADIUS: Received from id 24
RADIUS/DECODE: VSA send-auth=2 maps to chap
DSES 50910: Session create
DSES 0x50910: Building dialer map
DSES 0x50910: Next hop name is Fresno_Vending
Vi5 DDR: Dialing cause ip (s=192.168.2.22, d=10.4.1.1) Vi5 DDR: Attempting to dial 99065890
%LINK-3-UPDOWN: Interface virtual-Access5, changed state to up Vi5 DDR: Dialer statechange to up
Vi5 DDR: Dialer call has been placed Vi5 DDR: dialer protocol up
Vi5: Call connected, 1 packets unqueued, 0 transmitted, 1 discarded Vi5 DDR: dialer protocol up
Vi5: Call connected, 0 packets unqueued, 0 transmitted, 0 discarded
%LINEPROTO-5-UPDOWN: Line protocol on Interface virtual-Access5, changed state to up
The VRF-aware dynamic dialer map is created, as shown in Example 2-28.
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced