Configuring ISG Access for PPP Sessions
Information About Configuring ISG Access for PPP Sessions
3
• Layer 2 Tunnel Protocol (L2TP)
ISG Subscriber IP Address Management for PPP Sessions
ISG subscriber IP address management applies to IP sessions or Layer 2 (PPP) sessions that are
terminated locally.
For a subscriber to be routable within a given IP service domain, the subscriber must present a
domain-specific IP address to the network. If a subscriber transfers between IP service domains (which
includes any private domain managed by the access provider), the IP address presented to the network
must change to reflect the new domain. For locally terminated PPP sessions, ISG supports the following
methods of IP address assignment:
• IP address in a user profile
• IP subnet in a user profile
• Named address pool in a user profile
• Local address pools
• Standard methods of IP address management for PPP (see the Cisco IOS XE Dial Technologies
Configuration Guide for information about IP address management support for PPP sessions)
When a locally terminated PPP session is transferred from one VRF to another VRF, the peer IP address
is renegotiated using IPCP.
VRF Transfer for PPP Sessions
VRF transfer enables an ISG subscriber session to move from one VRF to another following selection
of a new primary service. Once a PPP session comes up with the IP address from the network access
point (NAP), the subscriber can access a web portal and choose a service provider. On VRF transfers in
PPP sessions, ISG must reassign the IP address from the new domain to the PPP session. In PPP sessions,
the IP address is reassigned by IPCP renegotiation.
Without PPP renegotiation, VRF transfer is not supported for PPP sessions.
Default Policy for ISG Access for PPP Sessions
ISG provides default handling of Layer 2 sessions in the absence of a configured control policy. If the
vpdn enable command is configured and a domain name is specified in the username (e.g.,
user@domain) or a Dialed Number Identification Service (DNIS) number has been provided, the system
will perform authorization on the basis of this information. If virtual private dial-up network (VPDN)
tunnel information is found, the session will be forwarded for handling at an L2TP network server
(LNS). If authentication is required by the remote LNS, the ppp authentication command must be
configured at the PPP interface or virtual template. If the vpdn authen-before-forward command is
configured, the system will attempt to authenticate the PPP session locally before forwarding it on to the
LNS.
If tunnel information is not found for the domain name or DNIS or the vpdn enable command is not
configured, Stack Group Bidding Protocol (SGBP) authorization will be attempted (if SGBP is
configured). If no authorization information is located using SGBP, the PPP session will be terminated
To Next Page
Loading...
Need help?
General