1. No category

PDF

VPDN Multihop by DNIS
The Cisco VPDN Multihop by DNIS feature allows dialed number identification service (DNIS)-based
multihop capability in a virtual private dial-up network (VPDN), which enables customers that dial in to
a network using a standard telephone line to take advantage of the aggregation capability offered by
multihop switching.
Feature Specifications for VPDN Multihop by DNIS
Feature History
Release
Modification
12.2(8)B
This feature was introduced.
12.2(13)T
This feature was migrated to Cisco IOS Release 12.2(13)T.
Supported Platforms
The VPDN Multihop by DNIS feature is platform independent. Use Feature Navigator to determine
the feature set needed to obtain this feature.
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated
information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature
Navigator dynamically updates the list of supported platforms as new platform support is added for the
feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS
software images support a specific set of features and which features are supported in a specific Cisco
IOS image. You can search by feature or release. Under the release section, you can compare releases
side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or
lost your account information, send a blank e-mail to [email protected]. An automatic check
will verify that your e-mail address is registered with Cisco.com. If the check is successful, account
details with a new random password will be e-mailed to you. Qualified users can establish an account
on Cisco.com by following the directions found at this URL:
http://www.cisco.com/register
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology
releases occur. For the most current information, go to the Cisco Feature Navigator home page at the
following URL:
http://www.cisco.com/go/fn
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
1
VPDN Multihop by DNIS
Contents
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the
software images for those platforms. Software images for some platforms may be deferred, delayed, or
changed without prior notice. For updated information about platform support and availability of
software images for each Cisco IOS software release, refer to the online release notes or Cisco Feature
Navigator.
Contents
•
Prerequisites for VPDN Multihop by DNIS, page 2
•
Restrictions for VPDN Multihop by DNIS, page 2
•
Information About VPDN Multihop by DNIS, page 3
•
How to Configure the VPDN Multihop Tunnel Switch, page 5
•
Configuration Examples for VPDN Multihop by DNIS, page 9
•
Additional References, page 10
•
Command Reference, page 11
•
Glossary, page 15
Prerequisites for VPDN Multihop by DNIS
No new configuration commands are introduced by the VPDN Multihop by DNIS feature. The
configuration required for the VPDN multihop support of DNIS is already supported by the existing
Cisco IOS software commands. For VPDN multihop support of DNIS to take effect, you need a VPDN
subsystem. Use the show subsystem name * EXEC command to check that this subsystem is supported
on your router.
This document assumes that you are familiar with VPDN technology, and have a VPDN already
configured and enabled that has been shown to support basic VPDN dialup between a client and an L2TP
access concentrator (LAC). See the documents listed in the section “Additional References” for more
information about VPDNs.
The VPDN Multihop by DNIS feature is enabled by adding the configuration for both a LAC and L2TP
network server (LNS) on a router configured as a tunnel switch (also called a multihop node). See the
configurations in the section “Configuration Examples for VPDN Multihop by DNIS” for examples.
Restrictions for VPDN Multihop by DNIS
The VPDN Multihop by DNIS feature requires that the LAC sends the DNIS string to the tunnel switch.
Currently, this functionality is supported only by Layer 2 Forwarding (L2F) and the Layer 2 Tunneling
Protocol (L2TP). These two protocols are not required to send the DNIS string but often do during
session setup, and Cisco LACs always send the DNIS string during session setup. However, if a LAC
does not send the DNIS string, then the multihop node would support only tunnel switching based on
domain and multihop host name.
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
2
VPDN Multihop by DNIS
Information About VPDN Multihop by DNIS
Information About VPDN Multihop by DNIS
To configure the VPDN Multihop by DNIS feature, you need to understand the following concepts:
•
VPDN Basics, page 3
•
VPDN Multihop, page 4
•
VPDN Multihop by DNIS, page 4
VPDN Basics
A VPDN carries private data over a public network, and extends remote access to users over a shared
infrastructure. VPDNs maintain the same security and management policies as a private network, and
provide a cost-effective method of establishing a point-to-point connection between remote users and a
central network.
VPDNs allow separate and autonomous protocol domains to share common access infrastructure
including modems, access servers, and ISDN routers. VPDNs, therefore, delegate much of the
responsibilities associated with network infrastructure. The customer outsources the responsibility for
the infrastructure to an Internet service provider (ISP) that maintains the modems that the remote users
dial in to (called modem pools), the access servers, and the internetworking expertise. The customer is
then responsible only for authenticating its users and maintaining its network.
As an added benefit, instead of connecting directly to the network using the plain old telephone service
(POTS), which can be expensive, VPDN users need only use the POTS to connect to an ISP local point
of presence (POP). The ISP then uses the Internet to forward users from the POP to the customer
network. Forwarding a user call over the Internet provides dramatic cost savings for the customer.
VPDNs use Layer 2 tunneling and forwarding technologies to create a virtual point-to-point connection
between users and the customer network. These tunneling technologies provide the same direct
connectivity as the expensive POTS, but do so by using the Internet, which means that users anywhere
in the world have the same connectivity as they would at the customer headquarters.
Figure 1 shows the PPP link that runs between a client (the user hardware and software) and the tunnel
server (LNS).
Figure 1
End-to-End Access VPDN Protocol Flow: L2F or L2TP, PPP, and IP
Corporate
network
PSTN cloud
LAC
Internet cloud
LNS
ISP
= LT2P or L2F
= PPP
82228
Client:
lsmith
= IP
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
3
VPDN Multihop by DNIS
Information About VPDN Multihop by DNIS
Using either L2F or L2TP, an ISP or other access service can create a virtual tunnel to link customer
remote sites or remote users with corporate home networks. In particular, a network access server (NAS)
at the ISP POP exchanges PPP messages with the remote users and communicates by L2F or L2TP
requests and responses with the customer tunnel server to set up tunnels. L2F and L2TP pass
protocol-level packets through the virtual tunnel between endpoints of a point-to-point connection.
Frames from the remote users are accepted by the ISP POP, stripped of any linked framing or
transparency bytes, encapsulated in L2F or L2TP, and then forwarded over the appropriate tunnel. The
customer tunnel server accepts these frames, strips the Layer 2 encapsulation, and processes the
incoming frames for the appropriate interface.
VPDN Multihop
The VPDN multihop feature allows a router configured as a tunnel switch to terminate tunnels from
LACs and forward the sessions through multiple (up to four), newly established L2TP tunnels. The
tunnels are selected using client-supplied matching criteria.
Figure 2 shows a basic VPDN multihop network configuration.
VPDN Multihop
ISDN
LNS1
LAC
Client
ISP or
Corporate
Network
ISP
Network
LNS2
82227
Figure 2
Versions of Cisco IOS software prior to Cisco IOS Release 12.2(8)B support L2TP tunnel switching
using only a user domain name or a remote tunnel name as the matching criteria.
VPDN Multihop by DNIS
The VPDN Multihop by DNIS feature adds a telephone number to the matching criteria for the tunnel
switch. The tunnel switch can perform VPDN tunnel authorization based on a DNIS (a called telephone
number), a user domain name, or ingress tunnel domain names that are mapped to specified LNSs. (The
order in which the client-supplied matching criteria are searched by the Cisco IOS software is
determined by the vpdn search-order global configuration command.)
Figure 3 shows an example network topology using the VPDN Multihop by DNIS feature.
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
4
VPDN Multihop by DNIS
How to Configure the VPDN Multihop Tunnel Switch
Example Network Topology Using the VPDN Multihop by DNIS Tunnel Switching Feature
Cisco
access
servers
Clients
Tunnel
switch
POTS
ISP1
L2TP
L2TP
ISP2
LNS/LAC
Internet
L2TP
82226
Figure 3
LNS/
HGW
LAC/
NAS
The VPDN Multihop by DNIS feature expands the aggregation capability offered by multihop switching
to dial up users using the POTS to connect to the Internet by supporting telephone numbers (DNIS) as
the matching criteria for forwarding the sessions through L2TP tunnels. This feature, therefore, offers
service providers expanded connection services and more flexibility in how their network traffic is
directed.
How to Configure the VPDN Multihop Tunnel Switch
To configure a tunnel switch (or multihop node) that supports the VPDN Multihop by DNIS feature, you
need to configure a tunnel switch that contains both the LNS and LAC portions of the VPDN. Use the
following commands:
SUMMARY STEPS
1.
enable
2.
configure {terminal | memory | network}
3.
username {local-name | remote-hostname} password secret
4.
vpdn enable
5.
vpdn multihop
6.
vpdn-group name
7.
vpdn-group subcommands (accept-dialin and terminate-from for the incoming portion of the
tunnel switch, and request-dialin and initiate-to for the outgoing portion, for example)
8.
vpdn search-order {dnis | multihop-hostname | domain} (optional step that should be executed
only when it is necessary to change the default search order)
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
5
VPDN Multihop by DNIS
How to Configure the VPDN Multihop Tunnel Switch
DETAILED STEPS
1. Enable VPDN and VPDN multihop
Step 1
Command or Action
Purpose
enable
Enables higher privilege levels, such as
privileged EXEC mode.
Example:
Enter your password if prompted.
Router> enable
Step 2
configure {terminal | memory | network}
Enters global configuration mode.
Example:
Router# configure terminal
Step 3
username remote-hostname password secret
Configures the secret (a password). Must
match the secret word configured on the LAC.
Example:
Router(config)# username LAC-1 password <secret>
Step 4
username local-name password secret
Configures the secret (password). Must match
the secret word configured in Step 3.
Example:
Router(config)# username Multi-Hop password <secret>
Step 5
vpdn enable
Router(config)# vpdn enable
Step 6
vpdn multihop
Enables virtual private dialup networking on
the router.
Enables VPDN multihop functionality.
Router(config)# vpdn multihop
2. Configure the Incoming (LNS) Portion of the Tunnel Switch
Step 7
Command or Action
Purpose
vpdn-group number
Selects the VPDN group.
Example:
Router(config)# vpdn-group 1
Step 8
accept-dialin
Example:
Enables the tunnel switch to accept incoming
L2TP tunnel connections and enters VPDN
accept-dialin group configuration mode.
Router(config-vpdn)# accept-dialin
Step 9
protocol l2tp/l2f
Specifies L2TP and L2F.
Example:
Router(config-vpdn-acc-in)# protocol l2tp
Step 10
virtual-template number
Router(config-vpdn-acc-in)# virtual-template 1
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
6
Specifies the virtual template interface to use to
clone the new virtual access interface.
VPDN Multihop by DNIS
How to Configure the VPDN Multihop Tunnel Switch
Step 11
Command or Action
Purpose
exit
Returns to VPDN group configuration mode.
Example:
Router(config-vpdn-acc-in)# exit
Step 12
Specifies the host name of the remote LAC that
will be required when accepting a VPDN
tunnel.
terminate-from hostname hostname
Example:
Router(config-vpdn)# terminate-from hostname LAC-1
Step 13
local name local-name
•
Specifies the local host name of the tunnel.
•
Example:
Must match the remote-hostname
configured in Step 3.
Must match the local-name configured in
Step 4.
Router(config-vpdn)# local name Multi-Hop
Step 14
exit
Returns to global configuration mode.
Example:
Router(config-vpdn)# exit
3. Configure the Outgoing (LAC) Portion of the Tunnel Switch
Step 15
Command
Purpose
vpdn-group number
Selects the VPDN group.
Example:
Router(config)# vpdn-group 2
Step 16
request-dialin
Example:
Enables the tunnel switch to request L2TP
tunnels to the LNS and enters VPDN
request-dialin group configuration mode.
Router(config-vpdn)# request-dialin
Step 17
protocol l2tp/l2f
Specifies L2TP and L2F.
Example:
Router(config-vpdn-req-in)# protocol l2tp/l2f
Step 18
dnis telephone-number
Initiates a tunnel based on the user DNIS
number.
Example:
Router(config-vpdn-req-in)# dnis 5555555
Step 19
exit
Returns to VPDN group configuration mode.
Example:
Router(config-vpdn-req-in)# exit
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
7
VPDN Multihop by DNIS
How to Configure the VPDN Multihop Tunnel Switch
Step 20
Command
Purpose
initiate-to ip ip-address [limit limit-number]
[priority priority-number]
Specifies the LNS.
Optionally specifies the maximum number of
sessions per tunnel and the priority of the IP
address (1 is highest).
Example:
Router(config-vpdn)# initiate-to ip 10.10.1.1
Step 21
Specifies the local host name of the tunnel.
local name local-name
•
Example:
Must match the local-name configured in
Step 4.
Router(config-vpdn)# local name Multi-Hop
Step 22
Returns to global configuration mode.
Router(config-vpdn)# exit
4. Changing the Default Search Order (Optional)
Step 23
Command
Purpose
vpdn search-order {dnis | domain | multihop-hostname}
Router(config)# vpdn search-order dnis multihop-hostname
domain
(Optional) Specifies the policy for the VPDN
group search order. By default, the search is
first by DNIS, then domain name, and finally
the ingress tunnel domain name mapped to a
specified LNS.
Router(config)# exit
Exits global configuration mode.
Example:
Step 24
Verify VPDN Multihop by DNIS
To verify that the VPDN Multihop by DNIS feature is working, perform the following optional steps:
SUMMARY STEPS
1.
Make a call using the DNIS
2.
enable
3.
show vpdn
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables higher privilege levels, such as privileged EXEC
mode.
Example:
Enter your password if prompted.
Router> enable
Step 2
show vpdn
Example:
Router# show vpdn
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
8
(Optional) Displays information about active L2F tunnels
and message identifiers in a VPDN.
VPDN Multihop by DNIS
Configuration Examples for VPDN Multihop by DNIS
Troubleshooting Tips
•
The configuration commands in the previous sections should be entered on an operational VPDN.
See the section “Prerequisites for VPDN Multihop by DNIS” for information about configuring and
troubleshooting a VPDN.
•
If the call is not successful, enter the debug vpdn l2x-packet EXEC command to display the dialog
between the LAC and LNS for tunnel creation. Check for the attribute-value pair (AVP), which will
have the DNIS number in it, when using L2TP. When using L2F, check the CLID/DNIS pair for the
telephone number.
Configuration Examples for VPDN Multihop by DNIS
This section provides the following configuration example to match the identified configuration tasks in
the previous section.
•
VPDN Multihop by DNIS Example, page 9
•
Verify VPDN Multihop by DNIS Example, page 9
VPDN Multihop by DNIS Example
The following example shows how to configure both the LAC and LNS in a tunnel switch, so that the
VPDN Multihop by DNIS feature will work:
vpdn multihop
vpdn-group 1
accept-dialin
protocol l2tp/l2f
virtual-template 1
terminate-from hostname LAC-1
local name Multi-Hop
vpdn-group 2
request-dialin
protocol l2tp/l2f
dnis 5555555
initiate-to ip 10.10.1.1
local name Multi-Hop
The policy for VPDN group search order is determined by the vpdn search-order global configuration
command. The default search order is based on DNIS, domain, and then the multihop host name.
Verify VPDN Multihop by DNIS Example
The following example shows the tunnel and session reports from the show vpdn EXEC command:
Router# show vpdn
L2TP Tunnel and Session Information Total tunnels 2 sessions 2
LocID RemID Remote Name
785
7059 Router1
State Remote Address Port Sessions VPDN Group
est
1.1.1.1
1701 1
2
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
9
VPDN Multihop by DNIS
Additional References
LocID RemID TunID Intf
28
15
785
SSS Circuit
LocID RemID Remote Name
7718 57428 Router5
Username
[email protected]
State
est
Last Chg
00:01:31
State Remote Address Port Sessions VPDN Group
est
1.1.4.5
1701 1
3
LocID RemID TunID Intf
29
15
7718 SSS Circuit
Username
27
State
est
Last Chg
00:01:31
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
Additional References
For additional information related to VPDN Multihop by DNIS, refer to the following references:
Related Documents
Related Topic
Document Title
Dial commands
Cisco IOS Dial Technologies Command Reference, Release 12.2
VPDN
Cisco IOS Dial Technologies Configuration Guide, Release 12.2;
see the part “Virtual Templates, Profiles, and Networks.
L2TP tunneling
“Layer 2 Tunnel Protocol”
VPDN multihop
“Multihop VPDN”
“Configuring L2TP Multihop to Perform Several Hops from the
NAS to the LNS”
Standards
Standards
Title
None
—
MIBs
MIBs
MIBs Link
None
To obtain lists of supported MIBs by platform and Cisco IOS
release, and to download MIB modules, go to the Cisco MIB website
on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
10
VPDN Multihop by DNIS
Command Reference
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco
MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of
supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your
account information, send a blank e-mail to [email protected]. An automatic check will verify
that your e-mail address is registered with Cisco.com. If the check is successful, account details with a
new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com
by following the directions found at this URL:
http://www.cisco.com/register
RFCs
RFCs
Title
None
—
Technical Assistance
Description
Link
http://www.cisco.com/public/support/tac/home.shtml
Technical Assistance Center (TAC) home page,
containing 30,000 pages of searchable technical
content, including links to products, technologies,
solutions, technical tips, tools, and lots more.
Registered Cisco.com users can log in from this page to
access even more content.
Command Reference
This section documents a modified command, vpdn multihop. All other commands used with this
feature are documented in the Cisco IOS Release 12.2 and 12.2T command reference publications.
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
11
VPDN Multihop by DNIS
vpdn multihop
vpdn multihop
To enable virtual private dialup network (VPDN) multihop, use the vpdn multihop command in global
configuration mode. To disable VPDN multihop capability, use the no form of this command.
vpdn multihop
no vpdn multihop
Syntax Description
This command has no arguments or keywords.
Defaults
Multihop capability is not enabled.
Command Modes
Global configuration
Command History
Release
Modification
11.3(5)T
This command was introduced.
12.2(8)B
Support was added for dialed number identification service (DNIS)-based
multihop capability.
12.2(13)T
The DNIS-based multihop capability was integrated into Cisco IOS
Release 12.2(13)T.
Usage Guidelines
The VPDN multihop feature allows a router configured as a tunnel switch to terminate tunnels from
Layer 2 access concentrators (LACs) and forward the sessions through up to four newly established
Layer 2 Tunneling Protocol (L2TP) tunnels. The tunnels are selected using client-supplied matching
criteria. Versions of Cisco IOS software prior to Cisco IOS Release 12.2(8)B support L2TP tunnel
switching using only a user domain name or a remote tunnel name as the matching criterion.
The dialed number identification service (DNIS)-based multihop capability added a telephone number
to the matching criteria for the tunnel switch. The tunnel switch can perform VPDN tunnel authorization
based on a DNIS (a called telephone number), a user domain name, or ingress tunnel domain names that
are mapped to specified L2TP network servers (LNSs). The order in which the client-supplied matching
criteria are searched by the Cisco IOS software is determined by the vpdn search-order global
configuration command.
Before using the vpdn multihop command, refer to the Cisco IOS Dial Technologies Configuration
Guide, Release 12.2, to learn more about Multilink PPP and Multichassis Multilink PPP.
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
12
VPDN Multihop by DNIS
vpdn multihop
Examples
The following example shows how to configure the Cisco Multihop VPDN feature:
!
vpdn enable
vpdn multihop
vpdn search-order domain
!
vpdn-group 1
request-dialin
protocol l2tp
domain cisco.com
initiate-to ip 172.22.53.144 priority 1
initiate-to ip 172.22.53.145 priority 1
!
l2tp tunnel password 7 secret
!
The following example shows how to configure DNIS-based multihop capability:
!
vpdn enable
vpdn multihop
!
vpdn-group 1
accept-dialin
protocol l2tp/l2f
virtual-template 1
terminate-from hostname LAC-1
local name Multi-Hop
vpdn-group 2
request-dialin
protocol l2tp/l2f
dnis 5555555
initiate-to ip 10.10.1.1
local name Multi-Hop
!
The following example shows a configuration where a packet traverses a VPDN tunnel over a service
provider link, and then a second tunnel by traversing a hop between home gateways on the corporate
network. The bundle owner is Home-Gateway1 and the stack group peer, Home-Gateway2, is specified
as a peer (1.1.1.2).
vpdn multihop
username stack password hellothere
multilink virtual-template 1
sgbp group stack
sgbp member Home-Gateway2 1.1.1.2
interface virtual-template 1
ip unnumbered e0
ppp multilink
ppp auth chap
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
13
VPDN Multihop by DNIS
vpdn multihop
Related Commands
Command
Description
vpdn enable
Enables VPDN networking on the router and informs the router to look for
tunnel definitions in a local database and on a remote authorization server
(home gateway), if one is present.
vpdn-group
Associates a VPDN group to a customer or VPDN profile.
vpdn search-order
Specifies how the service provider's network access server is to perform VPDN
tunnel authorization searches.
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
14
VPDN Multihop by DNIS
Glossary
Glossary
CLID—calling line ID. Information about the billing telephone number from which a call originated.
The CLID value might be the entire phone number, the area code, or the area code plus the local
exchange.
DNIS—dialed number identification service (the called party number). Typically, this is a number used
by call centers or a central office where different numbers are each assigned to a specific service.
LAC—L2TP access concentrator. A node that acts as one side of an L2TP tunnel endpoint and is a peer
to the L2TP network server (LNS). The LAC sits between an LNS and a remote system and forwards
packets to and from each. Packets sent from the LAC to the LNS require tunneling with the L2TP
protocol. The connection from the LAC to the remote system is either local or a PPP link.
LNS—L2TP network server. A node that acts as one side of an L2TP tunnel endpoint and is a peer to
the L2TP access concentrator (LAC). The LNS is the logical termination point of a PPP session that is
being tunneled from the remote system by the LAC.
NAS—network access server. A device providing local network access to users across a remote access
network such as the POTS. A NAS can also serve as a LAC, LNS, or both.
VPDN—virtual private dial-up network. Also known as virtual private dial network. A VPDN is a
network that permits the physical dialup connection to appear to be connected directly to a home network
while actually residing elsewhere on the network. A virtual pipe is connected between the physical
dialup connections and the termination point at the home network.
Note
Refer to the Internetworking Terms and Acronyms for terms not included in this glossary.
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
15
VPDN Multihop by DNIS
Glossary
Cisco IOS Release 12.2(8)B and Cisco IOS Release 12.2(13)T
16

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz