Cisco 10000 User Manual

Page 90

Advertising
background image

3-8

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 3 Configuring Remote Access to MPLS VPN

Access Technologies

You can configure a VRF instance for each VPN configured on the Cisco 10000 series router. By using
the vpn id VRF configuration command, you can assign a VPN ID to a VPN. The router stores the VPN
ID in the corresponding VRF structure for the VPN (see the

“Configuring Virtual Routing and

Forwarding Instances” section on page 3-13

).

Note

The VPN ID is used for provisioning only. BGP routing updates do not include the VPN ID.

DHCP servers use the VPN ID to identify a VPN and allocate resources as the following describes:

1.

A VPN DHCP client requests a connection to the Cisco 10000 series router (PE router) from a VRF
interface.

2.

The PE router determines the VPN ID associated with that interface.

3.

The PE router sends a request with the VPN ID and other information for assigning an IP address to
the DHCP server.

4.

The DHCP server uses the VPN ID and IP address information to process the request.

5.

The DHCP server sends a response back to the PE router, allowing the VPN DHCP client access to
the VPN.

The RADIUS server uses the VPN ID to assign dialin users to the proper VPN. Typically, a user login
consists of the following packets:

Access-Request packet—A query from the network access server (NAS) that contains the user
name, encrypted password, NAS IP address, VPN ID, and port. The format of the request also
provides information on the type of session that the user wants to initiate.

Access-Accept or Access-Reject packet—A response from the RADIUS server. The server returns
an Access-Accept response if it finds the user name and verifies the password. The response includes
a list of attribute-value (AV) pairs that describe the parameters to be used for this session. If the user
is not authenticated, the RADIUS server returns an Access-Reject packet, and access is denied.

Note

For more information, see the MPLS VPN ID, Release 12.2(4)B feature module, located at the following
URL.

http://www.cisco.com/en/US/docs/ios/12_2/12_2b/12_2b4/feature/guide/12b_vpn.html

Advertising
Popular Brands
Popular manuals