Cisco 10000 User Manual
Page 90
3-8
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 3 Configuring Remote Access to MPLS VPN
Access Technologies
You can configure a VRF instance for each VPN configured on the Cisco 10000 series router. By using
the vpn id VRF configuration command, you can assign a VPN ID to a VPN. The router stores the VPN
ID in the corresponding VRF structure for the VPN (see the
“Configuring Virtual Routing and
Forwarding Instances” section on page 3-13
).
Note
The VPN ID is used for provisioning only. BGP routing updates do not include the VPN ID.
DHCP servers use the VPN ID to identify a VPN and allocate resources as the following describes:
1.
A VPN DHCP client requests a connection to the Cisco 10000 series router (PE router) from a VRF
interface.
2.
The PE router determines the VPN ID associated with that interface.
3.
The PE router sends a request with the VPN ID and other information for assigning an IP address to
the DHCP server.
4.
The DHCP server uses the VPN ID and IP address information to process the request.
5.
The DHCP server sends a response back to the PE router, allowing the VPN DHCP client access to
the VPN.
The RADIUS server uses the VPN ID to assign dialin users to the proper VPN. Typically, a user login
consists of the following packets:
•
Access-Request packet—A query from the network access server (NAS) that contains the user
name, encrypted password, NAS IP address, VPN ID, and port. The format of the request also
provides information on the type of session that the user wants to initiate.
•
Access-Accept or Access-Reject packet—A response from the RADIUS server. The server returns
an Access-Accept response if it finds the user name and verifies the password. The response includes
a list of attribute-value (AV) pairs that describe the parameters to be used for this session. If the user
is not authenticated, the RADIUS server returns an Access-Reject packet, and access is denied.
Note
For more information, see the MPLS VPN ID, Release 12.2(4)B feature module, located at the following
URL.