VPDN Features Roadmap
Available Languages
Table Of Contents
VPDN Features Roadmap
This roadmap lists the features documented in the Cisco IOS VPDN Configuration Guide and maps them to the modules in which they appear.
Roadmap History
This roadmap was first published on October 31, 2005, and last updated on November 20, 2006.
Feature and Release Support
Table 1 lists VPDN feature support for the following Cisco IOS software release trains:
•
Cisco IOS Releases 12.2T, 12.3, 12.3T, and 12.4T
–
http://www.cisco.com/univercd/td/doc/product/software/ios124/124cg/hvpdn_c/index.htmOnly features that were introduced or modified in Cisco IOS Release 12.2(1) or a later release appear in the table. Not all features may be supported in your Cisco IOS software release.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Note
Table 1 Supported VPDN Features
12.2(31)SB2
L2TP Domain Screening, Rules Based
This feature allows you to modify the domain portion of the username seamlessly when you enter into a VPN service.
12.2(31)SB2
This feature was introduced in Cisco IOS Release 12.4(2)T and is now integrated into Cisco IOS Release 12.2(31)SB2. This feature allows the NAS to suppress part or all of the calling station ID from the NAS in the L2TP AV pair 22, the Calling Number ID. Calling station ID suppression can be configured globally on the router, for individual VPDN groups on the router, or on the remote RADIUS server if one is configured.
12.4(4)T
Configurable Domain Name Prefix and Suffix Stripping
This feature allows the NAS to be configured to strip prefixes, suffixes, or both from the full username. The reformatted username is then forwarded to the remote AAA server.
12.4(4)T
L2TP Tunnel Selection Load Balancing with Random Algorithm
This feature introduces an improved algorithm for load balancing L2TP sessions using the RADIUS tunnel preference attribute.
12.4(2)T
L2TP Calling Station ID Suppression
This feature allows the NAS to suppress part or all of the calling station ID from the NAS in the L2TP AV pair 22, the Calling Number ID. Calling station ID suppression can be configured globally on the router, for individual VPDN groups on the router, or on the remote RADIUS server if one is configured.
12.3(4)T
L2TP Tunnel Connection Speed Labeling
This feature introduces the ability to accept or deny an L2TP session based on the allowed connection speed that is configured on the Cisco AR RADIUS server for that user. The RADIUS server can authorize users based on their SLA.
12.3(4)T
RFC-2867 RADIUS Tunnel Accounting
This feature introduces six new RADIUS accounting types that are used with the RADIUS accounting attribute Acct-Status-Type (attribute 40), which indicates whether an accounting request marks the beginning of user service (start) or the end (stop).
12.3(4)T
Tunnel Authentication via RADIUS on LNS
This feature allows the L2TP tunnel server to perform remote authentication and authorization with RADIUS on incoming L2TP NAS dial-in connection requests. This feature also allows the L2TP NAS to perform remote authentication and authorization with RADIUS on incoming L2TP tunnel server dial-out connection requests.
12.3(2)T
L2TP Client-Initiated Tunneling
This feature introduces the ability to establish client-initiated L2TP tunnels. The client may initiate an L2TP or L2TPv3 tunnel to the tunnel server without the intermediate NAS participating in tunnel negotiation or establishment.
12.2(15)T
L2TP Dial-Out Load Balancing and Redundancy
This feature enables a tunnel server to dial out to multiple NASs. When the NAS with the highest priority goes down, it is possible for the tunnel server to fail over to another lower priority NAS. The tunnel server can also load balance sessions between multiple NASs that have the same priority settings.
12.2(15)T
VRF-Aware VPDN Tunnels
This feature enhances the support of VPDN tunnels by allowing VPDN tunnels to start outside an MPLS VPN and terminate within the MPLS VPN.
12.2(13)T
L2TP Extended Failover
This feature extends L2TP failover to occur if during tunnel establishment a router receives a StopCCN message from its peer, or if during session establishment a router receives a CDN message from its peer. In either case, the router selects an alternate peer to contact.
12.2(13)T
L2TP Redirect
This feature allows a tunnel server participating in SGBP to send a redirect message to the NAS if another stack group member wins the SGBP bid. The NAS will then reinitiate the call to the newly redirected tunnel server.
12.2(13)T
Per-VRF AAA
This feature allows AAA to be configured for VRF instances.
"Configuring RADIUS" section of the Cisco IOS Security Configuration Guide, Release 12.4
12.2(13)T
RADIUS Tunnel Attribute Extensions
This feature introduces RADIUS attribute 90 and RADIUS attribute 91. Both attributes help support the provision of compulsory tunneling in VPDNs by allowing the user to specify authentication names for the NAS and the RADIUS server.
12.2(13)T
Session Limit per VRF
This feature allows you to apply session limits on all VPDN groups associated with a common VPDN template. You can limit the number of VPDN sessions that terminate in a single VRF instance.
12.2(13)T
Subscriber Service Switch
This feature provides flexibility on where and how many subscribers are connected to available services and how those services are defined. The primary focus of SSS is to direct PPP from one point to another using a Layer 2 subscriber policy. The policy will manage tunneling of PPP in a policy-based bridging fashion.
"Configuring a Cisco Subscriber Service Switch Policy" section of the Cisco IOS Broadband and DSL Configuration Guide, Release 12.4
12.2(13)T
VPDN Multihop by DNIS
This feature allows DNIS-based multihop capability for VPDNs.
12.2(8)T
VPDN Default Group Template
This feature introduces the ability to configure global default values for VPDN group parameters in a VPDN template. These global default values are applied to all VPDN groups, unless specific values are configured for individual VPDN groups.
12.2(4)T
L2TP Security
This feature allows the robust security features of IPSec to protect the L2TP tunnel and the PPP sessions within the tunnel. In addition, the L2TP Security feature provides built-in keepalives and standardized interfaces for user authentication and accounting to AAA servers.
12.2(4)T
RADIUS Attribute 82: Tunnel Assignment ID
This feature allows the L2TP NAS to group users from different per-user or domain RADIUS profiles into the same active tunnel if the tunnel endpoints, tunnel type, and Tunnel-Assignment-ID are identical.
12.2(4)T
RADIUS Tunnel Preference for Load Balancing and Fail-Over
This feature provides industry-standard load balancing and failover functionality for multivendor networks.
12.2(4)T
Timer and Retry Enhancements for L2TP and L2F
This feature allows the user to configure certain adjustable timers and counters for L2TP and L2F.
12.2(4)T
VPDN Group Session Limiting
This feature allows the user to configure a limit on the number of L2F or L2TP VPDN sessions allowed for each VPDN group.
12.2(2)T
Shell-Based Authentication of VPDN Users
This feature provides terminal services for VPDN users to support rollout of wholesale dial networks.
12.2(31)SB2
L2TP Domain Screening
This feature ensures that the appropriate domain (VPN or otherwise) is screened before allowing access to an L2TP tunnel for the user session.
12.2(31)SB2
L2TP Calling Station ID Supression
This feature allows you to "anonymyze" a calling number in a Call Detail Record (CDR) to allow for more granular control for Automatic Number Identification applications.
12.2(31)SB2
L2TP Tunnel Selection Load Balancing with Random Algorithm
This feature changes the current LAC/LNS tunnel selection algorithm from a Least Connection/Round Robin scheme to a Least Connection/Random scheme. This ensures a balanced distribution of tunnels from LAC to LNS.
12.2(28)SB
L2TP Congestion Avoidance
This feature provides packet flow control and congestion avoidance by throttling L2TP control messages as described in RFC 2661.
12.2(28)SB
L2TP Dial-Out Load Balancing and Redundancy
This feature enables a tunnel server to dial out to multiple NASs. When the NAS with the highest priority goes down, it is possible for the tunnel server to fail over to another lower priority NAS. The tunnel server can also load balance sessions between multiple NASs that have the same priority settings.
12.2(28)SB
L2TP Extended Failover
This feature extends L2TP failover to occur if during tunnel establishment a router receives a StopCCN message from its peer, or if during session establishment a router receives a CDN message from its peer. In either case, the router selects an alternate peer to contact.
12.2(28)SB
L2TP Redirect
This feature allows a tunnel server participating in SGBP to send a redirect message to the NAS if another stack group member wins the SGBP bid. The NAS will then reinitiate the call to the newly redirected tunnel server.
12.2(28)SB
L2TP Security
This feature allows the robust security features of IPSec to protect the L2TP tunnel and the PPP sessions within the tunnel. In addition, the L2TP Security feature provides built-in keepalives and standardized interfaces for user authentication and accounting to AAA servers.
12.2(28)SB
L2TP Tunnel Connection Speed Labeling
This feature introduces the ability to accept or deny a L2TP session based on the allowed connection speed that is configured on the Cisco AR RADIUS server for that user. The RADIUS server can authorize users based on their SLA.
12.2(28)SB
RADIUS Attribute 82: Tunnel Assignment ID
This feature allows the L2TP NAS to group users from different per-user or domain RADIUS profiles into the same active tunnel if the tunnel endpoints, tunnel type, and Tunnel-Assignment-ID are identical.
12.2(28)SB
RADIUS Tunnel Preference for Load Balancing and Fail-Over
This feature provides industry-standard load balancing and failover functionality for multivendor networks.
12.2(28)SB
RFC-2867 RADIUS Tunnel Accounting
This feature introduces six new RADIUS accounting types that are used with the RADIUS accounting attribute Acct-Status-Type (attribute 40), which indicates whether an accounting request marks the beginning of user service (start) or the end (stop).
12.2(28)SB
Shell-Based Authentication of VPDN Users
This feature provides terminal services for VPDN users to support rollout of wholesale dial networks.
12.2(28)SB
Timer and Retry Enhancements for L2TP and L2F
This feature allows the user to configure certain adjustable timers and counters for L2TP and L2F.
12.2(28)SB
Tunnel Authentication via RADIUS on LNS
This feature allows the L2TP tunnel server to perform remote authentication and authorization with RADIUS on incoming L2TP NAS dial-in connection requests. This feature also allows the L2TP NAS to perform remote authentication and authorization with RADIUS on incoming L2TP tunnel server dial-out connection requests.
12.2(28)SB
VPDN Default Group Template
This feature introduces the ability to configure global default values for VPDN group parameters in a VPDN template. These global default values are applied to all VPDN groups, unless specific values are configured for individual VPDN groups.
12.2(28)SB
VPDN Group Session Limiting
This feature allows the user to configure a limit on the number of L2F or L2TP VPDN sessions allowed for each VPDN group.
12.2(28)SB
VPDN Multihop by DNIS
This feature allows DNIS-based multihop capability for VPDNs.
12.2(28)SB
VRF-Aware VPDN Tunnels
This feature enhances the support of VPDN tunnels by allowing VPDN tunnels to start outside an MPLS VPN and terminate within the MPLS VPN.
© 2006 Cisco Systems, Inc. All rights reserved.
Feedback