Feedback
Table Of Contents
VPDN Features Roadmap
First Published: September 25, 2005Last Updated: June 15, 2010This feature roadmap lists the Cisco software features documented in the Cisco IOS VPDN Configuration Guide and maps them to the documents in which they appear. The roadmap is organized so that you can select your release train and see the features in that release. Find the feature name you are searching for and click on the URL in the "Where Documented" column to access the document containing that feature.
Feature and Release Support
Table 1 lists Cisco IOS VPDN feature support for these Cisco software release trains:
•
Cisco IOS Releases 12.2T, 12.3, 12.3T, and 12.4T
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 1 lists the most recent release of each software train first and the features in alphabetical order within the release.
Table 1 Supported VPDN Features
12.4(20)T
VPDN Group Selection
The VPDN Group Selection feature allows you to configure customized, multiple VPDN tunnels with different VPDN group configurations between LAC and an LNS.
12.4(15)T
L2TP Forwarding of PPPoE Tagging Information
This feature allows you to identify and uniquely map subscribers to Point-to-Point Protocol over Ethernet (PPPoE) sessions through the subscriber's remote ID.
12.4(15)T
L2TP Congestion Avoidance
This feature provides packet flow control and congestion avoidance by throttling Layer 2 Transport Protocol (L2TP) control messages as described in RFC 2661.
12.4(11)T
Suppressing EXEC Accounting Record
This feature suppresses EXEC accounting records when you configure autoselection during-login for the dial-in clients.
12.4(4)T
Configurable Domain Name Prefix and Suffix Stripping
This feature allows the NAS to be configured to strip prefixes, suffixes, or both from the full username. The reformatted username is then forwarded to the remote AAA server.
12.4(4)T
L2TP Tunnel Selection Load Balancing with Random Algorithm
This feature introduces an improved algorithm for load balancing L2TP sessions using the RADIUS tunnel preference attribute.
12.4(2)T
L2TP Calling Station ID Suppression
This feature allows the NAS to suppress part or all of the calling station ID from the NAS in the L2TP AV pair 22, the Calling Number ID. Calling station ID suppression can be configured globally on the router, for individual VPDN groups on the router, or on the remote RADIUS server if one is configured.
12.3(4)T
L2TP Tunnel Connection Speed Labeling
This feature introduces the ability to accept or deny an L2TP session based on the allowed connection speed that is configured on the Cisco AR RADIUS server for that user. The RADIUS server can authorize users based on their SLA.
12.3(4)T
RFC-2867 RADIUS Tunnel Accounting
This feature introduces six new RADIUS accounting types that are used with the RADIUS accounting attribute Acct-Status-Type (attribute 40), which indicates whether an accounting request marks the beginning of user service (start) or the end (stop).
12.3(4)T
Tunnel Authentication via RADIUS on LNS
This feature allows the L2TP tunnel server to perform remote authentication and authorization with RADIUS on incoming L2TP NAS dial-in connection requests. This feature also allows the L2TP NAS to perform remote authentication and authorization with RADIUS on incoming L2TP tunnel server dial-out connection requests.
12.3(2)T
L2TP Client-Initiated Tunneling
This feature introduces the ability to establish client-initiated L2TP tunnels. The client can initiate an L2TP or L2TPv3 tunnel to the tunnel server without the intermediate NAS participating in tunnel negotiation or establishment.
12.2(15)T
L2TP Dial-Out Load Balancing and Redundancy
This feature enables a tunnel server to dial out to multiple NASs. When the NAS with the highest priority goes down, it is possible for the tunnel server to fail over to another lower priority NAS. The tunnel server can also load balance sessions between multiple NASs that have the same priority settings.
12.2(15)T
VRF-Aware VPDN Tunnels
This feature enhances the support of VPDN tunnels by allowing VPDN tunnels to start outside an MPLS VPN and terminate within the MPLS VPN.
12.2(13)T
L2TP Extended Failover
This feature extends L2TP failover to occur if during tunnel establishment a router receives a StopCCN message from its peer, or if during session establishment a router receives a CDN message from its peer. In either case, the router selects an alternate peer to contact.
12.2(13)T
L2TP Redirect
This feature allows a tunnel server participating in SGBP to send a redirect message to the NAS if another stack group member wins the SGBP bid. The NAS will then reinitiate the call to the newly redirected tunnel server.
12.2(13)T
Per-VRF AAA
This feature allows AAA to be configured for VRF instances.
"Configuring RADIUS" section of the Cisco IOS Security Configuration Guide: Securing User Services
12.2(13)T
RADIUS Tunnel Attribute Extensions
This feature introduces RADIUS attribute 90 and RADIUS attribute 91. Both attributes help support the provision of compulsory tunneling in VPDNs by allowing the user to specify authentication names for the NAS and the RADIUS server.
12.2(13)T
Session Limit per VRF
This feature allows you to apply session limits on all VPDN groups associated with a common VPDN template. You can limit the number of VPDN sessions that terminate in a single VRF instance.
12.2(13)T
Subscriber Service Switch
This feature provides flexibility on where and how many subscribers are connected to available services and how those services are defined. The primary focus of SSS is to direct PPP from one point to another using a Layer 2 subscriber policy. The policy will manage tunneling of PPP in a policy-based bridging fashion.
"Configuring Cisco Subscriber Service Switch Policies" section of the Cisco IOS Broadband and DSL Configuration Guide
12.2(13)T
VPDN Multihop by DNIS
This feature allows DNIS-based multihop capability for VPDNs.
12.2(8)T
VPDN Default Group Template
This feature introduces the ability to configure global default values for VPDN group parameters in a VPDN template. These global default values are applied to all VPDN groups, unless specific values are configured for individual VPDN groups.
12.2(4)T
L2TP Security
This feature allows the robust security features of IPSec to protect the L2TP tunnel and the PPP sessions within the tunnel. In addition, the L2TP Security feature provides built-in keepalives and standardized interfaces for user authentication and accounting to AAA servers.
12.2(4)T
RADIUS Attribute 82: Tunnel Assignment ID
This feature allows the L2TP NAS to group users from different per-user or domain RADIUS profiles into the same active tunnel if the tunnel endpoints, tunnel type, and Tunnel-Assignment-ID are identical.
12.2(4)T
RADIUS Tunnel Preference for Load Balancing and Fail-Over
This feature provides industry-standard load balancing and failover functionality for multivendor networks.
12.2(4)T
Timer and Retry Enhancements for L2TP and L2F
This feature allows the user to configure certain adjustable timers and counters for L2TP and L2F.
12.2(4)T
VPDN Group Session Limiting
This feature allows the user to configure a limit on the number of L2F or L2TP VPDN sessions allowed for each VPDN group.
12.2(2)T
Shell-Based Authentication of VPDN Users
This feature provides terminal services for VPDN users to support rollout of wholesale dial networks.
12.2(34)SB
LNS Address Checking
This feature allows an LAC, which is receiving data from a LNS, to check the IP address of the LNS prior to establishing an L2TP tunnel.
12.2(34)SB
Modified LNS Dead-Cache Handling
This feature displays and clears (restarts) any LNS entry in a dead-cache (DOWN) state.
12.2(31)SB2
L2TP Calling Station ID Suppression
This feature allows the NAS to suppress part or all of the calling station ID from the NAS in the L2TP AV pair 22, the Calling Number ID. Calling station ID suppression can be configured globally on the router, for individual VPDN groups on the router, or on the remote RADIUS server if one is configured.
12.2(31)SB2
L2TP Domain Screening, Rules Based
This feature allows per-user L2TP tunnel setup by creating customized Policy Manager match rules.
12.2(31)SB2
L2TP Tunnel Selection Load Balancing with Random Algorithm
This feature allows the NAS to use a new tie-breaking algorithm and is transparent to any user. A random selection is made among all peer tunnel servers carrying the same session load. This improved algorithm results in a more even distribution of sessions across tunnel servers, reducing the occurrence of session bunching.
12.2(28)SB
L2TP Congestion Avoidance
This feature provides packet flow control and congestion avoidance by throttling L2TP control messages as described in RFC 2661.
12.2(28)SB
L2TP Dial-Out Load Balancing and Redundancy
This feature enables a tunnel server to dial out to multiple NASs. When the NAS with the highest priority goes down, it is possible for the tunnel server to fail over to another lower priority NAS. The tunnel server can also load balance sessions between multiple NASs that have the same priority settings.
12.2(28)SB
L2TP Domain Screening
This feature introduces the ability to modify the domain portion of the username seamlessly when you enter into a virtual private network (VPN) service.
12.2(28)SB
12.3(33)SBL2TP Extended Failover
This feature extends L2TP failover to occur if during tunnel establishment a router receives a StopCCN message from its peer, or if during session establishment a router receives a CDN message from its peer. In either case, the router selects an alternate peer to contact.
12.2(28)SB
L2TP Redirect
This feature allows a tunnel server participating in SGBP to send a redirect message to the NAS if another stack group member wins the SGBP bid. The NAS will then reinitiate the call to the newly redirected tunnel server.
12.2(28)SB
L2TP Security
This feature allows the robust security features of IPSec to protect the L2TP tunnel and the PPP sessions within the tunnel. In addition, the L2TP Security feature provides built-in keepalives and standardized interfaces for user authentication and accounting to AAA servers.
12.2(28)SB
L2TP Tunnel Connection Speed Labeling
This feature introduces the ability to accept or deny a L2TP session based on the allowed connection speed that is configured on the Cisco AR RADIUS server for that user. The RADIUS server can authorize users based on their SLA.
12.2(28)SB
RADIUS Attribute 82: Tunnel Assignment ID
This feature allows the L2TP NAS to group users from different per-user or domain RADIUS profiles into the same active tunnel if the tunnel endpoints, tunnel type, and Tunnel-Assignment-ID are identical.
12.2(28)SB
RADIUS Tunnel Preference for Load Balancing and Fail-Over
This feature provides industry-standard load balancing and failover functionality for multivendor networks.
12.2(28)SB
RFC-2867 RADIUS Tunnel Accounting
This feature introduces six new RADIUS accounting types that are used with the RADIUS accounting attribute Acct-Status-Type (attribute 40), which indicates whether an accounting request marks the beginning of user service (start) or the end (stop).
12.2(28)SB
Shell-Based Authentication of VPDN Users
This feature provides terminal services for VPDN users to support rollout of wholesale dial networks.
12.2(28)SB
Timer and Retry Enhancements for L2TP and L2F
This feature allows the user to configure certain adjustable timers and counters for L2TP and L2F.
12.2(28)SB
Tunnel Authentication via RADIUS on LNS
This feature allows the L2TP tunnel server to perform remote authentication and authorization with RADIUS on incoming L2TP NAS dial-in connection requests. This feature also allows the L2TP NAS to perform remote authentication and authorization with RADIUS on incoming L2TP tunnel server dial-out connection requests.
12.2(28)SB
VPDN Default Group Template
This feature introduces the ability to configure global default values for VPDN group parameters in a VPDN template. These global default values are applied to all VPDN groups, unless specific values are configured for individual VPDN groups.
12.2(34)SB
VPDN Extended Failover
This feature enables a failover with an LNS, if the LNS receives a valid L2TP CDN or stopCNN message before the LNS establishes a session.
12.2(28)SB
VPDN Group Session Limiting
This feature allows the user to configure a limit on the number of L2F or L2TP VPDN sessions allowed for each VPDN group.
12.2(28)SB
VPDN Multihop by DNIS
This feature allows DNIS-based multihop capability for VPDNs.
12.2(28)SB
VRF-Aware VPDN Tunnels
This feature enhances the support of VPDN tunnels by allowing VPDN tunnels to start outside an MPLS VPN and terminate within the MPLS VPN.
12.2(33)SRE
Configurable Domain Name Prefix and Suffix Stripping
This feature allows the NAS to be configured to strip prefixes, suffixes, or both from the full username. The reformatted username is then forwarded to the remote AAA server.
12.2(33)SRE
Suppressing EXEC Accounting Record
This feature suppresses EXEC accounting records when you configure autoselection during-login for the dial-in clients.
12.2(33)SRE
VPDN Extended Failover
This feature enables a failover with an LNS, if the LNS receives a valid L2TP CDN or stopCNN message before the LNS establishes a session.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2008-2010 Cisco Systems, Inc. All rights reserved.
