Apart from the ppp chap approach. You could tie the virtual-template to Ethernet Sub-interfaces instead of the physical so you can define a virtual templates for each sub-interface
On 8 May 2012 03:39, Adam Booth <[email protected]> wrote: > Hi George, > > I don't think it would be possible with a local database and the magic > is more likely to happen via RADIUS using the cisco-av-pair VSA. I > haven't used it for authentication purposes but I have done things > like assign ACLs and VRF membership this way in the past. > > Cheers, > Adam > > On 5/8/12, George Leslie <[email protected]> wrote: > > > > > > > > > > Hello all,Jay McM and I had an offline chat about my previous posting, > which > > was trying to do the EIGRP authentication on a hub and spoke network, > where > > the hubs use different authentication keys from each other. I was > playing > > around with frame hub and spoke. To recap, I previously found that the > hub, > > despite having the two different keys in its key chain, both of which had > > valid lifetimes, refused to send using key 2. It would only send with > key 1 > > despite correctly authentication spoke 2 which was using key 2. > Therefore, > > hub authenticated spoke, but not vice versa. On frame, you could use > PPPoFr, > > and use different virtual templates on each DLCI, and therefore have > > different key chains on each. What I actually did was use point to point > > tunnels over the frame, which worked a treat. In what my old physics > teacher > > used to call, "a thought experiment", I was thinking about what you could > > do, just on a bog standard Ethernet segment. The tunnel approach would > > still work. How > > ever, with PPPoE, the server virtual template is tied to the physical, > via > > the bba-group. Therefore the key chain would be applied to all clients > that > > use the virtual template, which presents the same problem as on the frame > > network. My question: is there any way that you can configure a PPPoE > > virtual template on the hub that is somehow tied to each individual > client? > > For example, is there a mechanism to tie the virtual template to the PPP > > chap username? Bit of chicken and egg here, as you need the virtual > > template to know to authenticate by chap, but need chap to know the > virtual > > template to apply.....My head hurts. Regards, George. > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > -- Olugbenga Oyebande MD, DAIT 234-803-302-5287 http://www.dait-ng.com Cisco Networks, Network Security & Quality of Service DAIT Linux Enterprise Network Servers, Web Portal Projects Broadband Internet Deployment & ISP Consultancy [image: View my profile on LinkedIn]View Olugbenga Oyebande's profile<http://ng.linkedin.com/pub/olugbenga-oyebande/15/395/8a9> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
