With the help of the great people here, I have a working, test, LNS for L2TP. Currently the configuration issues IP addresses from a pool on the LNS. Our requirements are that we will issue the addresses via the RADIUS server. The configuration for the RADIUS and pool is as follows:
set access profile aaa-profile authentication-order radiusset access profile aaa-profile radius authentication-server 220.127.116.11set access profile aaa-profile radius-server 18.104.22.168 secret "$9$2mgGiPfz6CuQFu1EyW8VwYgZUik.5z3"set access address-assignment pool POOL family inet network 192.168.85.0/24set access address-assignment pool POOL family inet range lns low 192.168.85.1set access address-assignment pool POOL family inet range lns high 192.168.85.254
And the "lns" part is called within the dynamic profile and also the SI interface.
My question is: If we are assigning the IP from the RADIUS, do we require this configuration on the LNS itself please? Can I remove the configuration?
If you assigning IPAddr to subscriber from this pool "POOL" by returning framed-ip-pool VSA from Address, then yes, you do require this pool configuration. And in case if your IPAddress Allocation for Subscriber is external (Radius), then the local pool configuration is not required.
But i suggest to keep a pool in spare on MX, say that in case if external entity ran out of address for some reason, you still have IP to be picked from local pool.
Also to add some more info, Radius returned attributes have more preference over the local attributes.
Meaning, you have happen to keep the ip address POOL on the node(MX) and return IPAddr from Radius, the attribute returned from Radius will be prefered. So let the ip address pool be there, Radius returned VSA will override.
Thank you. That's the answer I was looking for. Much appreciated.