Delivering Different PPPoE Services using VRFs (Cisco IOS)

Hello Everyone,
In my setup I have 2 VRFs,

  • VRF One offers clients public IPs.
  • VRF Two offers clients private IPs.

Each VRF has separate configurations in regards to the BBA Group, Virtual-Template, Loopback on the same router. The VRFs also point to separate Radius IPs, however the IPs are configured on the same server just different network interface cards, so they are using the same Radius Service.

My Problem is that clients on VRF One are able to dial in a get to the necessary details, while clients on VRF Two, when they try to dial in, they receive the Gateway IP assigned to VRF One not VRF Two. What could be causing this issue ?

Hello Joel

Sorry for the late reply. Looking at your description, it seems that the config on the router side looks good. You’ve got VRFs separating the clients, you’re using a different IP address on the RADIUS server, one for each VRF, which is also great. The problem seems to be that when the server receives the request, it chooses the incorrect pool from which to assign an IP address.

I suggest you focus your troubleshooting efforts on the RADIUS server. The decision-making process of which pool to choose from seems to be the problem. What criteria are being used to decide the pool? I suggest you check the RADIUS config and perhaps do a debug on this specific process.

Let us know how you get along!

I hope this has been helpful!


Hello Laz,
We are actually looking into assigning different attributes to VRF Two within the RADIUS Service. Initially when we had only VRF One, we had only set its relational attributes like the VRF and loopback in the Radius Server. This is an ongoing project, so I will keep you updated.

The information you had shared was very helpful, particularly in terms of perspective t-shooting. Thanks.

Hello Joel

Thanks for sharing your experiences. We look forward to hear more about this project and how it is developing. We’re glad that the content found here was helpful for you.

Thanks again and looking forward to hearing about how the project is going!


Hello Laz,

The project was successfully completed. No major changes as indicated in the earlier setup, the needed attributes and configurations for the authentication and accounting radius servers were done to finalize the proper production setup. All is well and working as expected.

1 Like