Cisco 10000 User Manual

5-11

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

Layer 2 Access Concentrator

Enabling Domain Preauthorization

To enable the LAC to perform domain authorization before tunneling, enter the following commands:

Example 5-3

Enabling Domain Preauthorization

!

aaa new-model

aaa authorization network default local group radius

!

vpdn authorize domain

!

radius-server host 10.16.9.9 auth-port 1645 acct-port 1646

radius-server attribute nas-port format d

radius-server key MyKey

radius-server vsa send authentication

!

Verifying Domain Preauthorization

To verify that you successfully enabled domain preauthorization, enter the following commands:

Configuring the LAC to Communicate with the RADIUS Server

To enable the LAC to communicate properly with the RADIUS server for tunnel service authorization,
enter the following commands:

Command

Purpose

Step 1

Router> enable

Enters privileged EXEC mode.

Step 2

Router# config terminal

Enters global configuration mode.

Step 3

Router(config)# vpdn authorize domain

Enables domain preauthorization.

Command

Purpose

Router# show running-config

Verifies that you successfully configured the maximum number
of sessions per tunnel.

Router# show vpdn tunnel

Verifies active L2TP tunnel information in a VPDN environment.

Router# show vpdn session

Verifies active L2TP sessions in a VPDN environment.

Command

Purpose

Step 1

Router> enable

Enters privileged EXEC mode.

Step 2

Router# config terminal

Enters global configuration mode.

Step 3

Router(config)# radius-server host

{hostname | ip-address} [auth-port

port-number] [acct-port port-number]

Specifies the RADIUS server host.

Step 4

Router(config)# radius-server retransmit

retries

Specifies the number of times the Cisco IOS software searches the
list of RADIUS server hosts before giving up. The default number
of retries is 3 attempts.