Cisco 10000 User Manual

5-15

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

Layer 2 Access Concentrator

Example 5-8

Configuring the RADIUS User Profile for Domain Preauthorization

user = nas-port:10.16.9.9:0/0/0/30.33{

profile_id = 826

profile_cycle = 1

radius=Cisco {

check_items = {

2=cisco

}

reply_attributes= {

9, 1=”vpdn:vpd-domain-list=net1.com,net2.com”

Verifying the RADIUS User Profile for Domain Preauthorization

To verify the RADIUS user profile, see your RADIUS server user documentation.

Configuring the RADIUS Service Profile for Tunnel Service Authorization

To enable tunnel service authorization, enter the following configuration parameters in the service
profile on the RADIUS server:

Example 5-9

Configuring the RADIUS Service Profile for Tunnel Service Authorization

user = net1.com{

profile_id = 45

profile_cycle = 18

member = me

radius=Cisco {

check_items= [

2=cisco

}

reply_attributes= {

9,1=”vpdn:tunnel-id=LAC-1”

9,1=”vpdn:12tp-tunnel_password=MySecret”

9,1=”vpdn:tunnel-type=12tp”

9,1=”vpdn:ip-addresses=10.16.10.10”

6=5

}

}

}

Verifying the RADIUS Service Profile for Tunnel Service Authorization

To verify the RADIUS service profile, see your RADIUS server user documentation.

RADIUS Entry

Purpose

domain Password “cisco”

Sets the fixed password.

User-Service-Type = Outbound-User

Configures the service-type as outbound.

Cisco-AVpair = “vpdn:tunnel-id=

name”

Specifies the name of the tunnel that must match the LNS’s
VPDN terminate-from hostname.

Cisco-AVpair = “vpdn:12tp-tunnel-password=

secret”

Specifies the secret (password) for L2TP tunnel authentication.

Cisco-AVpair = “vpdn:tunnel-type=12tp”

Specifies Layer 2 Tunnel Protocol.

Cisco-AVpair = “vpdn:ip-addresses=

ip-address”

Specifies the IP address of the LNS.