Cisco 10000 User Manual

Page 176

Advertising
background image

5-12

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

Layer 2 Access Concentrator

Example 5-4

Configuring Communication with the RADIUS Server

!

aaa new-model

aaa authorization network default local group radius

!

radius-server host 10.16.9.9 auth-port 1645 acct-port 1646

radius-server attribute 44 include-in-access-req vrf vrf1

radius-server key MyKey

radius-server vsa send authentication

Verifying Communication with the RADIUS Server

To verify that you successfully configured the LAC to communicate properly with the RADIUS server
for tunnel service authorization, enter the show running-config command in privileged EXEC mode.

Configuring Sessions Per Tunnel Limiting on the LAC

To limit the number of sessions per tunnel without using a RADIUS server, enter the following
commands.

Note

You can configure the LAC or the RADIUS server to limit the number of sessions per tunnel. For
information on using the RADIUS server for sessions per tunnel limiting, see the

“Configuring Sessions

Per Tunnel Limiting in the RADIUS Service Profile” section on page 5-16

.

Step 5

Router(config)# radius-server attribute

44 include-in-access-req vrf

vrf-name

Sends RADIUS attribute 44 (Accounting Session ID) in access
request packets before user authentication (including requests for
preauthentication).

Step 6

Router(config)# radius-server

domain-stripping

vrf vrf-name

(Optional) Enables VRF-aware domain-stripping.

The vrf vrf-name argument specifies the per VRF configuration.

Step 7

Router(config)# radius-server attribute

list

list-name

Defines the list name given to the set of attributes defined using
the attribute command.

Step 8

Router(config)# radius-server key string

Specifies the authentication and encryption key for all RADIUS
communications between the router and the RADIUS daemon.

Step 9

Router(config)# radius-server vsa send

authentication

Configures the LAC to recognize and use vendor-specific
attributes.

Command

Purpose

Command

Purpose

Step 1

Router> enable

Enters privileged EXEC mode.

Step 2

Router# configure terminal

Enters global configuration mode.

Step 3

Router(config)# vpdn-group group-name

Defines a local group name for which you can assign other VPDN
variables. Enters VPDN group configuration mode.

Step 4

Router(config-vpdn)# request-dialin

Enables the LAC to request L2TP tunnels to the LNS and enters
VPDN request-dialin group mode.

Step 5

Router(config-vpdn-req-in)# protocol 12tp

Specifies the Layer 2 Tunnel Protocol.

Advertising
Popular Brands
Popular manuals