Configuring radius attribute – Cisco 10000 User Manual

5-37

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

L2TP Network Server

Verifying Sessions per Tunnel Limiting on the LNS

To verify sessions per tunnel limiting on the LNS, enter the following commands:

Configuring RADIUS Attribute Accept or Reject Lists

To configure a RADIUS attribute accept or reject list for authorization or accounting, enter the following
commands:

Command

Purpose

Router# show running-config

Displays the current router configuration. Check the output to
verify that you successfully configured the maximum number of
sessions per tunnel.

Router# show vpdn tunnel

Displays information about all active L2TP tunnels in
summary-style format. Check the output to verify that the number
of displayed sessions does not exceed your configured limit.

Command

Purpose

Step 1

Router> enable

Enters privileged EXEC mode.

Step 2

Router# config terminal

Enters global configuration mode.

Step 3

Router(config)# aaa authentication ppp

default group

group-name

Specifies one or more AAA authentication methods for use on
serial interfaces running PPP.

Step 4

Router(config)# aaa authorization network

default group

group-name

Sets parameters that restrict network access to the user.

Step 5

Router(config)# aaa group server radius

group-name

Groups different RADIUS server hosts into distinct lists and
distinct methods and enters server group configuration mode.

Step 6

Router(config-sg-radius)# server-private

ip-address timeout seconds retransmit

retries key string

Configures the IP address of the private RADIUS server for the
group server.

The ip-address argument specifies the IP address of the private
RADIUS server host.

(Optional) The seconds argument specifies the timeout value (1 to
1000).

The string argument specifies the authentication and encryption
key for all RADIUS communications between the Cisco 10000
series router and the RADIUS server.

Step 7

Router(config-sg-radius)# authorization

[accept | reject] listname

and/or

Router(config-sg-radius)# accounting

[accept | reject] listname

Specifies a filter for the attributes that are returned in an
Access-Accept packet from the RADIUS server.

Specifies a filter for the attributes that are to be sent to the
RADIUS server in an accounting request.

The accept keyword indicates that all attributes will be rejected
except the attributes specified in the listname argument.

The reject keyword indicates that all attributes will be accepted
except for the attributes specified in the listname argument and all
standard attributes.