Cisco 10000 User Manual

Page 206

Advertising
background image

5-42

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

L2TP Network Server

Configuring the LNS for RADIUS Tunnel Authentication

To configure the LNS for RADIUS tunnel authentication, perform the following required configuration
tasks:

Configuring RADIUS Tunnel Authentication Method Lists on the LNS, page 5-42

Configuring AAA Authentication Methods, page 5-43

Configuring Vendor-Specific Attributes on RADIUS, page 5-44

Note

Cisco 10000 series router supports L2TP tunnel authorization, however, RADIUS does not provide
attributes for such parameter values as L2TP tunnel timeouts, L2TP tunnel hello intervals, and L2TP
tunnel receive window size. When the Cisco 10000 series router does not receive a RADIUS attribute
for a parameter, the router uses the default value.

Configuring RADIUS Tunnel Authentication Method Lists on the LNS

To configure method lists on the LNS for RADIUS tunnel authentication, enter the following commands
beginning in global configuration mode:

Command

Purpose

Step 1

Router(config)# aaa authorization network

list-name method1 [method2...]

Sets parameters that restrict user access to a network.

The list-name argument is a character string used to name the list
of authentication methods tried when a user logs in.

The method1[method2...] argument is at least one of the following
keywords:

group radius—Uses the list of all RADIUS servers for
authentication.

group group-name—Uses a subset of RADIUS servers for
authentication as defined by the aaa group server radius
command.

if-authenticated—Succeeds if the user has been successfully
authenticated.

local—Uses the local username database for authentication.

none—Uses no authentication.

Note

The method list is only for VPDN tunnel authorization
and termination, not for domain and DNIS authorization.
Therefore, the method list applies only on the tunnel
terminator device: the LAC for dialout sessions and the
LNS for dialin sessions.

Step 2

Router(config)# vpdn tunnel authorization

network

<method list name>

Specifies the AAA method list to use for VPDN remote tunnel
hostname-based authorization.

If you do not specify a method list (including a default method
list) by using the vpdn tunnel authorization network command,
local authorization occurs by using the local VPDN group
configuration.

Advertising
Popular Brands
Popular manuals