Aaa method lists, Defining aaa – Cisco 10000 User Manual

Page 296

Advertising
background image

11-6

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 11 Configuring Local AAA Server, User Database—Domain to VRF

AAA Method Lists

The AAA method lists are defined to use RADIUS for authentication and accounting. Authorization is
done locally using the AAA attribute lists. Defining the AAA attribute lists for PPP under the virtual
template no longer requires defining the AAA lists. Instead, a default authentication and authorization
list can be defined on the virtual template and the AAA method lists can be defined in the AAA attribute
lists. 2000 method lists are supported.

Using method lists does require that you define aaa authentication ppp default and aaa authorization
network default lists. The following is an example of the commands you use to configure method lists:

interface virtual-template

ppp authentication pap chap

aaa new-model

aaa authentication ppp default local

aaa authorization network default local

aaa authentication ppp method list name group radius

aaa authorization network method list name local if-authenticated

aaa accounting network method list name start-stop group radius

aaa attribute list <domain name>

attribute type ppp-authen-list "method list name"

attribute type ppp-author-list "method list name"

attribute type ppp-acct-list "method list name"

Configuration Tasks for Local AAA Server, User Database—Domain to VRF
Using Local Attributes

To configure a user name domain to a VRF using local AAA attributes, perform the following
configuration tasks:

Defining AAA, page 11-6

Defining RADIUS and Enabling NAS-PORT, page 11-7

Defining a VRF, page 11-7

Applying AAA to a Virtual Template, page 11-7

Defining a Loopback Interface, page 11-8

Creating an IP Address Pool, page 11-8

Defining a Subscriber Profile, page 11-8

Defining an AAA Attribute List, page 11-8

Defining AAA

To define AAA (authentication, authorization, and accounting), enter the following commands in global
configuration mode:

Command

Purpose

Step 1

Router(config)# aaa new-model

Enables the AAA access control model.

Step 2

Router(config)# aaa authentication ppp

list-name group radius

Specifies RADIUS to authenticate the PPP user name.

Advertising
Popular Brands
Popular manuals