Cisco 10000 User Manual

11-9

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 11 Configuring Local AAA Server, User Database—Domain to VRF

Verifying Local AAA Server, User Database—Domain to VRF Using Local
Attributes

To verify domain to VRF using local attributes, use the show aaa users all command and the
show running-config command. See the next section for a configuration example.

Configuration Example for Local AAA Server, User Database—Domain to VRF

The following configuration example has two subscriber profiles that match on domain cisco1.com and
cisco2.com.

A subscriber with the domain name cisco1.com uses the parameters defined in the subscriber profile
cisco1.com. The name of the subscriber profile must be identical to the domain part of the full username
(username@domain). An attribute list cisco1.com defined in the service profile is used to reference AAA
attributes for the PPP subscribers.

Subscriber cisco1.com is applied with AAA attributes from AAA attribute list cisco1.com. An attribute
is applied to put the PPP session into a VRF called vrf1. An IP address is assigned from a local DHCP
pool called dhcp-pool. AAA authentication, authorization, and accounting are also defined and use an
AAA list called test1. These all use an AAA group server called group_server_test1.

A subscriber with the domain name cisco2.com uses the parameters defined in the subscriber profile
cisco2.com. The name of the subscriber profile must be identical to the domain part of the full username
(username@domain). An attribute list cisco2.com defined in the service profile is used to reference aaa
attributes for the PPP subscribers.

Subscriber cisco2.com is applied with AAA attributes from AAA attribute list cisco2.com. An attribute
is applied to put the PPP session into a VRF called vrf2. An IP address is assigned from a local pool
called pppoe2. AAA authentication, authorization, and accounting are also defined and use an AAA list
called test2. These all use an AAA group server called group_server_test2.

aaa new-model

!

!

aaa group server radius group_server_test1

server-private 192.168.2.20 auth-port 1645 acct-port 1646 key cisco

ip vrf forwarding vrf1

!

aaa group server radius group_server_test2

server-private 192.168.2.12 auth-port 1645 acct-port 1646 key cisco

ip vrf forwarding vrf2

!

aaa authentication ppp default local

aaa authentication ppp test1 group test1

aaa authentication ppp test2 group test2

aaa authorization network default local

aaa authorization network test1 local if-authenticated

Step 5

Router(config)# attribute type

ppp-authen-list

aaa_list_name

Defines the AAA authentication list to use.

Step 6

Router(config)# attribute type

ppp-author-list

aaa_list_name

Defines the AAA authorization list to use.

Step 7

Router(config)# attribute type

ppp-acct-list

aaa_list_name

Defines the AAA accounting list to use.

Command

Purpose