Cisco 10000 User Manual

5-32

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

L2TP Network Server

Configuring AAA for the VRF

To configure AAA for the VRF, enter the following commands:

Step 4

Router(config-sg-radius)# server-private

ip-address timeout seconds retransmit

retries key string

Configures the IP address of the private RADIUS server for the
group server.

The ip-address argument specifies the IP address of the private
RADIUS server host.

(Optional) The seconds argument specifies the timeout value (1 to
1000).

The string argument specifies the authentication and encryption
key for all RADIUS communications between the Cisco 10000
series router and the RADIUS server.

Step 5

Router(config-sg-radius)# ip vrf

forwarding

vrf-name

Configures the VRF reference of the AAA RADIUS server group.

The vrf-name argument is the name assigned to a VRF instance.

Command

Purpose

Command

Purpose

Step 1

Router> enable

Enters privileged EXEC mode.

Step 2

Router# config terminal

Enters global configuration mode.

Step 3

Router(config)# aaa authentication ppp

list-name method1 [method2...]

Specifies one or more AAA authentication methods for use on
serial interfaces running PPP.

The list-name argument is a character string used to name the list
of authentication methods tried when a user logs in.

The method1[method2...] argument is at least one of the following
keywords:

•

if-needed—Does not authenticate if user has already been
authenticated on a TTY line.

•

local—Uses the local username database for authentication.

•

local-case—Uses case-sensitive local username
authentication.

•

none—Uses no authentication.

•

group radius—Uses the list of all RADIUS servers for
authentication.

•

group group-name—Uses a subset of RADIUS servers for
authentication as defined by the aaa group server radius
command.