Cisco 10000 User Manual

Page 197

Advertising
background image

5-33

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

L2TP Network Server

Step 4

Router(config)# aaa authorization network

list-name method1 [method2...]

Sets parameters that restrict user access to a network.

The list-name argument is a character string used to name the list
of authentication methods tried when a user logs in.

The method1[method2...] argument is at least one of the following
keywords:

group radius—Uses the list of all RADIUS servers for
authentication.

group group-name—Uses a subset of RADIUS servers for
authentication as defined by the aaa group server radius
command.

if-authenticated—Succeeds if user has been successfully
authenticated.

local—Uses the local username database for authentication.

none—Uses no authentication.

Step 5

Router(config)# aaa accounting {system

default

[vrf vrf-name] | network {default

| none | start-stop | stop-only |

wait-start

} group group-name

Enables AAA accounting of requested services for billing or
security purposes when you use RADIUS.

The system default keyword performs accounting for all
system-level events not associated with users, such as reloads.

The vrf vrf-name keyword and argument specify a VRF
configuration.

The network keyword runs accounting for all network-related
service requests.

The default keyword specifies the default accounting list:

none—No accounting.

start-stop—Record stop and start without waiting.

stop-only—Record stop when service terminates.

wait-start—Record stop and start after start-record commit.

The group group-name keyword and argument use a subset of
RADIUS servers for accounting as defined by the server group
group-name.

Step 6

Router(config)# aaa accounting

delay-start vrf

vrf-name

Delays generation of the start accounting records until the user
IP address is established.

The vrf vrf-name keyword and argument enables the specification
on a per VRF basis.

Step 7

Router(config)# aaa accounting send

stop-record authentication failure vrf

vrf-name

Generates accounting stop records for users who fail to
authenticate at login or during session negotiation.

The vrf vrf-name keyword and argument enables the specification
on a per VRF basis.

Command

Purpose

Advertising
Popular Brands
Popular manuals