Filter
Top Products
5-11
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
Layer 2 Access Concentrator
Enabling Domain Preauthorization
To enable the LAC to perform domain authorization before tunneling, enter the following commands:
Example 5-3 Enabling Domain Preauthorization
!
aaa new-model
aaa authorization network default local group radius
!
vpdn authorize domain
!
radius-server host 10.16.9.9 auth-port 1645 acct-port 1646
radius-server attribute nas-port format d
radius-server key MyKey
radius-server vsa send authentication
!
Verifying Domain Preauthorization
To verify that you successfully enabled domain preauthorization, enter the following commands:
Configuring the LAC to Communicate with the RADIUS Server
To enable the LAC to communicate properly with the RADIUS server for tunnel service authorization,
enter the following commands:
Command Purpose
Step 1
Router> enable
Enters privileged EXEC mode.
Step 2
Router# config terminal
Enters global configuration mode.
Step 3
Router(config)# vpdn authorize domain
Enables domain preauthorization.
Command Purpose
Router# show running-config
Verifies that you successfully configured the maximum number
of sessions per tunnel.
Router# show vpdn tunnel
Verifies active L2TP tunnel information in a VPDN environment.
Router# show vpdn session
Verifies active L2TP sessions in a VPDN environment.
Command Purpose
Step 1
Router> enable
Enters privileged EXEC mode.
Step 2
Router# config terminal
Enters global configuration mode.
Step 3
Router(config)# radius-server host
{hostname | ip-address} [auth-port
port-number] [acct-port port-number]
Specifies the RADIUS server host.
Step 4
Router(config)# radius-server retransmit
retries
Specifies the number of times the Cisco IOS software searches the
list of RADIUS server hosts before giving up. The default number
of retries is 3 attempts.