Filter
Top Products
5-15
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
Layer 2 Access Concentrator
Example 5-8 Configuring the RADIUS User Profile for Domain Preauthorization
user = nas-port:10.16.9.9:0/0/0/30.33{
profile_id = 826
profile_cycle = 1
radius=Cisco {
check_items = {
2=cisco
}
reply_attributes= {
9, 1=”vpdn:vpd-domain-list=net1.com,net2.com”
Verifying the RADIUS User Profile for Domain Preauthorization
To verify the RADIUS user profile, see your RADIUS server user documentation.
Configuring the RADIUS Service Profile for Tunnel Service Authorization
To enable tunnel service authorization, enter the following configuration parameters in the service
profile on the RADIUS server:
Example 5-9 Configuring the RADIUS Service Profile for Tunnel Service Authorization
user = net1.com{
profile_id = 45
profile_cycle = 18
member = me
radius=Cisco {
check_items= [
2=cisco
}
reply_attributes= {
9,1=”vpdn:tunnel-id=LAC-1”
9,1=”vpdn:12tp-tunnel_password=MySecret”
9,1=”vpdn:tunnel-type=12tp”
9,1=”vpdn:ip-addresses=10.16.10.10”
6=5
}
}
}
Verifying the RADIUS Service Profile for Tunnel Service Authorization
To verify the RADIUS service profile, see your RADIUS server user documentation.
RADIUS Entry Purpose
domain Password “cisco”
Sets the fixed password.
User-Service-Type = Outbound-User
Configures the service-type as outbound.
Cisco-AVpair = “vpdn:tunnel-id=name”
Specifies the name of the tunnel that must match the LNS’s
VPDN terminate-from hostname.
Cisco-AVpair = “vpdn:12tp-tunnel-password=secret”
Specifies the secret (password) for L2TP tunnel authentication.
Cisco-AVpair = “vpdn:tunnel-type=12tp”
Specifies Layer 2 Tunnel Protocol.
Cisco-AVpair = “vpdn:ip-addresses=ip-address”
Specifies the IP address of the LNS.