Support User Manuals

Cisco Systems 10000 Network Router User Manual

Open as PDF

of 624

5-33

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

L2TP Network Server

Step 4

Router(config)# aaa authorization network

list-name method1 [method2...]

Sets parameters that restrict user access to a network.

The list-name argument is a character string used to name the list

of authentication methods tried when a user logs in.

The method1[method2...] argument is at least one of the following

keywords:

• group radius—Uses the list of all RADIUS servers for

authentication.

• group group-name—Uses a subset of RADIUS servers for

authentication as defined by the aaa group server radius

command.

• if-authenticated—Succeeds if user has been successfully

authenticated.

• local—Uses the local username database for authentication.

• none—Uses no authentication.

Step 5

Router(config)# aaa accounting {system

default [vrf vrf-name] | network {default

| none | start-stop | stop-only |

wait-start} group group-name

Enables AAA accounting of requested services for billing or

security purposes when you use RADIUS.

The system default keyword performs accounting for all

system-level events not associated with users, such as reloads.

The vrf vrf-name keyword and argument specify a VRF

configuration.

The network keyword runs accounting for all network-related

service requests.

The default keyword specifies the default accounting list:

• none—No accounting.

• start-stop—Record stop and start without waiting.

• stop-only—Record stop when service terminates.

• wait-start—Record stop and start after start-record commit.

The group group-name keyword and argument use a subset of

RADIUS servers for accounting as defined by the server group

group-name.

Step 6

Router(config)# aaa accounting

delay-start vrf vrf-name

Delays generation of the start accounting records until the user

IP

address is established.

The vrf vrf-name keyword and argument enables the specification

on a per VRF basis.

Step 7

Router(config)# aaa accounting send

stop-record authentication failure vrf

vrf-name

Generates accounting stop records for users who fail to

authenticate at login or during session negotiation.

The vrf vrf-name keyword and argument enables the specification

on a per VRF basis.

Command Purpose

previous next