Filter
Top Products
5-37
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
L2TP Network Server
Verifying Sessions per Tunnel Limiting on the LNS
To verify sessions per tunnel limiting on the LNS, enter the following commands:
Configuring RADIUS Attribute Accept or Reject Lists
To configure a RADIUS attribute accept or reject list for authorization or accounting, enter the following
commands:
Command Purpose
Router# show running-config
Displays the current router configuration. Check the output to
verify that you successfully configured the maximum number of
sessions per tunnel.
Router# show vpdn tunnel
Displays information about all active L2TP tunnels in
summary-style format. Check the output to verify that the number
of displayed sessions does not exceed your configured limit.
Command Purpose
Step 1
Router> enable
Enters privileged EXEC mode.
Step 2
Router# config terminal
Enters global configuration mode.
Step 3
Router(config)# aaa authentication ppp
default group group-name
Specifies one or more AAA authentication methods for use on
serial interfaces running PPP.
Step 4
Router(config)# aaa authorization network
default group group-name
Sets parameters that restrict network access to the user.
Step 5
Router(config)# aaa group server radius
group-name
Groups different RADIUS server hosts into distinct lists and
distinct methods and enters server group configuration mode.
Step 6
Router(config-sg-radius)# server-private
ip-address timeout seconds retransmit
retries key string
Configures the IP address of the private RADIUS server for the
group server.
The ip-address argument specifies the IP address of the private
RADIUS server host.
(Optional) The seconds argument specifies the timeout value (1 to
1000).
The string argument specifies the authentication and encryption
key for all RADIUS communications between the Cisco 10000
series router and the RADIUS server.
Step 7
Router(config-sg-radius)# authorization
[accept | reject] listname
and/or
Router(config-sg-radius)# accounting
[accept | reject] listname
Specifies a filter for the attributes that are returned in an
Access-Accept packet from the RADIUS server.
Specifies a filter for the attributes that are to be sent to the
RADIUS server in an accounting request.
The accept keyword indicates that all attributes will be rejected
except the attributes specified in the listname argument.
The reject keyword indicates that all attributes will be accepted
except for the attributes specified in the listname argument and all
standard attributes.