Cisco Systems 10000 Network Router User Manual


  Open as PDF
of 624
 
5-42
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
L2TP Network Server
Configuring the LNS for RADIUS Tunnel Authentication
To configure the LNS for RADIUS tunnel authentication, perform the following required configuration
tasks:
Configuring RADIUS Tunnel Authentication Method Lists on the LNS, page 5-42
Configuring AAA Authentication Methods, page 5-43
Configuring Vendor-Specific Attributes on RADIUS, page 5-44
Note Cisco 10000 series router supports L2TP tunnel authorization, however, RADIUS does not provide
attributes for such parameter values as L2TP tunnel timeouts, L2TP tunnel hello intervals, and L2TP
tunnel receive window size. When the Cisco 10000 series router does not receive a RADIUS attribute
for a parameter, the router uses the default value.
Configuring RADIUS Tunnel Authentication Method Lists on the LNS
To configure method lists on the LNS for RADIUS tunnel authentication, enter the following commands
beginning in global configuration mode:
Command Purpose
Step 1
Router(config)# aaa authorization network
list-name method1 [method2...]
Sets parameters that restrict user access to a network.
The list-name argument is a character string used to name the list
of authentication methods tried when a user logs in.
The method1[method2...] argument is at least one of the following
keywords:
group radius—Uses the list of all RADIUS servers for
authentication.
group group-name—Uses a subset of RADIUS servers for
authentication as defined by the aaa group server radius
command.
if-authenticated—Succeeds if the user has been successfully
authenticated.
local—Uses the local username database for authentication.
none—Uses no authentication.
Note The method list is only for VPDN tunnel authorization
and termination, not for domain and DNIS authorization.
Therefore, the method list applies only on the tunnel
terminator device: the LAC for dialout sessions and the
LNS for dialin sessions.
Step 2
Router(config)# vpdn tunnel authorization
network <method list name>
Specifies the AAA method list to use for VPDN remote tunnel
hostname-based authorization.
If you do not specify a method list (including a default method
list) by using the vpdn tunnel authorization network command,
local authorization occurs by using the local VPDN group
configuration.
 previous next