Cisco Systems 10000 Network Router User Manual


  Open as PDF
of 624
 
5-45
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
L2TP Network Server
Configuration Examples for LNS
This section provides example configurations for the following features:
Managed LNS Configuration Example, page 5-45
Tunnel Accounting Configuration Examples, page 5-47
Tunnel Authentication Configuration Examples, page 5-50
Managed LNS Configuration Example
Example 5-17 is an example of how to configure the Managed LNS features on the Cisco 10000 series
router. In this example, the Cisco 10000 series router terminates the tunnel from the LAC and associates
the VRFs with the interfaces and the virtual template interfaces. This configuration also configures
RADIUS attribute screening and AAA accounting for the VRFs.
Example 5-17 Configuring Managed LNS on the Cisco 10000 Series Router
!Enables AAA.
aaa new-model
!
!Configures private server parameters.
aaa group server radius vpn1
server-private 192.168.1.128 auth-port 1645 acct-port 1646 key cisco
server-private 192.168.2.128 auth-port 1645 acct-port 1646 timeout 10 retransmit 3 key
!Configures RADIUS attribute screening.
cisco1
authorization reject vpn1-autho-list
accounting reject vpn1-account-list
ip vrf forwarding vpn1
!
!Configures private server parameters.
aaa group server radius vpn2
server-private 192.168.1.128 auth-port 1645 acct-port 1646 key cisco
server-private 192.168.2.128 auth-port 1645 acct-port 1646 timeout 10 retransmit 3 key
cisco1
ip vrf forwarding vpn2
!
!Configures AAA accounting for the VRFs.
aaa authentication ppp vpn1 group vpn1
aaa authentication ppp vpn2 group vpn2
aaa authorization network vpn1 group vpn1
aaa authorization network vpn2 group vpn2
aaa accounting update periodic 1
aaa accounting network vpn1 start-stop group vpn1
aaa accounting network vpn2 start-stop group vpn2
aaa accounting system default vrf vpn1 start-stop group vpn1
aaa accounting system default vrf vpn2 start-stop group vpn2
aaa session-id common
!
!Configures the VRFs.
ip vrf vpn1
rd 1100:1
!
ip vrf vpn2
rd 1100:2
vpdn enable
!
!Terminates the tunnel from the LAC.
vpdn-group 1
 previous next