Support User Manuals

Cisco Systems 10000 Network Router User Manual

Open as PDF

of 624

5-51

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server

L2TP Network Server

LNS Configuration to Support RADIUS Tunnel Authentication

The following example is an LNS configuration that supports RADIUS tunnel authentication. In this

configuration, a RADIUS server group is defined by using the aaa group server radius VPDN-Group

command. The aaa authorization network mymethodlist group VPDN-Group command queries

RADIUS for network authorization.

aaa group server radius VPDN-Group

server 64.102.48.91 auth-port 1645 acct-port 1646

aaa authorization network mymethodlist group VPDN-Group

vpdn tunnel authorization network mymethodlist

vpdn tunnel authorization virtual-template 10

RADIUS Configuration to Support Tunnel Authentication

The following example is a RADIUS configuration that allows the LNS to terminate L2TP tunnels from

a LAC. In this configuration, VirtualTemplate10 is used to clone a VAI on the LNS.

myLACname Password = “cisco”

Service-Type = Outbound,

Tunnel-Type = :0:l@TP,

Tunnel-Medium-Type = :o:IP,

Tunnel-Client-Auth-ID = :0:”myLACname”,

Tunnel-Password = :0:”mytunnelpassword”,

Cisco:Cisco-Avpair = “vpdn:vpdn-vtemplate=10”

Note For additional authentication examples, see the “Configuring Authentication” chapter in the Cisco IOS

Security Configure Guide, Release 12.2.

Monitoring and Maintaining LNS

To monitor and maintain the features configured on the LNS, enter the following commands in privileged

EXEC mode:

Command Purpose

Router# show accounting

Displays accounting records for users currently logged in.

Displays active accountable events on the network and helps

collect information in the event of a data loss on the accounting

server.

Router# show interfaces virtual-access number

[configuration]

Displays status, traffic data, and configuration information about

the virtual access interface you specify.

Router# show ip route vrf vrf-name

Displays the IP routing table associated with a VRF.

Router# show radius statistics

Displays the RADIUS statistics for accounting and

authentication packets.

Router# show vpdn

Displays all tunnel and session information for all active sessions

and tunnels.

Router# show vpdn session

Displays information about active L2TP sessions in a virtual

private dialup network (VPDN).

Router# show vpdn session all username username

Displays statistics about all active L2TP tunnels for the username

you specify.

previous next