Cisco 10000-2P2-2DC Software Configuration Manual page 181

Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
Example 5-8
user = nas-port:10.16.9.9:0/0/0/30.33{
Verifying the RADIUS User Profile for Domain Preauthorization
To verify the RADIUS user profile, see your RADIUS server user documentation.
Configuring the RADIUS Service Profile for Tunnel Service Authorization
To enable tunnel service authorization, enter the following configuration parameters in the service
profile on the RADIUS server:
RADIUS Entry
domain Password "cisco"
User-Service-Type = Outbound-User
Cisco-AVpair = "vpdn:tunnel-id=name"
Cisco-AVpair = "vpdn:12tp-tunnel-password=secret"
Cisco-AVpair = "vpdn:tunnel-type=12tp"
Cisco-AVpair = "vpdn:ip-addresses=ip-address"
Example 5-9
user = net1.com{
profile_id = 45
profile_cycle = 18
member = me
radius=Cisco {
check_items= [
2=cisco
}
reply_attributes= {
9,1="vpdn:tunnel-id=LAC-1"
9,1="vpdn:12tp-tunnel_password=MySecret"
9,1="vpdn:tunnel-type=12tp"
9,1="vpdn:ip-addresses=10.16.10.10"
6=5
}
}
}
Verifying the RADIUS Service Profile for Tunnel Service Authorization
To verify the RADIUS service profile, see your RADIUS server user documentation.
OL-2226-23
Configuring the RADIUS User Profile for Domain Preauthorization
profile_id = 826
profile_cycle = 1
radius=Cisco {
check_items = {
2=cisco
}
reply_attributes= {
9, 1="vpdn:vpd-domain-list=net1.com,net2.com"
Configuring the RADIUS Service Profile for Tunnel Service Authorization
Purpose
Sets the fixed password.
Configures the service-type as outbound.
Specifies the name of the tunnel that must match the LNS's
VPDN terminate-from hostname.
Specifies the secret (password) for L2TP tunnel authentication.
Specifies Layer 2 Tunnel Protocol.
Specifies the IP address of the LNS.
Cisco 10000 Series Router Software Configuration Guide
Layer 2 Access Concentrator
5-15