Table of Contents
Advertisement
Chapter 5
Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
Verifying Sessions per Tunnel Limiting on the LNS
To verify sessions per tunnel limiting on the LNS, enter the following commands:
Command
Router# show running-config
Router# show vpdn tunnel
Configuring RADIUS Attribute Accept or Reject Lists
To configure a RADIUS attribute accept or reject list for authorization or accounting, enter the following
commands:
Command
Step 1
Router> enable
Step 2
Router# config terminal
Step 3
Router(config)# aaa authentication ppp
default group group-name
Step 4
Router(config)# aaa authorization network
default group group-name
Step 5
Router(config)# aaa group server radius
group-name
Step 6
Router(config-sg-radius)# server-private
ip-address timeout seconds retransmit
retries key string
Step 7
Router(config-sg-radius)# authorization
[accept | reject] listname
and/or
Router(config-sg-radius)# accounting
[accept | reject] listname
OL-2226-23
Purpose
Displays the current router configuration. Check the output to
verify that you successfully configured the maximum number of
sessions per tunnel.
Displays information about all active L2TP tunnels in
summary-style format. Check the output to verify that the number
of displayed sessions does not exceed your configured limit.
Purpose
Enters privileged EXEC mode.
Enters global configuration mode.
Specifies one or more AAA authentication methods for use on
serial interfaces running PPP.
Sets parameters that restrict network access to the user.
Groups different RADIUS server hosts into distinct lists and
distinct methods and enters server group configuration mode.
Configures the IP address of the private RADIUS server for the
group server.
The ip-address argument specifies the IP address of the private
RADIUS server host.
(Optional) The seconds argument specifies the timeout value (1 to
1000).
The string argument specifies the authentication and encryption
key for all RADIUS communications between the Cisco 10000
series router and the RADIUS server.
Specifies a filter for the attributes that are returned in an
Access-Accept packet from the RADIUS server.
Specifies a filter for the attributes that are to be sent to the
RADIUS server in an accounting request.
The accept keyword indicates that all attributes will be rejected
except the attributes specified in the listname argument.
The reject keyword indicates that all attributes will be accepted
except for the attributes specified in the listname argument and all
standard attributes.
Cisco 10000 Series Router Software Configuration Guide
L2TP Network Server
5-37
Advertisement
Table of Contents
Troubleshooting
