Cisco 10000-2P2-2DC Software Configuration Manual page 210

L2TP Network Server
Configuring Vendor-Specific Attributes on RADIUS
Cisco IOS Release 12.2(15)BX adds Cisco-specific VPDN RADIUS attributes to support RADIUS
tunnel authentication. To configure the RADIUS server for tunnel authentication, you must configure
the following vendor-specific attributes (VSAs) on the RADIUS server:
•
•
•
Note •
•
Example 5-15
In this configuration, VirtualTemplate10 is used to clone a virtual access interface (VAI) on the LNS.
Example 5-15 Configuring RADIUS for LNS Termination of L2TP Tunnels from a LAC
myLACname
Example 5-16
configuration, a RADIUS server group is defined using the aaa group server radius VPDN-Group
command. The aaa authorization network mymethodlist group VPDN-Group command queries
RADIUS for network authorization.
Example 5-16 Configuring the LNS to Support RADIUS Tunnel Authentication
aaa group server radius VPDN-Group
aaa authorization network mymethodlist group VPDN-Group
vpdn tunnel authorization network mymethodlist
vpdn tunnel authorization virtual-template 10
Cisco 10000 Series Router Software Configuration Guide
5-44
Chapter 5
vpdn-vtemplate—Specifies the virtual template number to use for cloning on the LNS. This attribute
corresponds to the virtual template associated with the local VPDN group on the LNS. This attribute
is not required if you used the vpdn tunnel authorization virtual-template <vtemplate num>
command on the LNS to configure a default virtual template to use for cloning.
Cisco:Cisco-Avpair = "vpdn:vpdn-vtemplate = <vtemplate number>"
dout-dialer—Specifies the LAC dialer to use on the LAC for a dialout configuration.
Cisco:Cisco-Avpair = "vpdn:dout-dialer = <LAC dialer number>"
Service-Type—Specifies an outbound or inbound service type. In the tunnel authorization request,
the LNS sets the Service-Type attribute to Outbound. Therefore, in the RADIUS configuration you
must also configure an Outbound Service-Type.
Service-Type = Outbound
For information about RADIUS attributes supported on the Cisco 10000 series router, see
Appendix A, "RADIUS Attributes"
Cisco IOS Security Configuration Guide, Release 12.2.
For more information about configuring RADIUS, see your RADIUS user documentation.
is a RADIUS configuration that allows the LNS to terminate L2TP tunnels from a LAC.
Password = "cisco"
Service-Type = Outbound,
Tunnel-Type = :0:l@TP,
Tunnel-Medium-Type = :o:IP,
Tunnel-Client-Auth-ID = :0:"myLACname",
Tunnel-Password = :0:"mytunnelpassword",
Cisco:Cisco-Avpair = "vpdn:vpdn-vtemplate=10"
is an LNS configuration that supports RADIUS tunnel authentication. In this
server 64.102.48.91 auth-port 1645 acct-port 1646
Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
or see the "RADIUS Attributes" appendix in the
OL-2226-23