Table of Contents
Advertisement
A
G
CCESS
ATEWAY
Define Tunnel Profiles
Tunnel profiles can be defined when L2TP tunnel parameters are known and it is not necessary
to send an access request to a RADIUS server to obtain those parameters or for accounting
purposes.
Create a tunnel profile for each L2TP tunnel whose parameters are known. The tunnel
parameters that the profile contains are the IP address of the LNS and the tunnel password. See
Figure 2 for an example of a tunnel profile. Where is Figure 2?
Define Realm Routing Policies
Realm routing policies are used to determine how supplied username/password input is used to
authenticate users. Create a realm routing policy for each realm that will be handled. The realm
routing policy will reference either a RADIUS service profile or a tunnel profile. Many
different realm routing policies can reference the same RADIUS service or tunnel profile.
This policy references a RADIUS service profile so a realm match will result in an access
request being sent to the RADIUS server(s) specified in the RADIUS service profile. In this
case, the RADIUS service profile "RadiusPrefix" is referenced and so the RADIUS server(s)
defined therein will receive RADIUS access requests.
Notice that the checkbox is unchecked for "Strip off routing information when sending to
RADIUS server". This box must always be unchecked in order to pass realm information to
the RADIUS server(s) for matching of realm information to its defined tunnel profiles, which
contain the needed tunnel parameters.
The checkbox "Strip off routing information when sending to tunnel server" may or may not
be checked depending on the configuration of the tunnel server and how it will be
authenticating subscribers. In this example, it is checked and so realm information will be
stripped leaving only the simple username and password to be passed to the tunnel server.
System Administration
171
Advertisement
Table of Contents
