[cisco-bba] aaa authorization question
clayton at MNSi.Net
Wed Dec 24 09:30:23 EST 2003
I've set up a test-bed system for tunnel switching on a Cisco 2611
(12.3(3)), and am having some issues.
Typically, we put the statement "aaa authorization network default group
radius" in to allow RADIUS to specify an IP address for a user in the
Unfortunately, when I configure this, RADIUS is then used for the Tunnel
destinations, rather than what is configured in the VPDN group:
initiate-to ip XXX.XXX.XXX.XXX
local name LONDON47H28
l2tp tunnel password somepassword
The problem arises in that I'd like to use the local configuration, rather
than the RADIUS response to determine where to tunnel a user, but also
locally terminate users who are not tunneled, but still allow assigning an
IP address through the Framed-IP-Address RADIUS attribute.
This device would be acting as a PPPoE aggregator - inbound sessions on
another vpdn group.
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
More information about the cisco-bba