[cisco-bba] aaa authorization question
Clayton Zekelman
clayton at MNSi.Net
Wed Dec 24 09:30:23 EST 2003
Hello!
I've set up a test-bed system for tunnel switching on a Cisco 2611
(12.3(3)), and am having some issues.
Typically, we put the statement "aaa authorization network default group
radius" in to allow RADIUS to specify an IP address for a user in the
Framed-IP-Address attribute.
Unfortunately, when I configure this, RADIUS is then used for the Tunnel
destinations, rather than what is configured in the VPDN group:
vpdn-group mnsi
request-dialin
protocol l2tp
domain mnsi.net
domain otherisp.com
domain someone.net
initiate-to ip XXX.XXX.XXX.XXX
local name LONDON47H28
l2tp tunnel password somepassword
The problem arises in that I'd like to use the local configuration, rather
than the RADIUS response to determine where to tunnel a user, but also
locally terminate users who are not tunneled, but still allow assigning an
IP address through the Framed-IP-Address RADIUS attribute.
This device would be acting as a PPPoE aggregator - inbound sessions on
another vpdn group.
Suggestions?
---
Clayton Zekelman
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
Windsor, Ontario
N8X 5E8
tel. 519-985-8410
fax. 519-258-3009
More information about the cisco-bba
mailing list