[cisco-bba] "vpdn authen-before-forward" & specific radius for vpdn

Dennis Peng dpeng at cisco.com
Wed Nov 19 14:47:12 EST 2003 

Tassos Chatzithomaoglou [achatz at forthnet.gr] wrote:
> If i use "vpdn authen-before-forward" & "vpdn aaa override-server x.x.x.x" 
> on a LAC, will radius server x.x.x.x be used for authentication of vpdn 
> sessions too?
> Or will it be used only for vpdn tunnel authorization?

Only for tunnel authorization.

> If the above is not working, is there a way (besides the directed-request 
> "hack") i can have vpdn users authenticated on the LAC (before the actual 
> forwarding to the LNS) in a different radius server from the default used 
> for local users?

No, not really. The LAC doesn't "know" whether the user is a VPDN one
or not prior to authentication.

> Also, why is "vpdn aaa override-server" not supported on 5350?

The command has been deprecated. If you try to configure it in
12.3(1a), you'll see:

router(config)#vpdn aaa override-server 1.2.3.4
 VPDN Warning, override-server is no longer supported.
 Use "vpdn authorization" under interface context.

You should be able to use the "vpdn tunnel authorization network
<method list>" command to replace the override-server
functionality. But I see two problems here, one the command is only in
12.2B/12.3B/12.3(4)T or later. And second it doesn't seem to have any
effect on the LAC. I'll need to investigate.

Dennis

> AS5300 (12.2(15)T8)
> ------------------------
> AS5300(config)#vpdn aaa ?
>   attribute        Customize selected aaa attributes
>   override-server  Designate AAA server for VPDN authorization
>   untagged         Untagged attribute from AAA server
> 
> 
> AS5350 (12.3(1a))
> -----------------
> AS5350(config)#vpdn aaa ?
>   attribute  Customize selected aaa attributes
>   untagged   Untagged attribute from AAA server
> 
> -- 
> ***********************************
>    Chatzithomaoglou Anastasios
> Network Design & Operations Center
>           FORTHnet S.A.
>       <achatz at forthnet.gr>
> ***********************************
> 
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list