[cisco-bba] "vpdn authen-before-forward" & specific radius for vpdn

Dennis Peng dpeng at cisco.com
Wed Nov 19 14:55:52 EST 2003 

Dennis Peng [dpeng at cisco.com] wrote:
> Tassos Chatzithomaoglou [achatz at forthnet.gr] wrote:
> > If i use "vpdn authen-before-forward" & "vpdn aaa override-server x.x.x.x" 
> > on a LAC, will radius server x.x.x.x be used for authentication of vpdn 
> > sessions too?
> > Or will it be used only for vpdn tunnel authorization?
> 
> Only for tunnel authorization.
> 
> > If the above is not working, is there a way (besides the directed-request 
> > "hack") i can have vpdn users authenticated on the LAC (before the actual 
> > forwarding to the LNS) in a different radius server from the default used 
> > for local users?
> 
> No, not really. The LAC doesn't "know" whether the user is a VPDN one
> or not prior to authentication.
> 
> > Also, why is "vpdn aaa override-server" not supported on 5350?
> 
> The command has been deprecated. If you try to configure it in
> 12.3(1a), you'll see:
> 
> router(config)#vpdn aaa override-server 1.2.3.4
>  VPDN Warning, override-server is no longer supported.
>  Use "vpdn authorization" under interface context.
> 
> You should be able to use the "vpdn tunnel authorization network
> <method list>" command to replace the override-server
> functionality. But I see two problems here, one the command is only in
> 12.2B/12.3B/12.3(4)T or later. And second it doesn't seem to have any
> effect on the LAC. I'll need to investigate.

Sorry, I got confused here. The replacement command is "vpdn
authorization <method list>" under the interface. "vpdn tunnel
authorization network <method list>" is for something else.

Dennis

> Dennis
> 
> > AS5300 (12.2(15)T8)
> > ------------------------
> > AS5300(config)#vpdn aaa ?
> >   attribute        Customize selected aaa attributes
> >   override-server  Designate AAA server for VPDN authorization
> >   untagged         Untagged attribute from AAA server
> > 
> > 
> > AS5350 (12.3(1a))
> > -----------------
> > AS5350(config)#vpdn aaa ?
> >   attribute  Customize selected aaa attributes
> >   untagged   Untagged attribute from AAA server
> > 
> > -- 
> > ***********************************
> >    Chatzithomaoglou Anastasios
> > Network Design & Operations Center
> >           FORTHnet S.A.
> >       <achatz at forthnet.gr>
> > ***********************************
> > 
> > 
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list