[cisco-bba] vpdn multihop & aaa

Tassos Chatzithomaoglou achatz at forthnet.gr
Wed Aug 4 09:15:29 EDT 2004


The network topology is:

LAC <--> LNS1 <--> LNS2


I have configured LNS1 for vpdn multihop, but i have come into the following "problem":

If i use "aaa authorization network default group tacacs+",
then LNS1 asks tacacs about the outgoing vpdn creation, instead of using the following 
localy configured vpdn-group, so vpdn forwarding isn't working (tacacs provides the vpdn 
info for the LAC also, so i'm getting a vpdn "loop" there).

vpdn-group LNS1-2-LNS2
  request-dialin
   protocol l2tp
   domain test.gr
  initiate-to ip x.x.x.x
  local name LNS1

If i use "aaa authorization network default local group tacacs+",
then LNS1 uses the local vpdn-group and everything works fine.

Is there a way i can define an aaa authorization method (which will use local aaa) 
explicity for this vpdn?

If i don't want to change the "aaa authorization network default group tacacs+", what else 
can i do in order to make the outgoing vpdn use the local configured config instead of the 
tacacs one? I though this was the default behaviour :-( until i tried it.


More information about the cisco-bba mailing list