[cisco-bba] vpdn multihop & aaa

Paul Horrocks (phorrock) phorrock at cisco.com
Wed Aug 4 10:34:18 EDT 2004


Hi Tassos

Have a look at:

<http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/
123tdr/dia_s6gt.htm#wp1168741>
   
   vpdn tunnel authorization network  

Regards

Paul.

>-----Original Message-----
>From: cisco-bba-bounces at puck.nether.net 
>[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Tassos 
>Chatzithomaoglou
>Sent: 04 August 2004 14:15
>To: cisco-bba
>Subject: [cisco-bba] vpdn multihop & aaa
>
>
>The network topology is:
>
>LAC <--> LNS1 <--> LNS2
>
>
>I have configured LNS1 for vpdn multihop, but i have come into 
>the following "problem":
>
>If i use "aaa authorization network default group tacacs+",
>then LNS1 asks tacacs about the outgoing vpdn creation, 
>instead of using the following 
>localy configured vpdn-group, so vpdn forwarding isn't working 
>(tacacs provides the vpdn 
>info for the LAC also, so i'm getting a vpdn "loop" there).
>
>vpdn-group LNS1-2-LNS2
>  request-dialin
>   protocol l2tp
>   domain test.gr
>  initiate-to ip x.x.x.x
>  local name LNS1
>
>If i use "aaa authorization network default local group tacacs+",
>then LNS1 uses the local vpdn-group and everything works fine.
>
>Is there a way i can define an aaa authorization method (which 
>will use local aaa) 
>explicity for this vpdn?
>
>If i don't want to change the "aaa authorization network 
>default group tacacs+", what else 
>can i do in order to make the outgoing vpdn use the local 
>configured config instead of the 
>tacacs one? I though this was the default behaviour :-( until 
>i tried it.
>_______________________________________________
>cisco-bba mailing list
>cisco-bba at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-bba
>



More information about the cisco-bba mailing list