[cisco-bba] vpdn multihop & aaa
Paul Horrocks (phorrock)
phorrock at cisco.com
Wed Aug 4 10:34:18 EDT 2004
Hi Tassos
Have a look at:
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/
123tdr/dia_s6gt.htm#wp1168741>
vpdn tunnel authorization network
Regards
Paul.
>-----Original Message-----
>From: cisco-bba-bounces at puck.nether.net
>[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Tassos
>Chatzithomaoglou
>Sent: 04 August 2004 14:15
>To: cisco-bba
>Subject: [cisco-bba] vpdn multihop & aaa
>
>
>The network topology is:
>
>LAC <--> LNS1 <--> LNS2
>
>
>I have configured LNS1 for vpdn multihop, but i have come into
>the following "problem":
>
>If i use "aaa authorization network default group tacacs+",
>then LNS1 asks tacacs about the outgoing vpdn creation,
>instead of using the following
>localy configured vpdn-group, so vpdn forwarding isn't working
>(tacacs provides the vpdn
>info for the LAC also, so i'm getting a vpdn "loop" there).
>
>vpdn-group LNS1-2-LNS2
> request-dialin
> protocol l2tp
> domain test.gr
> initiate-to ip x.x.x.x
> local name LNS1
>
>If i use "aaa authorization network default local group tacacs+",
>then LNS1 uses the local vpdn-group and everything works fine.
>
>Is there a way i can define an aaa authorization method (which
>will use local aaa)
>explicity for this vpdn?
>
>If i don't want to change the "aaa authorization network
>default group tacacs+", what else
>can i do in order to make the outgoing vpdn use the local
>configured config instead of the
>tacacs one? I though this was the default behaviour :-( until
>i tried it.
>_______________________________________________
>cisco-bba mailing list
>cisco-bba at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-bba
>
More information about the cisco-bba
mailing list