[cisco-bba] vpdn multihop & aaa

[Tassos Chatzithomaoglou]

Thanks for the tip Paul, but this command requires 12.3(4)T and i'm using 12.3.6b (and 
have no intention to upgrade ;-) right now).

Any other idea?

Paul Horrocks (phorrock) wrote:

> Hi Tassos
> 
> Have a look at:
> 
> <http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/
> 123tdr/dia_s6gt.htm#wp1168741>
>    
>    vpdn tunnel authorization network  
> 
> Regards
> 
> Paul.
> 
> 
>>-----Original Message-----
>>From: cisco-bba-bounces at puck.nether.net 
>>[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Tassos 
>>Chatzithomaoglou
>>Sent: 04 August 2004 14:15
>>To: cisco-bba
>>Subject: [cisco-bba] vpdn multihop & aaa
>>
>>
>>The network topology is:
>>
>>LAC <--> LNS1 <--> LNS2
>>
>>
>>I have configured LNS1 for vpdn multihop, but i have come into 
>>the following "problem":
>>
>>If i use "aaa authorization network default group tacacs+",
>>then LNS1 asks tacacs about the outgoing vpdn creation, 
>>instead of using the following 
>>localy configured vpdn-group, so vpdn forwarding isn't working 
>>(tacacs provides the vpdn 
>>info for the LAC also, so i'm getting a vpdn "loop" there).
>>
>>vpdn-group LNS1-2-LNS2
>> request-dialin
>>  protocol l2tp
>>  domain test.gr
>> initiate-to ip x.x.x.x
>> local name LNS1
>>
>>If i use "aaa authorization network default local group tacacs+",
>>then LNS1 uses the local vpdn-group and everything works fine.
>>
>>Is there a way i can define an aaa authorization method (which 
>>will use local aaa) 
>>explicity for this vpdn?
>>
>>If i don't want to change the "aaa authorization network 
>>default group tacacs+", what else 
>>can i do in order to make the outgoing vpdn use the local 
>>configured config instead of the 
>>tacacs one? I though this was the default behaviour :-( until 
>>i tried it.
>>_______________________________________________
>>cisco-bba mailing list
>>cisco-bba at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-bba
>>
> 
>