[cisco-bba] vpdn multihop & aaa

Paul Horrocks (phorrock) phorrock at cisco.com
Wed Aug 4 11:30:07 EDT 2004 

Not that I'm aware of perhaps others on the list are a little more
creative than I.

>-----Original Message-----
>From: Tassos Chatzithomaoglou [mailto:achatz at forthnet.gr] 
>Sent: 04 August 2004 15:49
>To: Paul Horrocks (phorrock)
>Cc: cisco-bba
>Subject: Re: [cisco-bba] vpdn multihop & aaa
>
>Thanks for the tip Paul, but this command requires 12.3(4)T 
>and i'm using 12.3.6b (and 
>have no intention to upgrade ;-) right now).
>
>Any other idea?
>
>Paul Horrocks (phorrock) wrote:
>
>> Hi Tassos
>> 
>> Have a look at:
>> 
>> 
><http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
>3/123tcr/
>> 123tdr/dia_s6gt.htm#wp1168741>
>>    
>>    vpdn tunnel authorization network  
>> 
>> Regards
>> 
>> Paul.
>> 
>> 
>>>-----Original Message-----
>>>From: cisco-bba-bounces at puck.nether.net 
>>>[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Tassos 
>>>Chatzithomaoglou
>>>Sent: 04 August 2004 14:15
>>>To: cisco-bba
>>>Subject: [cisco-bba] vpdn multihop & aaa
>>>
>>>
>>>The network topology is:
>>>
>>>LAC <--> LNS1 <--> LNS2
>>>
>>>
>>>I have configured LNS1 for vpdn multihop, but i have come into 
>>>the following "problem":
>>>
>>>If i use "aaa authorization network default group tacacs+",
>>>then LNS1 asks tacacs about the outgoing vpdn creation, 
>>>instead of using the following 
>>>localy configured vpdn-group, so vpdn forwarding isn't working 
>>>(tacacs provides the vpdn 
>>>info for the LAC also, so i'm getting a vpdn "loop" there).
>>>
>>>vpdn-group LNS1-2-LNS2
>>> request-dialin
>>>  protocol l2tp
>>>  domain test.gr
>>> initiate-to ip x.x.x.x
>>> local name LNS1
>>>
>>>If i use "aaa authorization network default local group tacacs+",
>>>then LNS1 uses the local vpdn-group and everything works fine.
>>>
>>>Is there a way i can define an aaa authorization method (which 
>>>will use local aaa) 
>>>explicity for this vpdn?
>>>
>>>If i don't want to change the "aaa authorization network 
>>>default group tacacs+", what else 
>>>can i do in order to make the outgoing vpdn use the local 
>>>configured config instead of the 
>>>tacacs one? I though this was the default behaviour :-( until 
>>>i tried it.
>>>_______________________________________________
>>>cisco-bba mailing list
>>>cisco-bba at puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-bba
>>>
>> 
>> 
>
>
>

More information about the cisco-bba mailing list