[cisco-bba] vpdn multihop & aaa

Dennis Peng dpeng at cisco.com
Wed Aug 4 11:45:09 EDT 2004


A long shot would be to try configuring:

aaa authorization network use-local local
interface virtual-template X
 vpdn authorization use-local

Not sure this will work with multihop though...

Dennis

Tassos Chatzithomaoglou [achatz at forthnet.gr] wrote:
> 
> The network topology is:
> 
> LAC <--> LNS1 <--> LNS2
> 
> 
> I have configured LNS1 for vpdn multihop, but i have come into the 
> following "problem":
> 
> If i use "aaa authorization network default group tacacs+",
> then LNS1 asks tacacs about the outgoing vpdn creation, instead of using 
> the following localy configured vpdn-group, so vpdn forwarding isn't 
> working (tacacs provides the vpdn info for the LAC also, so i'm getting a 
> vpdn "loop" there).
> 
> vpdn-group LNS1-2-LNS2
>  request-dialin
>   protocol l2tp
>   domain test.gr
>  initiate-to ip x.x.x.x
>  local name LNS1
> 
> If i use "aaa authorization network default local group tacacs+",
> then LNS1 uses the local vpdn-group and everything works fine.
> 
> Is there a way i can define an aaa authorization method (which will use 
> local aaa) explicity for this vpdn?
> 
> If i don't want to change the "aaa authorization network default group 
> tacacs+", what else can i do in order to make the outgoing vpdn use the 
> local configured config instead of the tacacs one? I though this was the 
> default behaviour :-( until i tried it.
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba


More information about the cisco-bba mailing list