[cisco-bba] vpdn multihop & aaa
Dennis Peng
dpeng at cisco.com
Wed Aug 4 11:45:09 EDT 2004
A long shot would be to try configuring:
aaa authorization network use-local local
interface virtual-template X
vpdn authorization use-local
Not sure this will work with multihop though...
Dennis
Tassos Chatzithomaoglou [achatz at forthnet.gr] wrote:
>
> The network topology is:
>
> LAC <--> LNS1 <--> LNS2
>
>
> I have configured LNS1 for vpdn multihop, but i have come into the
> following "problem":
>
> If i use "aaa authorization network default group tacacs+",
> then LNS1 asks tacacs about the outgoing vpdn creation, instead of using
> the following localy configured vpdn-group, so vpdn forwarding isn't
> working (tacacs provides the vpdn info for the LAC also, so i'm getting a
> vpdn "loop" there).
>
> vpdn-group LNS1-2-LNS2
> request-dialin
> protocol l2tp
> domain test.gr
> initiate-to ip x.x.x.x
> local name LNS1
>
> If i use "aaa authorization network default local group tacacs+",
> then LNS1 uses the local vpdn-group and everything works fine.
>
> Is there a way i can define an aaa authorization method (which will use
> local aaa) explicity for this vpdn?
>
> If i don't want to change the "aaa authorization network default group
> tacacs+", what else can i do in order to make the outgoing vpdn use the
> local configured config instead of the tacacs one? I though this was the
> default behaviour :-( until i tried it.
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list