[cisco-bba] vpdn multihop & aaa

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Aug 4 12:04:49 EDT 2004


Or u use the "regular workaround" to configure default authorization to
local and use a new author method list for vaccess network
authorization:

aaa author network default local
aaa author network PPP group tacacs+
int virtual-template1
 ppp author PPP

should work, shouldn't it?

	oli

Dennis Peng (dpeng) <> wrote on Wednesday, August 04, 2004 5:45 PM:

> A long shot would be to try configuring:
> 
> aaa authorization network use-local local
> interface virtual-template X
>  vpdn authorization use-local
> 
> Not sure this will work with multihop though...
> 
> Dennis
> 
> Tassos Chatzithomaoglou [achatz at forthnet.gr] wrote:
>> 
>> The network topology is:
>> 
>> LAC <--> LNS1 <--> LNS2
>> 
>> 
>> I have configured LNS1 for vpdn multihop, but i have come into the
>> following "problem": 
>> 
>> If i use "aaa authorization network default group tacacs+",
>> then LNS1 asks tacacs about the outgoing vpdn creation, instead of
>> using the following localy configured vpdn-group, so vpdn forwarding
>> isn't working (tacacs provides the vpdn info for the LAC also, so
>> i'm getting a vpdn "loop" there). 
>> 
>> vpdn-group LNS1-2-LNS2
>>  request-dialin
>>   protocol l2tp
>>   domain test.gr
>>  initiate-to ip x.x.x.x
>>  local name LNS1
>> 
>> If i use "aaa authorization network default local group tacacs+",
>> then LNS1 uses the local vpdn-group and everything works fine.
>> 
>> Is there a way i can define an aaa authorization method (which will
>> use local aaa) explicity for this vpdn?
>> 
>> If i don't want to change the "aaa authorization network default
>> group tacacs+", what else can i do in order to make the outgoing
>> vpdn use the local configured config instead of the tacacs one? I
>> though this was the default behaviour :-( until i tried it.
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba



More information about the cisco-bba mailing list