[cisco-bba] vpdn multihop & aaa
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Aug 4 12:04:49 EDT 2004
Or u use the "regular workaround" to configure default authorization to
local and use a new author method list for vaccess network
authorization:
aaa author network default local
aaa author network PPP group tacacs+
int virtual-template1
ppp author PPP
should work, shouldn't it?
oli
Dennis Peng (dpeng) <> wrote on Wednesday, August 04, 2004 5:45 PM:
> A long shot would be to try configuring:
>
> aaa authorization network use-local local
> interface virtual-template X
> vpdn authorization use-local
>
> Not sure this will work with multihop though...
>
> Dennis
>
> Tassos Chatzithomaoglou [achatz at forthnet.gr] wrote:
>>
>> The network topology is:
>>
>> LAC <--> LNS1 <--> LNS2
>>
>>
>> I have configured LNS1 for vpdn multihop, but i have come into the
>> following "problem":
>>
>> If i use "aaa authorization network default group tacacs+",
>> then LNS1 asks tacacs about the outgoing vpdn creation, instead of
>> using the following localy configured vpdn-group, so vpdn forwarding
>> isn't working (tacacs provides the vpdn info for the LAC also, so
>> i'm getting a vpdn "loop" there).
>>
>> vpdn-group LNS1-2-LNS2
>> request-dialin
>> protocol l2tp
>> domain test.gr
>> initiate-to ip x.x.x.x
>> local name LNS1
>>
>> If i use "aaa authorization network default local group tacacs+",
>> then LNS1 uses the local vpdn-group and everything works fine.
>>
>> Is there a way i can define an aaa authorization method (which will
>> use local aaa) explicity for this vpdn?
>>
>> If i don't want to change the "aaa authorization network default
>> group tacacs+", what else can i do in order to make the outgoing
>> vpdn use the local configured config instead of the tacacs one? I
>> though this was the default behaviour :-( until i tried it.
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list