[cisco-bba] cisco av-pair ( l2tp)
Dennis Peng
dpeng at cisco.com
Tue May 25 15:18:48 EDT 2004
Lu Wen-yan [oioi at cableplus.com.cn] wrote:
> Hello Prem,
>
> I have a VPDN server used for dialin some MPLS VPN..The server works fine.It authenticate the user via Remote RADIUS.The user's profile just include some basic configuration such as MPLS VPN configration under virtual-interface.
> And i use domain name to differ different customer/VPNs.
>
> I'm under this situation:
> 1.Some customer (VPN user )asked me to restrict the dialin user's IP range .Only a specific IP range can dialin to the server and get access to the user's VPN.
Are you talking about restricting the allowed IP range of the LAC? Or
of the PPP client? If the latter, doesn't RADIUS control what IP
address we give to the client?
Dennis
> 2.Other VPN/Customers need full IP range to dialin to the Server.
>
>
> So is there any solution?
> For example is there any AV-Pair can do pre-authentication before the tunnel builts just like the "pre-authentication" in Call back?
>
>
> Thursday, April 8, 2004, 8:55:20 PM, you wrote:
>
> PA> Marko Milivojevic wrote:
>
> >>>LAC Password = "cisco"
> >>>
> >>>
> >>
> >> Did anyone actually manage to change these passwords to something other
> >>than "cisco"?
> >>
> PA> You can change this using "vpdn tunn author pass <pass>" command for
> PA> tunnel authorization via radius
>
> PA> Regards
> PA> Prem
>
> >>
> >>Marko.
> >>
> >>_______________________________________________
> >>cisco-bba mailing list
> >>cisco-bba at puck.nether.net
> >>https://puck.nether.net/mailman/listinfo/cisco-bba
> >>
> >>
> >>
>
>
>
>
> --
> Best regards,
> Lu mailto:oioi at cableplus.com.cn
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list