[cisco-bba] cisco av-pair ( l2tp)
Lu Wen-yan
oioi at cableplus.com.cn
Tue May 25 22:56:43 EDT 2004
Hello Dennis,
i want to restrict the ppp client's who can dialin and who can not .
Not the one Radius give after the tunnel built.
It can't be done using ACL on Server's interface since the server is open to all customer
Wednesday, May 26, 2004, 3:18:48 AM, you wrote:
DP> Lu Wen-yan [oioi at cableplus.com.cn] wrote:
>> Hello Prem,
>>
>> I have a VPDN server used for dialin some MPLS VPN..The server works
>> fine.It authenticate the user via Remote RADIUS.The user's profile just
>> include some basic configuration such as MPLS VPN configration under
>> virtual-interface.
>> And i use domain name to differ different customer/VPNs.
>>
>> I'm under this situation:
>> 1.Some customer (VPN user )asked me to restrict the dialin user's IP
>> range .Only a specific IP range can dialin to the server and get access to
>> the user's VPN.
DP> Are you talking about restricting the allowed IP range of the LAC? Or
DP> of the PPP client? If the latter, doesn't RADIUS control what IP
DP> address we give to the client?
DP> Dennis
>> 2.Other VPN/Customers need full IP range to dialin to the Server.
>>
>>
>> So is there any solution?
>> For example is there any AV-Pair can do pre-authentication before the
>> tunnel builts just like the "pre-authentication" in Call back?
>>
>>
>> Thursday, April 8, 2004, 8:55:20 PM, you wrote:
>>
>> PA> Marko Milivojevic wrote:
>>
>> >>>LAC Password = "cisco"
>> >>>
>> >>>
>> >>
>> >> Did anyone actually manage to change these passwords to something other
>> >>than "cisco"?
>> >>
>> PA> You can change this using "vpdn tunn author pass <pass>" command for
>> PA> tunnel authorization via radius
>>
>> PA> Regards
>> PA> Prem
>>
>> >>
>> >>Marko.
>> >>
>> >>_______________________________________________
>> >>cisco-bba mailing list
>> >>cisco-bba at puck.nether.net
>> >>https://puck.nether.net/mailman/listinfo/cisco-bba
>> >>
>> >>
>> >>
>>
>>
>>
>>
>> --
>> Best regards,
>> Lu mailto:oioi at cableplus.com.cn
>>
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
--
Best regards,
Lu mailto:oioi at cableplus.com.cn
More information about the cisco-bba
mailing list