[cisco-bba] cisco av-pair ( l2tp)

Lu Wen-yan oioi at cableplus.com.cn
Tue May 25 22:56:43 EDT 2004


Hello Dennis,

i want to restrict the ppp client's who can dialin and who can not .
Not the one Radius give after the tunnel built.
It can't be done using ACL on Server's interface since the server is open to all customer


Wednesday, May 26, 2004, 3:18:48 AM, you wrote:

DP> Lu Wen-yan [oioi at cableplus.com.cn] wrote:
>> Hello Prem,
>> 
>> I have a VPDN server used for dialin some MPLS VPN..The server works
>> fine.It authenticate the user via Remote RADIUS.The user's profile just
>> include some basic configuration such as MPLS VPN configration under
>> virtual-interface.
>> And i use domain name to differ different customer/VPNs.
>> 
>> I'm under this situation:
>> 1.Some customer (VPN user )asked me to restrict the dialin user's IP
>> range .Only a specific IP range  can dialin to the server and get access to
>> the user's  VPN.

DP> Are you talking about restricting the allowed IP range of the LAC? Or
DP> of the PPP client? If the latter, doesn't RADIUS control what IP
DP> address we give to the client?

DP> Dennis

>> 2.Other VPN/Customers need full IP range to dialin to the Server.
>> 
>> 
>> So is there any solution?
>> For example is there any AV-Pair  can do pre-authentication before the
>> tunnel builts just like the "pre-authentication" in Call back?
>> 
>> 
>> Thursday, April 8, 2004, 8:55:20 PM, you wrote:
>> 
>> PA> Marko Milivojevic wrote:
>> 
>> >>>LAC Password = "cisco"
>> >>>    
>> >>>
>> >>
>> >>    Did anyone actually manage to change these passwords to something other
>> >>than "cisco"?
>> >>
>> PA> You can change this using "vpdn tunn author pass <pass>" command for 
>> PA> tunnel authorization via radius
>> 
>> PA> Regards
>> PA> Prem
>> 
>> >>
>> >>Marko.
>> >>
>> >>_______________________________________________
>> >>cisco-bba mailing list
>> >>cisco-bba at puck.nether.net
>> >>https://puck.nether.net/mailman/listinfo/cisco-bba
>> >>
>> >>  
>> >>
>> 
>> 
>> 
>> 
>> -- 
>> Best regards,
>>  Lu                            mailto:oioi at cableplus.com.cn
>> 
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba



-- 
Best regards,
 Lu                            mailto:oioi at cableplus.com.cn



More information about the cisco-bba mailing list