[nsp] request-dialin, some confusion about it
Victor Sudakov
sudakov at sibptus.tomsk.ru
Wed Jan 14 05:46:18 EST 2004
Colleagues,
I have come across an odd thing. Even if there are absolutely no
request-dialin vpdn-groups defined on a C3662, each time a user tries
to PPP authenticate as username at some.domain.com, this "some.domain.com"
is sent to the AAA server in search for a vpdn tunnel.
Is this normal behavior ?
I thought that you needed a definition like
!
vpdn-group SOMEGROUP
request-dialin
domain some.domain.com
initiate-to ip x.x.x.x
protocol l2tp
!
to be configured on the NAS for it to query AAA for tunnel parameters,
but it seems to accept any domain name.
Moreover, when I do configure "vpdn-group SOMEGROUP", its parameters
like protocol and initiate-to are completely ignored (i.e. the NAS
wants them only from AAA server). Am I missing somethins?
The software image is C3660-IK8S-M, Version 12.2(17)
Yet another question. When the NAS contacts the Radius server looking
for a tunnel, it sends "some.domain.com" as username and "cisco" as
password. Is there a way to change this default "cisco" password?
Thanks a lot in advance.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
More information about the cisco-nsp
mailing list