[nsp] request-dialin, some confusion about it

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Jan 14 08:53:16 EST 2004


Hi,

> I have come across an odd thing. Even if there are absolutely no
> request-dialin vpdn-groups defined on a C3662, each time a user tries
> to PPP authenticate as username at some.domain.com, this
> "some.domain.com" is sent to the AAA server in search for a vpdn
> tunnel. 
> 
> Is this normal behavior ?

It is if you configured "aaa authorization network default radius ..."
and "vpdn enable". If you only want to authorize your vpdn users locally
using vpdn groups, you'd need to enable "aaa authorization network
default local" and use a different aaa method list for your ppp users.

> Yet another question. When the NAS contacts the Radius server looking
> for a tunnel, it sends "some.domain.com" as username and "cisco" as
> password. Is there a way to change this default "cisco" password?

Hmm, not that I know of, but I might be wrong.

	oli



More information about the cisco-nsp mailing list