[c-nsp] multiple aaa group for multiple LNS vpdn-group
Gert Doering
gert at greenie.muc.de
Thu Jun 7 06:19:59 EDT 2012
Hi,
On Thu, Jun 07, 2012 at 10:57:06AM +0800, ar wrote:
> Is it possible to have different AAA config on my LNS such that,
>
> vpdn-group1 is using radius server 1 for my old LAC access network
>
>
> I'll then create vpnd-group2 for my new LAC access network but will authenticate on radius server 2.
>
>
> Is there a way to do this?
Yes.
> AAA seems to be configured globally.
Indeed it is, but you can "name" authentication groups, and point to that.
The default is "aaa authentication ppp *default*", but if you don't want
that, use a named authentication list:
PPPoE-Test(config)#aaa authentication ppp NEW group ?
WORD Server-group name
radius Use list of all Radius hosts.
tacacs+ Use list of all Tacacs+ hosts.
PPPoE-Test(config)#aaa authentication ppp NEW group NEWRADIUS?
and then define your radius group accordingly...
PPPoE-Test(config)#aaa group server radius NEWRADIUS
PPPoE-Test(config-sg-radius)#server-private 1.2.3.4 key SECRET
> I want to create multiple aaa-groups and apply to specific vpnd-group that I want.
... and reference the named PPP authentication from the virtual-template
that is used for *that* vpdn-group:
PPPoE-IPv6-Test(config)#int virtual-template 3
PPPoE-IPv6-Test(config-if)#ppp authentication chap NEW
^^^
PPPoE-IPv6-Test(config-if)#ppp authorization NEW
^^^
(and if it doesn't work, try "debug ppp authen" and "debug aaa" to see
which bit I missed)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20120607/2344c730/attachment.sig>
More information about the cisco-nsp
mailing list