[c-nsp] multiple aaa group for multiple LNS vpdn-group
ar
ar_djp at yahoo.com
Thu Jun 7 09:02:01 EDT 2012
Thanks Gert.
I'll try this.
Thanks
________________________________
From: Gert Doering <gert at greenie.muc.de>
To: ar <ar_djp at yahoo.com>
Cc: cisco-nsp <cisco-nsp at puck.nether.net>
Sent: Thursday, June 7, 2012 6:19 PM
Subject: Re: [c-nsp] multiple aaa group for multiple LNS vpdn-group
Hi,
On Thu, Jun 07, 2012 at 10:57:06AM +0800, ar wrote:
> Is it possible to have different AAA config on my LNS such that,
>
> vpdn-group1 is using radius server 1 for my old LAC access network
>
>
> I'll then create vpnd-group2 for my new LAC access network but will authenticate on radius server 2.
>
>
> Is there a way to do this?
Yes.
> AAA seems to be configured globally.
Indeed it is, but you can "name" authentication groups, and point to that.
The default is "aaa authentication ppp *default*", but if you don't want
that, use a named authentication list:
PPPoE-Test(config)#aaa authentication ppp NEW group ?
WORD Server-group name
radius Use list of all Radius hosts.
tacacs+ Use list of all Tacacs+ hosts.
PPPoE-Test(config)#aaa authentication ppp NEW group NEWRADIUS?
and then define your radius group accordingly...
PPPoE-Test(config)#aaa group server radius NEWRADIUS
PPPoE-Test(config-sg-radius)#server-private 1.2.3.4 key SECRET
> I want to create multiple aaa-groups and apply to specific vpnd-group that I want.
... and reference the named PPP authentication from the virtual-template
that is used for *that* vpdn-group:
PPPoE-IPv6-Test(config)#int virtual-template 3
PPPoE-IPv6-Test(config-if)#ppp authentication chap NEW
^^^
PPPoE-IPv6-Test(config-if)#ppp authorization NEW
^^^
(and if it doesn't work, try "debug ppp authen" and "debug aaa" to see
which bit I missed)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list