Cisco 10000-2P2-2DC Software Configuration Manual page 178

Layer 2 Access Concentrator
Command
Step 5
Router(config)# radius-server attribute
44 include-in-access-req vrf vrf-name
Step 6
Router(config)# radius-server
domain-stripping vrf vrf-name
Step 7
Router(config)# radius-server attribute
list list-name
Step 8
Router(config)# radius-server key string
Step 9
Router(config)# radius-server vsa send
authentication
Example 5-4
!
aaa new-model
aaa authorization network default local group radius
!
radius-server host 10.16.9.9 auth-port 1645 acct-port 1646
radius-server attribute 44 include-in-access-req vrf vrf1
radius-server key MyKey
radius-server vsa send authentication
Verifying Communication with the RADIUS Server
To verify that you successfully configured the LAC to communicate properly with the RADIUS server
for tunnel service authorization, enter the show running-config command in privileged EXEC mode.
Configuring Sessions Per Tunnel Limiting on the LAC
To limit the number of sessions per tunnel without using a RADIUS server, enter the following
commands.
Note You can configure the LAC or the RADIUS server to limit the number of sessions per tunnel. For
information on using the RADIUS server for sessions per tunnel limiting, see the
Per Tunnel Limiting in the RADIUS Service Profile" section on page
Command
Step 1
Router> enable
Step 2
Router# configure terminal
Step 3
Router(config)# vpdn-group group-name
Step 4
Router(config-vpdn)# request-dialin
Step 5
Router(config-vpdn-req-in)# protocol 12tp
Cisco 10000 Series Router Software Configuration Guide
5-12
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
Purpose
Sends RADIUS attribute 44 (Accounting Session ID) in access
request packets before user authentication (including requests for
preauthentication).
(Optional) Enables VRF-aware domain-stripping.
The vrf vrf-name argument specifies the per VRF configuration.
Defines the list name given to the set of attributes defined using
the attribute command.
Specifies the authentication and encryption key for all RADIUS
communications between the router and the RADIUS daemon.
Configures the LAC to recognize and use vendor-specific
attributes.
Configuring Communication with the RADIUS Server
Purpose
Enters privileged EXEC mode.
Enters global configuration mode.
Defines a local group name for which you can assign other VPDN
variables. Enters VPDN group configuration mode.
Enables the LAC to request L2TP tunnels to the LNS and enters
VPDN request-dialin group mode.
Specifies the Layer 2 Tunnel Protocol.
"Configuring Sessions
5-16.
OL-2226-23