Cisco-Vpdn
از ویکی پارس پویش
(تفاوت بین نسخهها)
(صفحهای جدید حاوی '<div dir=ltr> '''AAA Configuration:''' aaa new-model aaa authentication ppp ibs group radius aaa authorization network ibs group rad...' ایجاد کرد) |
|||
سطر ۵۸: | سطر ۵۸: | ||
radius-server vsa send authentication | radius-server vsa send authentication | ||
radius-server source-ports extended | radius-server source-ports extended | ||
+ | |||
+ | |||
+ | |||
+ | '''Sample for POD :''' | ||
+ | NOTE: Use same key as you have been set for radius server | ||
+ | NOTE: RSH setting is no longer needed if you are using POD | ||
+ | NOTE: Make sure ras attribute cisco_kill_user_by_radius in IBSng ras setting is set to 1 | ||
+ | |||
+ | aaa pod server server-key 0 IBS_KEY auth-type any | ||
+ | (Replaced by in 12.4 | ||
+ | aaa server radius dynamic-author | ||
+ | server-key IBS_KEY | ||
+ | auth-type any | ||
+ | ) | ||
</div> | </div> |
نسخهٔ ۴ اکتبر ۲۰۱۲، ساعت ۲۳:۱۷
AAA Configuration: aaa new-model aaa authentication ppp ibs group radius aaa authorization network ibs group radius aaa accounting delay-start aaa accounting update periodic 1 aaa accounting network ibs start-stop group radius
RCMD configuration: no ip rcmd domain-lookup ip rcmd rsh-enable ip rcmd remote-host root 172.16.16.1 root enable
VPDN Configuration: vpdn enable
Note In some IOSes vpdn-group can be define and some others bba-group:
VPDN-GROUP as PPPOE concentrator: vpdn-group pppoe accept-dialin protocol pppoe virtual-template 1
VPDN-GROUP as PPTP concentrator: vpdn-group pptp Default PPTP VPDN group accept-dialin protocol pptp virtual-template 2 BBA-GROUP as PPPOE concentrator: bba-group pppoe global virtual-template 1 sessions max limit 1400 sessions per-vc limit 1400 sessions per-mac limit 1400 sessions per-vlan limit 1400
INTERFACE VIRTUAL-TEMPLATES: interface Virtual-Template1 mtu 1492 ip unnumbered FastEthernet0 ip route-cache policy ip policy route-map cache peer default ip address pool <pool name> ppp authentication ms-chap chap pap ibs ppp authorization ibs ppp accounting ibs
RADIUS CONFIGURATION: radius-server attribute 44 include-in-access-req radius-server host 172.16.16.1 auth-port 1812 acct-port 1813 radius-server key <radius secret> radius-server vsa send accounting radius-server vsa send authentication radius-server source-ports extended
Sample for POD : NOTE: Use same key as you have been set for radius server NOTE: RSH setting is no longer needed if you are using POD NOTE: Make sure ras attribute cisco_kill_user_by_radius in IBSng ras setting is set to 1
aaa pod server server-key 0 IBS_KEY auth-type any (Replaced by in 12.4 aaa server radius dynamic-author server-key IBS_KEY auth-type any
)