CiscoVPDN

Note

Make sure your IBSng server has rsh-client package installed (apt-get install rsh-client for ubuntu)

[ویرایش] AAA Configuration

aaa new-model
aaa authentication ppp ibs group radius
aaa authorization network ibs group radius
aaa accounting delay-start
aaa accounting update periodic 1
aaa accounting network ibs start-stop group radius
aaa pod server port 1700 auth-type any server-key <radius-key>
(Replaced by in 12.4
aaa server radius dynamic-author
server-key <radius-key>
auth-type any
)

[ویرایش] RCMD configuration

no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host root <ip radius server> root enable

[ویرایش] Define ibs hostname

ip host ibs <ip radius server>

[ویرایش] VPDN Configuration

vpdn enable

Note In some IOSes vpdn-group can be define and some others bba-group:

[ویرایش] VPDN-GROUP as PPPOE concentrator

vpdn-group pppoe
 accept-dialin
  protocol pppoe
  virtual-template 1

[ویرایش] VPDN-GROUP as PPTP concentrator

vpdn-group pptp
 Default PPTP VPDN group
accept-dialin
 protocol pptp
 virtual-template 2

[ویرایش] BBA-GROUP as PPPOE concentrator

bba-group pppoe global
 virtual-template 1
sessions max limit 1400
sessions per-vc limit 1400
sessions per-mac limit 1400
sessions per-vlan limit 1400

[ویرایش] INTERFACE VIRTUAL-TEMPLATES

interface Virtual-Template1
mtu 1492
ip unnumbered FastEthernet0
ip route-cache policy
ip policy route-map cache
peer default ip address pool <pool name>
ppp authentication ms-chap chap pap ibs
ppp authorization ibs
ppp accounting ibs

[ویرایش] RADIUS CONFIGURATION

radius-server attribute 44 include-in-access-req

radius-server host <IBS Ip> auth-port 1812 acct-port 1813

radius-server key <radius secret>

radius-server vsa send accounting

radius-server vsa send authentication

radius-server source-ports extended

[ویرایش] Attributes

cisco_reonline_users :
cisco_rsh_command :
cisco_rsh_max_concurrent_connections :
cisco_update_accounting_interval :
general_update_interval :
online_check :