Cisco Cisco IOS Software Release 12.2(27)SBC
Tunnel Authentication via RADIUS on LNS
vpdn tunnel authorization network
2
vpdn tunnel authorization network
To enable the Layer 2 Tunnel Protocol (L2TP) tunnel server or network access server (NAS) to perform
remote authentication, authorization, and accounting (AAA) tunnel authentication and authorization,
use the vpdn tunnel authorization network command in global configuration mode. To disable remote
tunnel authentication and authorization and return to the default of local tunnel authentication and
authorization, use the no form of this command.
remote authentication, authorization, and accounting (AAA) tunnel authentication and authorization,
use the vpdn tunnel authorization network command in global configuration mode. To disable remote
tunnel authentication and authorization and return to the default of local tunnel authentication and
authorization, use the no form of this command.
vpdn tunnel authorization network {list-name | default}
no vpdn tunnel authorization network {list-name | default}
Syntax Description
Command Default
If this command is not enabled, the device will perform authentication locally.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to specify the authorization method list that will be used for remote tunnel
hostname-based authorization. The method list (named or default) is defined using the
aaa authorization network command.
hostname-based authorization. The method list (named or default) is defined using the
aaa authorization network command.
If a method list for tunnel authorization is not specified via the aaa authorization network command,
local authorization using the local virtual private dialup network (VPDN) group configuration will occur.
local authorization using the local virtual private dialup network (VPDN) group configuration will occur.
Note
This method list is only for L2TP tunnel authorization and termination; it is not intended for domain or
dialed number identification service (DNIS)-based authorization that is typically done on the tunnel
terminator. Thus, this command can be enabled only on the tunnel terminator—the NAS for dial-out and
the tunnel server for dial-in.
dialed number identification service (DNIS)-based authorization that is typically done on the tunnel
terminator. Thus, this command can be enabled only on the tunnel terminator—the NAS for dial-out and
the tunnel server for dial-in.
list-name
Character string used to name the list of at least one accounting method. If
the list-name argument was specified in the aaa authorization network
command, you must use the same list name with the vpdn tunnel
authorization network command.
the list-name argument was specified in the aaa authorization network
command, you must use the same list name with the vpdn tunnel
authorization network command.
default
Specifies the default authorization methods that are listed with the aaa
authorization network command. If the default keyword was specified in
the aaa authorization network command, you must use the default
keyword with the vpdn tunnel authorization network command.
authorization network command. If the default keyword was specified in
the aaa authorization network command, you must use the default
keyword with the vpdn tunnel authorization network command.
Release
Modification
12.2(15)B
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.