Cisco Cisco IOS Software Release 12.2(27)SBC

The Tunnel Authentication via RADIUS on LNS feature allows a Layer 2 Tunnel Protocol (L2TP) 
Network Server (LNS) to perform remote authentication and authorization with RADIUS on incoming 
L2TP network access server (NAS) dial-in connection requests. This feature also allows the L2TP NAS 
to perform remote authentication and authorization with RADIUS on incoming L2TP tunnel server 
dial-out connection requests.

Without this functionality, the tunnel terminator can perform L2TP authentication only locally. Local 
authentication requires that data about the corresponding tunnel endpoint be configured within a VPDN 
group. This mechanism does not scale well because the information stored in the VPDN groups on each 
device must be updated independently. 

Remote RADIUS authentication allows you to store configurations on the RADIUS server, avoiding the 
need to store information locally. New information can be added to the RADIUS server as needed, and 
a group of tunnel terminators can access a common database on the RADIUS server.

Configuration information is included in the “Configuring AAA for VPDNs” module in the 

, Release 12.4T, at the following URL:

This section documents modified commands.