- RADIUS Attributes Overview and RADIUS IETF Attributes
- RADIUS Vendor-Proprietary Attributes
- Connect-Info RADIUS Attribute 77
- Encrypted Vendor Specific Attributes
- RADIUS Attribute 5 (NAS-Port) Format Specified on a Per-Server Group Level
- RADIUS Attribute 8 (Framed-IP-Address) in Access Requests
- RADIUS Attribute 82: Tunnel Assignment ID
- RADIUS Attribute 104
- RADIUS Tunnel Attribute Extensions
- V.92 Reporting Using RADIUS Attribute v.92-info
- RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- RADIUS Attribute Screening
- RADIUS NAS-IP-Address Attribute Configurability
- Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values
- AAA Per VC QoS Policy Support
- Finding Feature Information
- Contents
- Prerequisites for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- Restrictions for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- Information About RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- How to Configure RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- Configuration Example for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- Additional References
- Feature Information for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
- Glossary
RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
The RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements feature allows the hostname of the network access server (NAS) to be specified—rather than the IP address of the NAS—in RADIUS attribute 66 (Tunnel-Client-Endpoint). This feature makes it easier for users to remember a hostname instead of a numerical IP address, and helps disguise the numerical IP address of the NAS.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
•Restrictions for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
•Information About RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
•How to Configure RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
•Configuration Example for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
•Feature Information for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
Prerequisites for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
A Cisco platform that supports VPDN is required. See the "Glossary" section for more information about VPDN.
Restrictions for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
Your Cisco router or access server must be running a Cisco IOS software image that supports virtual private dialup networks (VPDNs).
Information About RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
The following section tells how the RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements are used.
How the RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements are Used
Virtual Private Networks (VPNs) use Layer 2 Forwarding (L2F) or Layer 2 Tunnel Protocol (L2TP) tunnels to tunnel the link layer of high-level protocols (for example, PPP or asynchronous High-Level Data Link Control (HDLC)). Internet service providers (ISPs) configure their NASs to receive calls from users and forward the calls to the customer tunnel server. Usually, the ISP maintains only information about the tunnel server—the tunnel endpoint. The customer maintains the IP addresses, routing, and other user database functions of the tunnel server users. RADIUS attribute 66 provides the customer with the ability to specify the hostname of the NAS instead of the IP address of the NAS.
How to Configure RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
There are no CLI tasks used to configure RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements on the IOS.
Configuration Example for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
This section provides the following configuration example:
•Setting Up the RADIUS Profile for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements: Example
Setting Up the RADIUS Profile for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements: Example
The following example shows a configuration that allows the user to specify the hostname of the NAS using RADIUS attribute 66 (Tunnel-Client-Endpoint) in the RADIUS profile:
cisco.com Password = "cisco"
Service-Type = Outbound-User,
Tunnel-Type = :1:L2F,
Tunnel-Medium-Type = :1:IP,
Tunnel-Client-Endpoint = :1:"cisco2"
Tunnel-Server-Endpoint = :1:"172.21.135.4",
Tunnel-Assignment-Id = :1:"nas1",
Tunnel-Password = :1:"cisco"
Additional References
The following sections provide references related to the RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements feature.
Related Documents
|
|
|
|---|---|
RADIUS attribute 66 |
Cisco IOS Security Configuration Guide: Securing User Services, Release 15.0. |
Standards
|
|
|
|---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |
MIBs
RFCs
|
|
|
|---|---|
None |
— |
Technical Assistance
Feature Information for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Glossary
L2F—Layer 2 Forwarding Protocol. Protocol that supports the creation of secure virtual private dialup networks over the Internet.
L2TP—Layer 2 Tunnel Protocol. Protocol that is one of the key building blocks for virtual private networks in the dial access space and is endorsed by Cisco and other internetworking industry leaders. This protocol combines the best of Cisco's Layer 2 Forwarding (L2F) protocol and Microsoft's Point-to-Point Tunneling Protocol (PPTP).
Layer 2 Forwarding Protocol—See L2F.
Layer 2 Tunnel Protocol—See L2TP.
Point-to-Point Protocol—See PPP.
PPP—Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Whereas SLIP was designed to work with IP, PPP was designed to work with several network layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, such as CHAP and PAP. PPP relies on two protocols: LCP and NCP.
RADIUS—Remote Authentication Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.
Remote Authentication Dial-In User Service—See RADIUS.
virtual private dialup network—See VPDN.
VPDN—virtual private dialup network. A system that permits dial-in networks to exist remotely to home networks, while giving the appearance of being directly connected. VPDNs use L2TP and L2F to terminate the Layer 2 and higher parts of the network connection at the L2TP network server (LNS), instead of the L2TP access concentrator (LAC).
Feedback