Table Of Contents
RADIUS Attribute 82: Tunnel Assignment ID
Supported Standards, MIBs, and RFCs
RADIUS Attribute 82: Tunnel Assignment ID
Feature History for RADIUS Attribute 82: Tunnel Assignment ID
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Supported Standards, MIBs, and RFCs
Feature Overview
The RADIUS Attribute 82: Tunnel Assignment ID feature allows the Layer 2 Transport Protocol access concentrator (LAC) to group users from different per-user or domain RADIUS profiles into the same active tunnel. Previously, Cisco IOS software assigned a separate virtual private dialup network (VPDN) tunnel for each per-user or domain RADIUS profile, even if tunnels with identical endpoints already existed. The RADIUS Attribute 82: Tunnel Assignment ID feature defines a new avpair, Tunnel-Assignment-ID, which allows the LAC to group users from different RADIUS profiles into the same tunnel if the chosen endpoint, tunnel type, and Tunnel-Assignment-ID are identical. This feature introduces new software functionality. No new commands are introduced with this feature.
Benefits
The RADIUS Attribute 82: Tunnel Assignment ID feature improves LAC and L2TP network server (LNS) performance by reducing memory usage, because fewer tunnel data structures must be maintained. This feature allows the LAC and LNS to handle a higher volume of users without negatively impacting router performance.
Restrictions
This feature is designed only for VPDN dial-in applications. It does not support VPDN dial-out.
Related Documents
•Cisco IOS Dial Technologies Configuration Guide, Release 12.2
•Cisco IOS Dial Technologies Command Reference, Release 12.2
•Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2
•Cisco IOS Wide-Area Networking Command Reference, Release 12.2
Supported Platforms
•Catalyst 4000 Gateway
•Cisco 806
•Cisco 1400 series
•Cisco 1600 series
•Cisco 1700 series
•Cisco 2600 series
•Cisco 3600 series
•Cisco 3700 series
•Cisco 7100 series
•Cisco 7200 series
•Cisco 7500 series
•Cisco AS5300
•Cisco AS5400
•Cisco AS5800
•Cisco IGX 8400 URM
•Cisco MGX 8850
•Cisco ubr7200
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
You must be using a Cisco platform that supports VPDN to use this feature.
Configuration Tasks
None
Verifying RADIUS Attribute 82
To verify that RADIUS attribute 82 is being used by the LAC during tunnel authorization, use the following privileged EXEC command:
Command PurposeRouter# debug radius
Displays information associated with RADIUS. The output of this command shows whether attribute 82 is being sent in access requests.
Configuration Examples
This section provides the following configuration examples:
LAC Configuration Example
The following example configures VPDN on the LAC:
hostname lacaaa new-modelaaa authentication ppp default group radiusaaa authorization network default group radiusvpdn enablevpdn authen-before-forwardinterface Serial2/0:23no ip addressencapsulation pppdialer-group 1isdn switch-type primary-5essno fair-queuedialer-list 1 protocol ip permitradius-server host lac-radiusd auth-port 1645 acct-port 1646radius-server retransmit 3radius-server key rad123LNS Configuration Example
The following example configures VPDN on the LNS:
hostname lnsaaa new-modelaaa authentication ppp default group radiusaaa authorization network default group radiusvpdn enablevpdn-group 1accept-dialinprotocol anyvirtual-template 1interface Loopback0ip address 10.1.1.3 255.255.255.0interface Virtual-Template1ip unnumbered Loopback0no keepalivepeer default ip address pool mypoolppp authentication chapip local pool mypool 10.1.1.10 10.1.1.50radius-server host lns-radiusd auth-port 1645 acct-port 1646radius-server retransmit 3radius-server key ciscoRADIUS Configuration Example
The following examples configure the RADIUS server to group sessions in a tunnel:
Per-User Configuration
user@router.com Password = "cisco" Service-Type = Outbound,Tunnel-Type = :1:L2TP,Tunnel-Server-Endpoint = :1:"10.14.10.54",Tunnel-Assignment-Id = :1:"router"client@router.com Password = "cisco" Service-Type = Outbound,Tunnel-Type = :1:L2TP,Tunnel-Server-Endpoint = :1:"10.14.10.54",Tunnel-Assignment-Id = :1:"router"Domain Configuration
eng.router.com Password = "cisco" Service-Type = Outbound,Tunnel-Type = :1:L2TP,Tunnel-Server-Endpoint = :1:"10.14.10.54",Tunnel-Assignment-Id = :1:"router"sales.router.com Password = "cisco" Service-Type = Outbound,Tunnel-Type = :1:L2TP,Tunnel-Server-Endpoint = :1:"10.14.10.54",Tunnel-Assignment-Id = :1:"router"Command Reference
None
Copyright ©2002-2005 Cisco Systems, Inc. All rights reserved.