We have Cisco 7507 and we its already connected to Radius server.
We have pppoe and pptp clients
We want to configure the cisco to limit the users based on the group that
they are belong to.
We tried to use Cisco-AvPair attribute but till now we didn't success.
Our IOS is 12.3(8)T4
Some of our router config:
aaa new-model
!
!
aaa authentication ppp default group radius
aaa authentication ppp radius group radius
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting network default start-stop group radius
aaa session-id common
interface Virtual-Template1
ip unnumbered ATM1/1/0.2
ip tcp adjust-mss 1420
peer default ip address pool adslpool
keepalive 20
ppp authentication pap chap
!
interface Virtual-Template2
mtu 1400
ip unnumbered ATM1/1/0.6
ip access-group 100 in
ip access-group 100 out
ip tcp adjust-mss 1400
ppp mtu adaptive
ppp authentication pap chap
radius-server configure-nas
radius-server host xx.xx.xx.xx auth-port 1812 acct-port 1813
radius-server retry method reorder
radius-server retransmit 0
radius-server directed-request
radius-server key 7 045A07070228424B1D
radius-server vsa send accounting
radius-server vsa send authentication
We have pppoe and pptp clients
We want to configure the cisco to limit the users based on the group that
they are belong to.
We tried to use Cisco-AvPair attribute but till now we didn't success.
Our IOS is 12.3(8)T4
Some of our router config:
aaa new-model
!
!
aaa authentication ppp default group radius
aaa authentication ppp radius group radius
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting network default start-stop group radius
aaa session-id common
interface Virtual-Template1
ip unnumbered ATM1/1/0.2
ip tcp adjust-mss 1420
peer default ip address pool adslpool
keepalive 20
ppp authentication pap chap
!
interface Virtual-Template2
mtu 1400
ip unnumbered ATM1/1/0.6
ip access-group 100 in
ip access-group 100 out
ip tcp adjust-mss 1400
ppp mtu adaptive
ppp authentication pap chap
radius-server configure-nas
radius-server host xx.xx.xx.xx auth-port 1812 acct-port 1813
radius-server retry method reorder
radius-server retransmit 0
radius-server directed-request
radius-server key 7 045A07070228424B1D
radius-server vsa send accounting
radius-server vsa send authentication