Chapter 5
Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
LNS Configuration to Support RADIUS Tunnel Authentication
The following example is an LNS configuration that supports RADIUS tunnel authentication. In this
configuration, a RADIUS server group is defined by using the aaa group server radius VPDN-Group
command. The aaa authorization network mymethodlist group VPDN-Group command queries
RADIUS for network authorization.
aaa group server radius VPDN-Group
server 64.102.48.91 auth-port 1645 acct-port 1646
aaa authorization network mymethodlist group VPDN-Group
vpdn tunnel authorization network mymethodlist
vpdn tunnel authorization virtual-template 10
RADIUS Configuration to Support Tunnel Authentication
The following example is a RADIUS configuration that allows the LNS to terminate L2TP tunnels from
a LAC. In this configuration, VirtualTemplate10 is used to clone a VAI on the LNS.
myLACname Password = "cisco"
Service-Type = Outbound,
Tunnel-Type = :0:l@TP,
Tunnel-Medium-Type = :o:IP,
Tunnel-Client-Auth-ID = :0:"myLACname",
Tunnel-Password = :0:"mytunnelpassword",
Cisco:Cisco-Avpair = "vpdn:vpdn-vtemplate=10"
Note
For additional authentication examples, see the "Configuring Authentication" chapter in the Cisco IOS
Security Configure Guide, Release 12.2.
Monitoring and Maintaining LNS
To monitor and maintain the features configured on the LNS, enter the following commands in privileged
EXEC mode:
Command
Router# show accounting
Router# show interfaces virtual-access number
[configuration]
Router# show ip route vrf vrf-name
Router# show radius statistics
Router# show vpdn
Router# show vpdn session
Router# show vpdn session all username username
OL-2226-23
Purpose
Displays accounting records for users currently logged in.
Displays active accountable events on the network and helps
collect information in the event of a data loss on the accounting
server.
Displays status, traffic data, and configuration information about
the virtual access interface you specify.
Displays the IP routing table associated with a VRF.
Displays the RADIUS statistics for accounting and
authentication packets.
Displays all tunnel and session information for all active sessions
and tunnels.
Displays information about active L2TP sessions in a virtual
private dialup network (VPDN).
Displays statistics about all active L2TP tunnels for the username
you specify.
Cisco 10000 Series Router Software Configuration Guide
L2TP Network Server
5-51