RADIUS Logical Line ID

Similar documents
PPPoE Session Limits per NAS Port

RADIUS Tunnel Preference for Load Balancing and Fail-Over

RADIUS NAS-IP-Address Attribute Configurability

PPPoE Client DDR Idle Timer

PPPoE Session Recovery After Reload

VPDN Group Session Limiting

DHCP Option 82 Support for Routed Bridge Encapsulation

DHCP Lease Limit per ATM/RBE Unnumbered Interface

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs

RADIUS Logical Line ID

Per IP Subscriber DHCP Triggered RADIUS Accounting

BGP Enforce the First Autonomous System Path

Extended NAS-Port-Type and NAS-Port Support

VPDN LNS Address Checking

OSPF Incremental SPF

DHCP Relay MPLS VPN Support

IS-IS Incremental SPF

Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

PPP/MLP MRRU Negotiation Configuration

PPPoE Session Limit per NAS Port

SSG Service Profile Caching

Suppress BGP Advertisement for Inactive Routes

Cisco Unity Express Voic System User s Guide

Modified LNS Dead-Cache Handling

Installing IEC Rack Mounting Brackets on the ONS SDH Shelf Assembly

Troubleshooting ISA with Session Monitoring and Distributed Conditional Debugging

Logging to Local Nonvolatile Storage (ATA Disk)

IMA Dynamic Bandwidth

Configuring Multiple Basic Service Set Identifiers and Microsoft WPS IE SSIDL

Cisco Voice Applications OID MIB

MPLS MTU Command Changes

Frame Relay Conditional Debug Support

This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(27)SBA.

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

Cisco Smart Business Communications System Teleworker Set Up

ISSU and SSO DHCP High Availability Features

QoS Child Service Policy for Priority Class

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

PPPoE Service Selection

Configuring the Cisco IOS DHCP Relay Agent

LAN Emulation Overview

Protocol-Independent MAC ACL Filtering on the Cisco Series Internet Router

IP SLAs Random Scheduler

OSPF RFC 3623 Graceful Restart Helper Mode

DHCP ODAP Server Support

Cisco 806, Cisco 820 Series, Cisco 830 Series, SOHO 70 Series and SOHO 90 Series Routers ROM Monitor Download Procedures

Configuring Token Ring LAN Emulation for Multiprotocol over ATM

Contextual Configuration Diff Utility

Wireless LAN Error Messages

Cisco Report Server Readme

Wireless LAN Overview

Cisco Aironet Directional Antenna (AIR-ANT-SE-WiFi-D)

Configuring Route Maps to Control the Distribution of MPLS Labels Between Routers in an MPLS VPN

Packet Classification Using the Frame Relay DLCI Number

Configuring ISA Accounting

Using Application Level Gateways with NAT

MPLS VPN OSPF and Sham-Link Support

Installing the Cisco ONS Deep Door Kit

Maintenance Checklists for Cisco Unity VPIM Networking (with Microsoft Exchange)

Cisco Software Licensing Information for Cisco Unified Communications 500 Series for Small Business

Cisco Unified MeetingPlace for Microsoft Office Communicator

BECN and FECN Marking for Frame Relay over MPLS

ATM VP Average Traffic Rate

Route Processor Redundancy Plus (RPR+)

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Cisco Aironet 1500 Series Access Point Large Pole Mounting Kit Instructions

Configuring MPLS Multi-VRF (VRF-lite)

Connecting Cisco DSU/CSU High-Speed WAN Interface Cards

IP Event Dampening. Feature History for the IP Event Dampening feature

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Exclusive Configuration Change Access and Access Session Locking

Configuring Virtual Interfaces

White Paper: Using Microsoft Windows Server 2003 with Cisco Unity 4.0(4)

Maintenance Checklists for Microsoft Exchange on a Cisco Unity System

Application Firewall Instant Message Traffic Enforcement

MPLS VPN: VRF Selection Based on Source IP Address

Cisco Unified Mobile Communicator 3.0 User Portal Guide

Release Notes for Cisco Security Agent for Cisco Unified MeetingPlace Release 6.0(7)

Chunk Validation During Scheduler Heapcheck

QoS: Classification of Locally Sourced Packets

Low Latency Queueing with Priority Percentage Support

Connecting Cisco WLAN Controller Enhanced Network Modules to the Network

Simple Network-Enabled Auto-Provisioning for Cisco IAD2420 Series IADs

MIB Quick Reference for the Cisco ONS Series

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)

Connecting Cisco 4-Port FXS/DID Voice Interface Cards

Site Preparation and Network Communications Requirements

Applying the Tunnel Template on the Home Agent

Cisco Video Surveillance Virtual Matrix Client Configuration Guide

RSVP Message Authentication

QoS: Color-Aware Policer

Using Microsoft Outlook to Schedule and Join Cisco Unified MeetingPlace Express Meetings

Cisco Virtual Office End User Instructions for Cisco 1811 Router Set Up at Home or Small Office

Control Messages APPENDIX

Protected URL Database

Installation Notes for Catalyst 3750-E and Catalyst 3560-E Switch Fan Modules

Support of Provisionable QoS for Signaling Traffic

Release Notes for Cisco ONS MA Release 9.01

This module was first published on May 2, 2005, and last updated on May 2, 2005.

Transcription:

RADIUS Logical Line ID Feature History for RADIUS Logical Line ID Release Modification 12.2(13)T This feature was introduced. 12.2(15)B This feature was integrated into Cisco IOS Release 12.2(15)B. 12.2(27)SBA This feature was integrated into Cisco IOS Release 12.2(27)SBA. Contents Feature Overview, page 1 Supported Standards, MIBs, and RFCs, page 3 Supported Standards, MIBs, and RFCs, page 3 Configuration Tasks, page 3 Configuration Examples, page 5 Command Reference, page 6 Feature Overview The RADIUS Logical Line ID feature enables users to track their customers on the basis of the physical lines in which the customers calls originate. Thus, users can better maintain the profile database of their customers as the customers move from one physical line to another. Logical Line Identification (LLID) is an alphanumeric string (which must be a minimum of one character and a maximum of 253 characters) that is a logical identification of a subscriber line. LLID is maintained in a RADIUS server customer profile database. This customer profile database is connected to a L2TP access concentrator (LAC) and is separate from the RADIUS server that the LAC and L2TP Network Server (LNS) use for the authentication and authorization of incoming users. When the customer profile database receives a preauthorization request from the LAC, the server sends the LLID to the LAC as the Calling-Station-ID attribute (attribute 31). Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Copyright 2002, 2003, 2005 Cisco Systems, Inc. All rights reserved.

Feature Overview RADIUS Logical Line ID The LAC sends a preauthorization request to the customer profile database when the LAC is configured for preauthorization. Configure the LAC for preauthorization using the subscriber access pppoe pre-authorize command. Note Downloading the LLID is referred to as preauthorization because it occurs before normal virtual private dialup network (VPDN) authorization downloads L2TP tunnel information. The customer profile database consists of user profiles for each user connected to the LAC. Each user profile contains the NAS-IP-Address (attribute #4) and the NAS-Port-ID (attribute #5.) When the LAC is configured for preauthorization, it queries the customer profile database using the username. (The username, which is in an authentication, authorization, and accounting (AAA) request, has physical line information.) When a match is found in the customer profile database, the customer profile database sends the LLID in the user profile. The LLID is defined in the username as the Calling-Station-ID attribute. Benefits Stability and Security This feature provides users with a virtual port that will not change as customers move. Thus, the LLID can also be used for additional security checks. Restrictions RADIUS Server Compatibility Although this feature can be used with any vendor's RADIUS server, some RADIUS servers may require modifications to their dictionary files to allow the Calling-Station-ID attribute to be returned in access-accept messages. For example, the Merit RADIUS server will not support LLID downloading unless you modify its dictionary as follows: ATTRIBUTE Calling-Station-Id 31 string (*, *) Support Restrictions This feature supports only RADIUS; TACACS+ is not supported. This feature can be applied only toward PPP over Ethernet over ATM (PPPoEoATM) and PPP over Ethernet over VLAN (PPPoEoVLAN) (Dot1Q) calls; no other calls, such as ISDN, can be used. Related Documents The chapter Configuring Broadband Access: PPP and Routed Bridge Encapsulation in the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2 The section Configuring AAA Preauthentication in the chapter Configuring RADIUS in the Cisco IOS Security Configuration Guide, Release 12.2 Cisco IOS Dial Technologies Configuration Guide, Release 12.2 2

RADIUS Logical Line ID Supported Standards, MIBs, and RFCs Supported Standards, MIBs, and RFCs Standards None MIBs None To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://tools.cisco.com/itdit/mibs/servlet/index If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL: http://www.cisco.com/register RFCs None Configuration Tasks See the following sections for configuration tasks for the RADIUS Logical Line ID feature. Each task in the list is identified as either required or optional. Configuring Preauthorization (required) Configuring the LLID in a RADIUS User Profile (required) Verifying Logical Line ID (optional) 3

Configuration Tasks RADIUS Logical Line ID Configuring Preauthorization To download the LLID and configure the LAC for preauthorization, use the following commands in global configuration mode: Command Router (config)# ip radius source-interface interface-name Router (config)# subscriber access pppoe pre-authorize nas-port-id list-name Purpose Specifies the IP address portion of the username for the preauthorization request. Enables the LLID to be downloaded so the LAC can be configured for preauthorization. Configuring the LLID in a RADIUS User Profile To configure the user profile for preauthorization, add a NAS port user to the customer profile database and add the RADIUS IETF attribute 31 (Calling-Station-ID) to the user profile. Command UserName=nas_port: ip-address:slot/module/port/vpi.vci User-Name=nas-port: ip-address:slot/module/port/vlan-id Calling-Station-Id = string (*,*) Purpose (Optional) Adds a PPPoE over ATM NAS port user. (Optional) Adds a PPPoE over VLAN NAS port user. Adds attribute 31 to the user profile. string One or more octets, containing the phone number that the user placed the call from. Verifying Logical Line ID To verify feature functionality, use the following command in EXEC mode: Command Router# debug radius Purpose Checks to see that RADIUS attribute 31 is the LLID in the accounting-request on LAC and in the access-request and accounting-request on the LNS. 4

RADIUS Logical Line ID Configuration Examples Configuration Examples This section provides the following configuration examples: LAC for Preauthorization Configuration Example RADIUS User Profile for LLID Example LAC for Preauthorization Configuration Example The following example shows how to configure your LAC for preauthorization by downloading the LLID: aaa new-model aaa group server radius sg_llid server 128.107.164.106 auth-port 1645 acct-port 1646 aaa group server radius sg_water server 128.107.164.106 auth-port 1645 acct-port 1646 aaa authentication ppp default group radius aaa authorization confg-commands aaa authorization network default group sg_water aaa authorization network mlist_llid group sg_llid aaa session-id common username s7200_2 password 0 lab username s5300 password 0 lab username sg_water password 0 lab vpdn enable vpdn-group 2 request-dialin protocol 12tp domain water.com initiate-to ip 30.1.1.1 local name s7200_2 vpdn-group 3 accept dialin procotol pppoe virtual-template 1 Enable the LLID to be downloaded. subscriber access pppoe pre-authorize nas-port-id mlist_llid interface Loopback0 ip address 20.1.1.2 255.255.255.0 interface Loopback1 ip address 30.1.1.1 255.255.255.0 interface Ethernet1/0 ip address 80.1.1.1 255.255.255.0 secondary ip address 10.0.58.111 255.255.255.0 no cdp enable iterface ATM4/0 no ip address no atm ilmi-keepalive interface ATM4/0.1 point-to-point pvc 1/100 encapsulation aa15snap 5

Command Reference RADIUS Logical Line ID protocol pppoe interface virtual-template1 no ip unnumbered Loopback0 no peer default ip address ppp authentication chap radius-server host 128.107.164.120 auth-port 1645 acct-port 1646 key rad123 radius-server host 128.107.164.106 auth-port 1645 acct-port 1646 key rad123 ip radius source-interface Loopback1 RADIUS User Profile for LLID Example The following example shows how to configure the user profile for LLID querying for PPPoEoVLAN and PPPoEoATM and add attribute 31: pppoeovlan ---------- nas-port:12.1.0.3:6/0/0/0 Password = "cisco", Service-Type = Outbound, Calling-Station-ID = "cat-example" pppoeoa -------- nas-port:12.1.0.3:6/0/0/1.100 Password = "cisco", Service-Type = Outbound, Calling-Station-ID = "cat-example" Command Reference This section documents the new command only. subscriber access pppoe pre-authorize 6

RADIUS Logical Line ID subscriber access pppoe pre-authorize subscriber access pppoe pre-authorize To enable the Logical Line Identification (LLID) to be downloaded, use the subscriber access pppoe pre-authorize command in global configuration mode. To disable this functionality, use the no form of this command. subscriber access pppoe pre-authorize nas-port-id list-name no subscriber access pppoe pre-authorize nas-port-id list-name Syntax Description nas-port-id list-name NAS port ID. Authentication, authorization, and accounting (AAA) authorization method list configured on the L2TP access concentrator (LAC). Defaults LLID querying will not take place. Command Modes Global configuration Command History Release 12.2(13)T 12.2(15)B 12.2(27)SBA Modification This command was introduced. This command was integrated into Cisco IOS Release 12.2(15)B. This command was integrated into Cisco IOS Release 12.2(27)SBA. Usage Guidelines The subscriber access pppoe pre-authorize command enables the LLID to be downloaded so the LAC can be configured for preauthorization. Thus, when queried, the RADIUS server can help download the LLID string to the LAC during preauthorization. Note This command enables LLID querying only for PPP over Ethernet over ATM (PPPoEoATM) and PPP over Ethernet over VLAN (PPPoEoVLAN) (Dot1Q) calls; all other calls, such as ISDN, are not supported. Examples The following example shows how to configure your LAC for preauthorization: aaa new-model aaa group server radius sg_llid server 128.107.164.106 auth-port 1645 acct-port 1646 aaa group server radius sg_water server 128.107.164.106 auth-port 1645 acct-port 1646 aaa authentication ppp default group radius aaa authorization confg-commands aaa authorization network default group sg_water aaa authorization network mlist_llid group sg_llid aaa session-id common 7

subscriber access pppoe pre-authorize RADIUS Logical Line ID username s7200_2 password 0 lab username s5300 password 0 lab username sg_water password 0 lab vpdn enable vpdn-group 2 request-dialin protocol 12tp domain water.com initiate-to ip 30.1.1.1 local name s7200_2 vpdn-group 3 accept dialin procotol pppoe virtual-template 1 subscriber access pppoe pre-authorize nas-port-id mlist_llid Related Commands Command Description ip radius source-interface Forces RADIUS to use the IP address of a specified interface for all outgoing RADIUS packets. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iphone, IP/TV, iq Expertise, the iq logo, iq Net Readiness Scorecard, iquick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R) Copyright 2002, 2003, 2005 Cisco Systems, Inc. All rights reserved. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback