- 论坛徽章:
- 0
|
Feature Overview
The PPPoE RADIUS Port Identification feature enables an L2TP access concentrator (LAC) and an LT2P network server (LNS) to identify and forward NAS-Port and NAS-Port-Type attribute values for PPP over Ethernet (PPPoE) over ATM and PPPoE over IEEE 802.1Q VLANs.
Before the introduction of the PPPoE RADIUS Port Identification feature, if you were using PPP over ATM, you could use the radius-server attribute nas-port format command to configure the NAS-Port field for the PPP extended format. Specifying the PPP extended format increased the size of the NAS-Port attribute field to 32 bits and changed the NAS-Port attribute format to provide the RADIUS server with details about the ATM port, virtual path identifier (VPI), and virtual channel identifier (VCI).
The PPPoE RADIUS Port Identification feature extends the functionality of the PPP extended NAS-Port format to support PPPoE over ATM and PPPoE over IEEE 802.1Q VLANs, in addition to PPP over ATM.
PPPoE over ATM
For PPPoE over ATM, the PPP extended format enables the NAS-Port attribute field to provide details about the ATM interface, VPI, and VCI.
Figure 1
shows the format of the NAS-Port attribute field when the PPP extended NAS-Port format is configured and PPPoE over ATM is being used.
Figure 1 Format of the NAS-Port Attribute Field for PPPoE over ATM
![]()
The interface, VPI, and VCI correspond to the interface and virtual circuit (VC) on which the session entered the router. For Cisco 6400 series routers, the interface, VPI, and VCI correspond to the interface and VC on which the session entered the Cisco 6400 node switch processor (NSP).
Figure 2
shows the format of the 8-bit interface field. For platforms that do not have slots or modules, the slot and module fields will be 0.
Figure 2 Format of the Interface Field for PPPoE over ATM
![]()
The NAS-Port-Type value for PPPoE over ATM is 5, which is the value for virtual port types.
PPPoE over IEEE 802.1Q VLANs
For PPPoE over 802.1Q VLANs, the PPP extended format provides details about the interface and the VLAN ID.
Figure 3
shows the format of the NAS-Port attribute field when the PPP extended NAS-Port format is configured and PPPoE over an IEEE 802.1Q VLAN is being used.
Figure 3 Format of the NAS-Port Attribute Field for PPPoE over 802.1Q VLANs
![]()
Figure 4
shows the format of the 8-bit interface field. For platforms that do not have slots or modules, the slot and module fields will be 0.
Figure 4 Format of the Interface Field for PPPoE over 802.1Q VLANs
![]()
The NAS-Port-Type value for PPPoE over 802.1Q VLANs is 15.
PPPoE RADIUS Port Identification on the LNS
The PPPoE RADIUS Port Identification feature enables an LNS to recognize PPP extended NAS-Port format information that has been sent from the LAC. When this feature is enabled on an LNS, the LNS will forward the NAS-Port and NAS-Port-Type values for PPP over ATM, PPPoE over ATM, and PPPoE over 802.1Q VLANs to the RADIUS server for accounting.
Benefits
The PPPoE RADIUS Port Identification feature introduces command line and value format consistency across various PPPoE media contexts for digital subscriber line (DSL) implementers.
Prior to the introduction of this feature, the radius-server attribute nas-port format command could be used to specify the PPP extended NAS-Port format, which supported PPP over ATM. With the introduction of this feature, the same command can be used to configure the PPP extended format for PPPoE over ATM and for PPPoE over 802.1Q VLANs as well. In addition, the PPP extended format can now be used on the LNS for L2TP tunneling.
Restrictions
In order for the LNS to forward PPP extended NAS-Port format values to the RADIUS server, both the LAC and the LNS must be Cisco routers running a Cisco IOS image that supports the PPPoE RADIUS Port Identification feature.
Related Features and Technologies
PPP over ATM
PPPoE over ATM
PPPoE over 802.1Q VLANS
RADIUS attributes and accounting
Related Documents
PPPoE on ATM, Cisco IOS Release 12.1(1)T
PPPoE over IEEE 802.1Q VLANs, Cisco IOS Release 12.1(5)T
Cisco IOS Security Configuration Guide, Release 12.1
Cisco IOS Security Command Reference, Release 12.1
Cisco IOS Wide-Area Networking Configuration Guide, Release 12.1
Cisco IOS Wide-Area Networking Command Reference, Release 12.1
RFC 2516, A Method for Transmitting PPP over Ethernet (PPPoE)
Supported Platforms
Cisco 3620
Cisco 3640
Cisco 4500-M series
Cisco 7200 series
Cisco 7500 series
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco Connection Online (CCO) at
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
No new or modified RFCs are supported by this feature.
Configuration Tasks
See the following sections for configuration tasks for the PPPoE RADIUS Port Identification feature. Each task in the list is identified as optional or required.
Configuring the LAC for PPPoE RADIUS Port Identification
(Required)
Configuring the LNS for PPPoE RADIUS Port Identification
(Required)
Configuring the LAC for PPPoE RADIUS Port Identification
To configure the LAC with the NAS-Port format for PPPoE over ATM and PPPoE over 802.1Q VLANs, use the following command in global configuration mode:
Command
Purpose
Router(config)# radius-server attribute nas-port format d
Specifies that PPP extended NAS-Port format will be used for RADIUS accounting.
Configuring the LNS for PPPoE RADIUS Port Identification
To configure the LNS to recognize the NAS-Port format for PPP over ATM, PPPoE over ATM, and PPPoE over 802.1Q VLANs, use the following commands in global configuration mode:
Command
Purpose
Step 1
Router(config)# radius-server attribute nas-port format d
Specifies that PPP extended NAS-Port format will be used for RADIUS accounting.
Step 2
Router(config)# vpdn aaa attribute nas-port vpdn-nas
Enables the LNS to send PPP extended NAS-Port format values to the RADIUS server for accounting.
Verifying the PPPoE RADIUS Port Identification Feature
To verify that the PPPoE RADIUS Port Identification feature is configured correctly, use the following command in privileged EXEC mode:
Command
Purpose
Router# more system:running-config
Displays the running configuration.
Monitoring and Maintaining PPPoE RADIUS Port Identification
To monitor the PPPoE RADIUS Port Identification feature, use the following privileged EXEC command:
Command
Purpose
Router# debug radius
Displays information about RADIUS.
Configuration Examples
This section provides the following configuration examples:
RADIUS Port Identification for PPPoE over ATM Example
RADIUS Port Identification for PPPoE over an 802.1Q VLAN Example
Configuring the LNS for PPPoE RADIUS Port Identification Example
RADIUS Port Identification for PPPoE over ATM Example
The following example shows the configuration of the PPP extended NAS-Port format on an LAC using PPPoE over ATM:
!
vpdn enable
no vpdn logging
!
vpdn-group pppoe
accept-dialin
protocol pppoe
virtual-template 2
pppoe limit per-mac 2000
!
!
vpdn-group 2
request-dialin
protocol l2tp
domain testdomain.com
initiate-to ip 172.73.0.1
local name lac1
!
!
interface ATM4/0.1 multipoint
pvc 1/33
encapsulation aal5snap
protocol pppoe
end
!
aaa new-model
aaa authentication ppp default local group radius
aaa authorization network default local group radius
aaa accounting network default start-stop group radius
radius-server host 171.69.69.66 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute nas-port format d
radius-server key rad123
!
RADIUS Port Identification for PPPoE over an 802.1Q VLAN Example
The following example shows the configuration of the PPP extended NAS-Port format on an LAC running PPPoE over an 802.1Q VLAN:
!
vpdn enable
no vpdn logging
!
vpdn-group pppoe
accept-dialin
protocol pppoe
virtual-template 2
pppoe limit per-mac 2
pppoe limit per-vlan 10
!
vpdn-group 2
request-dialin
protocol l2tp
domain testdomain.com
initiate-to ip 172.73.0.1
local name lac1
!
interface FastEthernet2/0.2
encapsulation dot1Q 2
pppoe enable
!
interface FastEthernet2/0.3
encapsulation dot1Q 3
pppoe enable
!
aaa new-model
aaa authentication ppp default local group radius
aaa authorization network default local group radius
aaa accounting network default start-stop group radius
radius-server host 171.69.69.66 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute nas-port format d
radius-server key rad123
Configuring the LNS for PPPoE RADIUS Port Identification Example
In the following example, the LNS is configured to recognize and forward PPP extended NAS-Port format values to the RADIUS server. The PPP extended NAS-Port format must also be configured on the LAC for this configuration to be effective.
vpdn enable
no vpdn logging
!
vpdn-group L2TP-tunnel
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname lac1
local name lns1
!
!
aaa new-model
aaa authentication ppp default local group radius
aaa authorization network default local group radius
aaa accounting network default start-stop group radius
radius-server host 171.79.79.76 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute nas-port format d
radius-server key lns123
!
vpdn aaa attribute nas-port vpdn-nas
!
Command Reference
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.
radius-server attribute nas-port format
vpdn aaa attribute nas-port vpdn-nas
radius-server attribute nas-port format
To select the NAS-Port format used for RADIUS accounting features, use the radius-server attribute nas-port format global configuration command. To restore the default NAS-Port format, use the no form of this command.
radius-server attribute nas-port format format
no radius-server attribute nas-port format format
Syntax Description
format
NAS-Port format. Possible values for the format argument are as follows:
a—Standard NAS-Port format
b—Extended NAS-Port format
c—Shelf-slot NAS-Port format
d—PPP extended NAS-Port format
Defaults
Standard NAS-Port format
Command Modes
Global configuration
Command History
Release
Modification
11.3(7)T
This command was introduced.
11.3(9)DB
The PPP extended NAS-Port format was added.
12.1(5)T
The PPP extended NAS-Port format was expanded to support PPPoE over ATM and PPPoE over IEEE 802.1Q VLANs.
Usage Guidelines
The radius-server attribute nas-port format command configures RADIUS to change the size and format of the NAS-Port attribute field (RADIUS IETF attribute 5).
The following NAS-Port formats are supported:
Standard NAS-Port format—This 16-bit NAS-Port format indicates the type, port, and channel of the controlling interface. This is the default format used by Cisco IOS software.
Extended NAS-Port format—The standard NAS-Port attribute field is expanded to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the controlling interface; the lower 16 bits indicate the interface that is undergoing authentication.
Shelf-slot NAS-Port format—This 16-bit NAS-Port format supports expanded hardware models requiring shelf and slot entries.
PPP extended NAS-Port format—This NAS-Port format uses 32 bits to indicate the interface, VPI, and VCI for PPP over ATM and PPPoE over ATM, and the interface and VLAN ID for PPPoE over IEEE 802.1Q VLANs.
![]()
Note This command replaces the radius-server attribute nas-port extended command.
Examples
In the following example, a RADIUS server is identified, and the NAS-Port field is set to the PPP extended format:
radius-server host 172.31.5.96 auth-port 1645 acct-port 1646
radius-server attribute nas-port format d
Related Commands
Command
Description
vpdn aaa attribute nas-port vpdn-nas
Enables the LNS to send PPP extended NAS-Port format values to the RADIUS server for accounting.
vpdn aaa attribute nas-port vpdn-nas
To enable the L2TP network server (LNS) to send PPP extended NAS-Port format values to the RADIUS server for accounting, use the vpdn aaa attribute nas-port vpdn-nas global configuration command. To prevent the LNS from sending PPP extended NAS-Port format values, use the no form of this command.
vpdn aaa attribute nas-port vpdn-nas
no vpdn aaa attribute nas-port vpdn-nas
Syntax Description
This command has no arguments or keywords.
Defaults
The LNS will not send PPP extended NAS-Port format values to the RADIUS server.
Command Modes
Global configuration
Command History
Release
Modification
11.3(8.1)T
This command was introduced.
12.1(5)T
This command was modified to support the PPP extended NAS-Port format.
Usage Guidelines
The PPP extended NAS-Port format enables the NAS-Port and NAS-Port-Type attributes to provide port details to the RADIUS server when PPP over ATM, PPP over Ethernet (PPPoE) over ATM, or PPPoE over 802.1Q VLANs is used.
The vpdn aaa attribute nas-port vpdn-nas command should be configured on the LNS only. The radius-server attribute nas-port format command with the d keyword must also be configured on the LNS and the L2TP access concentrator (LAC), and the LAC and LNS must both be Cisco routers.
Examples
In the following example, the LNS is configured to recognize and forward PPP extended NAS-Port format values to the RADIUS server. PPP extended NAS-Port format must also be configured on the LAC for this configuration to be effective.
vpdn enable
no vpdn logging
!
vpdn-group L2TP-tunnel
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname lac1
local name lns1
!
aaa new-model
aaa authentication ppp default local group radius
aaa authorization network default local group radius
aaa accounting network default start-stop group radius
radius-server host 171.79.79.76 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute nas-port format d
radius-server key lns123
!
vpdn aaa attribute nas-port vpdn-nas
Related Commands
Command
Description
radius-server attribute nas-port format
Selects the NAS-Port format used for RADIUS accounting features.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/49403/showart_445298.html |
|
免费注册
发表于 2007-12-18 23:21
