Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISG service authorization question

Hi everybody! Need you help!

I can't figure out how to authorize services for different PPPoE users (binded to diferent Virtual Template/bba-groups) on different RADIUS-servers..

I'v got the following config (some lines are removed):

#2 radius-groups

aaa group server radius PPPOE

server name PPPOE

!

aaa group server radius test_PPPOE

server name test_PPPOE

# AAA

aaa authentication login default local

aaa authentication ppp PPPOE group PPPOE

aaa authentication ppp test_PPPOE group test_PPPOE

aaa authorization network PPPOE group PPPOE

aaa authorization network test_PPPOE group test_PPPOE

aaa authorization subscriber-service default group PPPOE

aaa authorization subscriber-service test_PPPOE group test_PPPOE

aaa accounting network PPPOE start-stop group PPPOE

aaa accounting network test_PPPOE start-stop group test_PPPOE

# 2 bba-groups

bba-group pppoe PPPOE

virtual-template 1

!

bba-group pppoe test_PPPOE

virtual-template 2

# 2 virtual templates

interface Virtual-Template1

ip unnumbered Loopback10

peer default ip address pool PPPOE_POOL

ppp authentication chap pap PPPOE

ppp authorization PPPOE

ppp accounting PPPOE

!

interface Virtual-Template2

ip unnumbered Loopback11

peer default ip address pool PPPOE_POOL

ppp authentication chap pap test_PPPOE

ppp authorization test_PPPOE

ppp accounting test_PPPOE

Services are defined on 2 external RADIUS-servers.

Users binded with virtual-template1 (bba-group PPPOE) are authenticated and authorized by AAA method lists "PPPOE". Their services, recieved from external RADIUS server (aaa group server radius PPPOE) are authorized with defaul method list "aaa authorization subscriber-service default group PPPOE".

Users binded with virtual-template2 (bba-group test_PPPOE) are authenticated and authorized by AAA method lists "test_PPPOE". But i can't figure  out how to authorize their services recieved from external RADIUS server (aaa group server radius test_PPPOE) with method list "aaa authorization subscriber-service test_PPPOE group test_PPPOE". What do i need to bind with it?

Will appreciate any help!

Thank you!

734
Views
0
Helpful
0
Replies