Radius sample configuration – Cisco 10000 User Manual
Page 160
4-28
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 4 Configuring Multiprotocol Label Switching
Half-Duplex VRF
no
auto-summary
exit-address-family
!
address-family ipv4 vrf U
no
auto-summary
no
synchronization
exit-address-family
!
address-family ipv4 vrf D
redistribute
static
no
auto-summary
no
synchronization
exit-address-family
!
ip local pool U-pool 2.8.1.1 2.8.1.100
!
radius-server host 22.0.20.26 auth-port 1812 acct-port 1813
radius-server key cisco
RADIUS Sample Configuration
shows how to configure the RADIUS server for HDVRF support. In this example, the
spokes inherit the default configuration. Static routes per spoke are defined to demonstrate that HDVRF
supports per-user static routes. The functionality of the HDVRF feature does not require that you define
static routes per spoke. This configuration was tested on FreeRADIUS 0.8.1.
Example 4-12 Configuring RADIUS for Half-Duplex VRFs
DEFAULT Service-Type == Framed-User
Framed-Protocol = PPP,
cisco-avpair = "ip:vrf-id=U downstream D",
cisco-avpair = "ip:ip-unnumbered=Loopback 2",
cisco-avpair = "ip:addr-pool=U-pool",
Fall-Through = Yes
labe
Auth-Type := Local, User-Password == "labe"
cisco-avpair = "ip:route=2.0.0.5 255.255.255.255"
vltava Auth-Type := Local, User-Password == "vltava"
cisco-avpair = "ip:route=2.0.0.2 255.255.255.255"
Note
Instead of using the lcp:interface-config RADIUS attribute, we recommend that you use the ip:vrf-id
RADIUS attribute when supported in Cisco IOS software. Unlike the lcp:interface-config attribute,
which causes full virtual interfaces to be used, the ip:vrf-id attribute causes virtual subinterfaces to be
used, which significantly improves scalability.