11-9
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 11 Configuring Local AAA Server, User Database—Domain to VRF
Verifying Local AAA Server, User Database—Domain to VRF Using Local
Attributes
To verify domain to VRF using local attributes, use the
show aaa users all
command and the
show running-config
command. See the next section for a configuration example.
Configuration Example for Local AAA Server, User Database—Domain to VRF
The following configuration example has two subscriber profiles that match on domain cisco1.com and
cisco2.com.
A subscriber with the domain name cisco1.com uses the parameters defined in the subscriber profile
cisco1.com. The name of the subscriber profile must be identical to the domain part of the full username
(username@domain). An attribute list cisco1.com defined in the service profile is used to reference AAA
attributes for the PPP subscribers.
Subscriber cisco1.com is applied with AAA attributes from AAA attribute list cisco1.com. An attribute
is applied to put the PPP session into a VRF called vrf1. An IP address is assigned from a local DHCP
pool called dhcp-pool. AAA authentication, authorization, and accounting are also defined and use an
AAA list called test1. These all use an AAA group server called group_server_test1.
A subscriber with the domain name cisco2.com uses the parameters defined in the subscriber profile
cisco2.com. The name of the subscriber profile must be identical to the domain part of the full username
(username@domain). An attribute list cisco2.com defined in the service profile is used to reference aaa
attributes for the PPP subscribers.
Subscriber cisco2.com is applied with AAA attributes from AAA attribute list cisco2.com. An attribute
is applied to put the PPP session into a VRF called vrf2. An IP address is assigned from a local pool
called pppoe2. AAA authentication, authorization, and accounting are also defined and use an AAA list
called test2. These all use an AAA group server called group_server_test2.
aaa new-model
!
!
aaa group server radius group_server_test1
server-private 192.168.2.20 auth-port 1645 acct-port 1646 key cisco
ip vrf forwarding vrf1
!
aaa group server radius group_server_test2
server-private 192.168.2.12 auth-port 1645 acct-port 1646 key cisco
ip vrf forwarding vrf2
!
aaa authentication ppp default local
aaa authentication ppp test1 group test1
aaa authentication ppp test2 group test2
aaa authorization network default local
aaa authorization network test1 local if-authenticated
Step 5
Router(config)#
attribute type
ppp-authen-list
aaa_list_name
Defines the AAA authentication list to use.
Step 6
Router(config)#
attribute type
ppp-author-list
aaa_list_name
Defines the AAA authorization list to use.
Step 7
Router(config)#
attribute type
ppp-acct-list
aaa_list_name
Defines the AAA accounting list to use.
Command
Purpose