Table Of Contents
RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
Related Features and Technologies
Setting Up the RADIUS Profile for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
First Published: November 27, 2000Last Updated: February, 2006History for the RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements Feature
12.1(5)T
This feature was introduced.
12.2(28)SB
This feature was integrated into Cisco IOS Release 12.2(28)SB.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
Feature Overview
Virtual Private Networks (VPNs) use Layer 2 Forwarding (L2F) or Layer 2 Tunnel Protocol (L2TP) tunnels to tunnel the link layer of high-level protocols (for example, PPP or asynchronous High-Level Data Link Control (HDLC)). Internet service providers (ISPs) configure their network access servers (NASs) to receive calls from users and forward the calls to the customer tunnel server. Usually, the ISP maintains only information about the tunnel server—the tunnel endpoint. The customer maintains the IP addresses, routing, and other user database functions of the tunnel server users.
The RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements feature adds the ability to specify the hostname of the NAS—rather than the IP address of the NAS—in RADIUS attribute 66 (Tunnel-Client-Endpoint).
Benefits
The RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements feature allows the user to specify the hostname of the NAS, rather than the IP address. This feature prevents the user from having to remember the numerical IP address and may also provide a small measure of security by protecting the numerical IP address of the NAS.
Restrictions
Your Cisco router or access server must be running a Cisco IOS software image that supports virtual private dialup networks (VPDNs).
Related Features and Technologies
•
L2TP
•
•
•
Prerequisites
You must be using a Cisco platform that supports VPDN.
Configuration Tasks
None
Configuration Examples
This section provides the following configuration example:
•
Setting Up the RADIUS Profile for RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements
The following example shows a configuration that allows the user to specify the hostname of the NAS using RADIUS attribute 66 (Tunnel-Client-Endpoint):
cisco.com Password = "cisco"Service-Type = Outbound-User,Tunnel-Type = :1:L2F,Tunnel-Medium-Type = :1:IP,Tunnel-Client-Endpoint = :1:"cisco2"Tunnel-Server-Endpoint = :1:"172.21.135.4",Tunnel-Assignment-Id = :1:"nas1",Tunnel-Password = :1:"cisco"Additional References
The following sections provide references related to RADIUS Attribute 66 (Tunnel-Client-Endpoint) Enhancements feature.
Related Documents
RADIUS attribute 66
Cisco IOS Security Configuration Guide, Release 12.4
Standards
MIBs
None
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
Technical Assistance
Command Reference
None
Glossary
L2F—Layer 2 Forwarding Protocol. Protocol that supports the creation of secure virtual private dialup networks over the Internet.
L2TP—Layer 2 Tunnel Protocol. Protocol that is one of the key building blocks for virtual private networks in the dial access space and is endorsed by Cisco and other internetworking industry leaders. This protocol combines the best of Cisco's Layer 2 Forwarding (L2F) protocol and Microsoft's Point-to-Point Tunneling Protocol (PPTP).
Layer 2 Forwarding Protocol—See L2F.
Layer 2 Tunnel Protocol—See L2TP.
Point-to-Point Protocol—See PPP.
PPP—Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Whereas SLIP was designed to work with IP, PPP was designed to work with several network layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, such as CHAP and PAP. PPP relies on two protocols: LCP and NCP.
RADIUS—Remote Authentication Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.
Remote Authentication Dial-In User Service—See RADIUS.
virtual private dialup network—See VPDN.
VPDN—virtual private dialup network. A system that permits dial-in networks to exist remotely to home networks, while giving the appearance of being directly connected. VPDNs use L2TP and L2F to terminate the Layer 2 and higher parts of the network connection at the L2TP network server (LNS), instead of the L2TP access concentrator (LAC).
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2000, 2006 Cisco Systems, Inc. All rights reserved.
Guest
