cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

690
Views
6
Helpful
5
Replies
Weiborao
Cisco Employee

ISE Use Case in the L2TP Dial-in

Dear Experts,

My customer’s requirement is the L2TP VPDN.

They want to deploy a Radius server behind the LAC (L2TP Access Concentrator), which is used to return the LNS (L2TP Network Server) address to the LAC, when L2TP client initiates the Dial-in process.

I heard that this was a standard Radius behavior, and Cisco ACS works well.

Does ISE work in this use case?

Thank you.

Best regards,


Weibo Rao.

1 ACCEPTED SOLUTION

Accepted Solutions
Craig Hyps
Advocate

Yes, it should work, but not aware of any specific QA testing on this less common use case.  These are standard RADIUS attributes.  If the default values do not include the attributes specific to L2TP, then you can use the Advanced Attributes section to add custom value settings.  Some example RADIUS attributes shown in example here: Tunnel Authentication via RADIUS on Tunnel Terminator - Cisco

/Craig

View solution in original post

5 REPLIES 5
Craig Hyps
Advocate

Yes, it should work, but not aware of any specific QA testing on this less common use case.  These are standard RADIUS attributes.  If the default values do not include the attributes specific to L2TP, then you can use the Advanced Attributes section to add custom value settings.  Some example RADIUS attributes shown in example here: Tunnel Authentication via RADIUS on Tunnel Terminator - Cisco

/Craig

Thank you for your support.

I have cisco router for vpdn server and my clients are windows l2tp connection , and i use cisco ise ( join domain) for radius server and router send aaa to ise . Every thing is ok but radius live log is bad , i have not any clients endpoint address,clients mac address and live session in radius live log , it s show just user authenticatin and authorization users . Please help me .

hslai
Cisco Employee

Adding to Craig.

https://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/20/GGSN/b_20_GGSN_Admin/b_19_GGSN_Admin_chapter_010011.pdf

mentions

  1. The system determines that the egress context is the destination context based on the configuration of either the Default subscriber's ip-context name or from the SN-VPN-NAME or SN1-VPN-NAME attributes that is configured in the subscriber's RADIUS profile.

I found freeradius/dictionary.starent at master · redBorder/freeradius · GitHub and made a minor change so ISE can import it.

Thank you for your support and contribution.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube