cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
0
Helpful
1
Replies

ACS3.0 Tacacs+ and ppp multilink or not multilink

jgrewe
Level 1
Level 1

Hi,

i have a c3640 with a single pri.

I wont configure on the ACS two User-Groups.

One Group for ppp multilink, one Group for not ppp multilink.

Is this possible.

if yes, please send me the IOS commands and the ACS Config.

Best Regards Joe

1 Reply 1

gfullage
Cisco Employee
Cisco Employee

Hmmm, have never tested this, but you could possibly do it one of two ways.

First way, set up a standard multilink configuration on teh router, and do ppp/network authentication/authorization. Under the user profile on ACS, return a VSA Radius attribute of the type:

multilink:max-links=n

with Framed-Protocol=PPP. "n" is the maximum number of links to use is a multilink bundle, so you could theoretically select 1 or 2 dependent on your usernames. You could also configure this attribute in an ACS group obviously.

Second way, is to configure two Virtual-Profile interfaces on the router, one with multilink and one without. Then on the ACS server, specify the VSA as follows:

lcp:interface-config="string"

with Framed-Protocol = PPP, and where "string" is the virtual-profile interface name. This should force that ACS user/group to use a specific interface configuration.

Check out http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt6/scdtacat.htm for the documentation. Note that this page, even though it says TACACS pairs, is also the Radius pairs cause they're the same.