ACCESS GATEWAY
System Administration 123
The tunnel server in this case is configured to authenticate users via another RADIUS server
that handles a single realm. Since it handles a single realm, no realm information is needed for
users and so must be stripped. In this case, it is stripped by the NSE, but it could easily have
been stripped by the tunnel server, or by the tunnel server’s RADIUS server. This is by design
and for maximum flexibility.
Also note that the “Local hostname” field is blank which means that the NSE’s default local
hostname of “usg_lac” will be used by the NSE. This allows for setting the local hostname to
any desired value other than the default. The L2TP peers exchange their local hostnames
during tunnel negotiation.
1. To add a RADIUS Service Profile, click on the appropriate Add button on the Realm-
Based Routing Settings screen.
The Add Realm Routing Policy screen appears:
2. To make this entry the “active” entry, click on the Entry Active check box.
3. To define a specific realm, choose the Specific Realm option and enter the destination in
the
Realm Name field. Alternatively, you can choose the Wildcard match option, then
define your search options:
Prefix match only
Suffix match only
Match either
4. Select the required RADIUS Service Profile from the pull-down menu.
5. Click on the Strip off routing information check box if you want to remove the routing
information.
6. Click on the Add button to add this Realm Routing Policy.
7. When you have completed the definition of your Realm Routing Policy, you can return to
the previous screen (Realm-Based Routing Settings) by clicking on the Back to Main
Realm-Based Routing Settings page
link.
The screen below shows a realm routing policy that handles prefix-based usernames using
a RADIUS service profile. Notice that “Specific Realm” is clicked and the “Realm name”
is “cisp”. Also notice that “Prefix match only” is clicked and that the delimiter is “/”. This
means that this realm routing policy will match usernames that are of the format “cisp/
username”.
To Next Page
Loading...
