Nesta wiki veremos uma configuração padrão para concentradores Cisco, claro, poderá precisar de ajustes extras conforme cenário do provedor, visto que está wiki está cedendo uma base de configuração.
aaa authentication login default local
aaa authentication login ssh local
aaa authentication ppp default group [[Radius-group-name]]
aaa authentication ppp inet group radius local
aaa authorization exec default local
aaa authorization commands 0 default group tacacs+ local none
aaa authorization commands 1 default group tacacs+ local none
aaa authorization commands 15 default group tacacs+ local none
aaa authorization network default group [[Radius-group-name]]
aaa authorization network inet group radius
aaa authorization configuration default group tacacs+
aaa authorization configuration PPPoE group [[Radius-group-name]]
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting delay-start all
aaa accounting session-duration ntp-adjusted
aaa accounting update periodic 5
aaa accounting exec default none
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group RADIUS-PPPOE
aaa accounting network inet start-stop group radius
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa pod server clients [[radius-IP]] port 3799 ignore session-key server-key T3s4*hubsoft
aaa session-id common
interface Virtual-Template1
description hubsoft
mtu 1492
ip unnumbered Loopback0
no ip unreachables
no ip proxy-arp
service-policy input UPLOAD
service-policy output DOWNLOAD
ip tcp adjust-mss 1452
no logging event link-status
no snmp trap link-status
peer default ip address pool [[pool-name]]
ppp mtu adaptive
ppp authentication pap inet
ppp authorization inet
ppp accounting inet
ppp ipcp dns [[dns-IP]] [[dns2-IP]]
ppp ipcp address required
ppp ipcp address unique
radius-server attribute 44 include-in-access-req
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server dead-criteria time 15 tries 3
radius-server host [[Radius-IP]] auth-port 1812 acct-port 1813 key 7 [[Secret-radius]]
radius-server retry method reorder
radius-server retransmit 6
radius-server timeout 30
radius-server deadtime 10
radius-server authorization default Framed-Protocol ppp
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
Importante lembrar de usar o equipamento ACCEL como tipo de NAS ao cadastrar no sistema esse modelo.
– Este modelo de Cisco possui uma particularidade nos parâmetros de controle de banda, confira mais no link abaixo: