Hi George, I don't think it would be possible with a local database and the magic is more likely to happen via RADIUS using the cisco-av-pair VSA. I haven't used it for authentication purposes but I have done things like assign ACLs and VRF membership this way in the past.
Cheers, Adam On 5/8/12, George Leslie <[email protected]> wrote: > > > > > Hello all,Jay McM and I had an offline chat about my previous posting, which > was trying to do the EIGRP authentication on a hub and spoke network, where > the hubs use different authentication keys from each other. I was playing > around with frame hub and spoke. To recap, I previously found that the hub, > despite having the two different keys in its key chain, both of which had > valid lifetimes, refused to send using key 2. It would only send with key 1 > despite correctly authentication spoke 2 which was using key 2. Therefore, > hub authenticated spoke, but not vice versa. On frame, you could use PPPoFr, > and use different virtual templates on each DLCI, and therefore have > different key chains on each. What I actually did was use point to point > tunnels over the frame, which worked a treat. In what my old physics teacher > used to call, "a thought experiment", I was thinking about what you could > do, just on a bog standard Ethernet segment. The tunnel approach would > still work. How > ever, with PPPoE, the server virtual template is tied to the physical, via > the bba-group. Therefore the key chain would be applied to all clients that > use the virtual template, which presents the same problem as on the frame > network. My question: is there any way that you can configure a PPPoE > virtual template on the hub that is somehow tied to each individual client? > For example, is there a mechanism to tie the virtual template to the PPP > chap username? Bit of chicken and egg here, as you need the virtual > template to know to authenticate by chap, but need chap to know the virtual > template to apply.....My head hurts. Regards, George. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
