|
Virtual profiles provide the next step
in dialer profile evolution. As dialer profiles keep the profile
specific to a particular user on a single NAS, the AAA server
contains multiple virtual profiles for many users.
Dialer profiles can be further scaled
through the use of AAA architecture:
- Per-user configurations from a
centralized AAA server.
- Support for RADIUS/TACACS+ servers.
- Use standards-based
vendor-specific attribute/value pairs.
- No proprietary lock-in.
 |
 |
Lab
Activity |
| |
The
Denver
office has setup and configured a Cisco Secure
TACACS+ server and needs to place the routers
under the control of the TACACS+ server. In this
lab, you may need to modify the hostname and IP
address of your router. |
|
|
|
Virtual profiles allow profiles to be
applied to non-dial-on-demand routing (non-DDR)-enabled interfaces,
and allow for centralized configuration management and smaller
configurations on routers. With virtual profiles, caller profiles
are stored on a centralized AAA server, not on individual access
routers.
The steps in virtual profile
operation, which are shown in Figure ,
are as follows:
- Check authentication.
- Authentication is OK.
- Clone the
virtual access interface from the virtual template interface.
- Request user configuration
information. User configuration information is sent and applied
to the virtual access interface.
- The virtual access interface is
built from the configuration of the physical interface, to which
are added the virtual template interface configuration and the
user-specific configuration of the virtual profile from the AAA
server, as shown in Figure
.
At this point, the complete virtual access interface is
available to handle data to and from the user accessing the
network.
|