Its really depend what was the question, but i assume that if the task did not ask you to configure radius/tacacs server so you need to do it with local aaa.
Regards, Meytal -----Original Message----- From: [email protected] on behalf of Andrey Sent: Sat 4/9/2011 7:58 PM To: [email protected] Subject: [OSL | CCIE_Security] Vol 2 Lab 18 task 4.2 EZVPN Configure the group with the following parameters: ....... Group name: EZGROUP Group password: ezpass User: EZUSER - this user should be able to log in to the EZGROUP group only Password: ipexpert Use VTI as part of your solution ....... Hi, today i did this lab and after reading the task, started making it using local aaa, but when i got to create username, realized that my solution does not comply with the task, because using group-lock format of username is username@group, etc. Then i decided that it is necessary to configure radius and the av pair user-vpn-group=EZGROUP. So i did. But later looked the solution by Tyson Scott on walk through videos vol2 in which he uses a variant with local aaa and EZUSER@EZGROUP Hence my question is what solution you think is correct or more correct, It would be nice if Tyson commented too. Best regards, Andrey
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
