Cisco Cisco Packet Data Gateway (PDG) Wartungshandbuch
AAA Interface Configuration
▀ Configuring the Destination Context Attribute
▄ Cisco ASR 5000 Series AAA Interface Administration and Reference
OL-23000-01
Configuring the Destination Context Attribute
Once a user has been authenticated, a AAA attribute is returned in the access-accept message that contains the name of
the destination context where the subscriber will egress from. For RADIUS-based subscribers, this is the SN-VPN-
NAME attribute, or SN1-VPN-NAME attribute in some RADIUS dictionaries.
the destination context where the subscriber will egress from. For RADIUS-based subscribers, this is the SN-VPN-
NAME attribute, or SN1-VPN-NAME attribute in some RADIUS dictionaries.
The system supports configuring subscriber profiles locally within a context though subscriber templates or on a
RADIUS server. Subscribers configured on the system are configured within the contexts they were created. In the
Understanding the System Operation and Configuration chapter of the System Administration Guide, the role of
subscriber default, which is automatically configured for each context, and realm-based subscriber templates, which
serves as a default subscriber template for users whose domain portion of their user name matches a domain alias within
a context, was discussed. The role of these special subscriber templates is to provide a set of default attributes that may
be used to populate any missing values for an authenticated RADIUS-based subscriber. The parameter that would
contain this attribute value is called the IP context-name.
RADIUS server. Subscribers configured on the system are configured within the contexts they were created. In the
Understanding the System Operation and Configuration chapter of the System Administration Guide, the role of
subscriber default, which is automatically configured for each context, and realm-based subscriber templates, which
serves as a default subscriber template for users whose domain portion of their user name matches a domain alias within
a context, was discussed. The role of these special subscriber templates is to provide a set of default attributes that may
be used to populate any missing values for an authenticated RADIUS-based subscriber. The parameter that would
contain this attribute value is called the IP context-name.
Further, it was explained that these attributes must be configured manually for both the subscriber default and any
realm-based subscriber template created.
realm-based subscriber template created.
One of the rules that must be configured is a parameter that allows subscriber data traffic to be routed between source
and destination contexts. Use the following example configuration to configure that rule.
and destination contexts. Use the following example configuration to configure that rule.
Important:
Commands used in the configuration example in this section provide base functionality to the extent
that the most common or likely commands and/or keyword options are presented. In many cases, other optional
commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete
information regarding all commands.
commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete
information regarding all commands.
Notes:
must be the name of the system source context designated for Default subscriber
configuration.
must be the name of the destination context configured on the system
containing the interfaces through which session traffic is routed.
The ―ip context-name‖ parameter in the subscriber profiles configured on the system corresponds to the SN-
VPN-NAME and SN1-VPN-NAME RADIUS attributes.
Configure the default subscriber in any other configured source contexts.