Cisco Cisco IOS Software Release 12.4(22)XR
283
Cisco Packet Data Serving Node Release 5.5 for Cisco IOS Release 12.4(22)XR9
OL-19026-02
System Requirements
Configuring AAA Server in the PDSN Environment
Access control is the way you manage who is allowed access to the network server and the services they
are allowed to use. AAA network security services provide the primary framework through which you
set up access control on your router or access server. For detailed information about the AAA server
configuration options, see the “Configuring Authentication,” and “Configuring Accounting” chapters in
the Cisco IOS Security Configuration Guide.
are allowed to use. AAA network security services provide the primary framework through which you
set up access control on your router or access server. For detailed information about the AAA server
configuration options, see the “Configuring Authentication,” and “Configuring Accounting” chapters in
the Cisco IOS Security Configuration Guide.
To configure the AAA server in the PDSN environment, use the following commands in global
configuration mode:
configuration mode:
Configuring RADIUS in the PDSN Environment
RADIUS is a method for defining the exchange of the AAA server information in the network. In the
Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a
RADIUS server that contains all user authentication and network server access information. For detailed
information about RADIUS configuration options, refer to the “Configuring RADIUS” chapter in the
Cisco IOS Security Configuration Guide.
Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a
RADIUS server that contains all user authentication and network server access information. For detailed
information about RADIUS configuration options, refer to the “Configuring RADIUS” chapter in the
Cisco IOS Security Configuration Guide.
To configure RADIUS in the PDSN environment, use the following commands in global configuration
mode:
mode:
Command
Purpose
Router(config)# aaa new-model
Enables the AAA server access control.
Router(config)# aaa authentication ppp default
group radius
Enables authentication of PPP users using RADIUS.
Router(config)# aaa authorization configuration default
group radius
Enables Network Access Identifier (NAI) construction
in the absence of CHAP.
in the absence of CHAP.
Router(config)# aaa authorization config-commands
Re-establishes the default created when the aaa
authorization commands level method1 command
was issued.
authorization commands level method1 command
was issued.
Router(config)# aaa authorization network if-authenticated
default group radius
Restricts network access to a user. Runs authorization
for all network-related service requests. Uses the
group RADIUS authorization method as the default
method for authorization.
for all network-related service requests. Uses the
group RADIUS authorization method as the default
method for authorization.
Router(config)# aaa accounting update periodic minutes
Enables an interim accounting record to be sent
periodically to the accounting server. The
recommended period of time is 60 minutes.
periodically to the accounting server. The
recommended period of time is 60 minutes.
Router(config)# aaa accounting network pdsn start-stop
group radius
Enables the AAA server accounting of requested
services for billing or security purposes when you use
RADIUS.
services for billing or security purposes when you use
RADIUS.
Command
Purpose
Router(config)# radius-server host ip-addr key
sharedsecret
Specifies the IP address of the RADIUS server host
and specifies the shared secret text string used between
the router and the RADIUS server.
and specifies the shared secret text string used between
the router and the RADIUS server.
Router(config)# radius-server vsa send accounting 3gpp2
Enables the use of vendor-specific attributes (VSA) as
defined by RADIUS IETF attribute 26. Limits the set
of recognized vendor-specific attributes to only
accounting attributes.
defined by RADIUS IETF attribute 26. Limits the set
of recognized vendor-specific attributes to only
accounting attributes.