Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
CDMA2000 Wireless Data Services
▀ Features and Functionality—Base Software
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
All RADIUS authentication/accounting servers configured at the context-level are treated as part of a server
group named ―default‖. This default server group is available to all subscribers in that context through the
realm (domain) without any configuration.
realm (domain) without any configuration.
It provides a facility to create ―user defined‖ RADIUS server groups, as many as 399 (excluding ―default‖ server
group), within a context. Any of the user defined RADIUS server groups are available for assignment to a
subscriber through the subscriber configuration within that context.
subscriber through the subscriber configuration within that context.
Since the configuration of the subscriber can specify the RADIUS server group to use as well as IP address pools from
which to assign addresses, the system implements a mechanism to support some in-band RADIUS server
implementations (i.e. RADIUS servers which are located in the corporate network, and not in the operator's network)
where the NAS-IP address is part of the subscriber pool. In these scenarios, the PDSN supports the configuration of the
first IP address of the subscriber pool for use as the RADIUS NAS-IP address.
which to assign addresses, the system implements a mechanism to support some in-band RADIUS server
implementations (i.e. RADIUS servers which are located in the corporate network, and not in the operator's network)
where the NAS-IP address is part of the subscriber pool. In these scenarios, the PDSN supports the configuration of the
first IP address of the subscriber pool for use as the RADIUS NAS-IP address.
Important:
For more information on RADIUS AAA configuration, refer AAA Interface
Administration and Reference.
Access Control List Support
Access Control Lists provide a mechanism for controlling (i.e permitting, denying, redirecting, etc.) packets in and out
of the system.
of the system.
IP access lists, or Access Control Lists (ACLs) as they are commonly referred to, are used to control the flow of packets
into and out of the system. They are configured on a per-context basis and consist of ―rules‖ (ACL rules) or filters that
control the action taken on packets that match the filter criteria. Once configured, an ACL can be applied to any of the
following:
into and out of the system. They are configured on a per-context basis and consist of ―rules‖ (ACL rules) or filters that
control the action taken on packets that match the filter criteria. Once configured, an ACL can be applied to any of the
following:
An individual interface
All traffic facilitated by a context (known as a policy ACL)
An individual subscriber
All subscriber sessions facilitated by a specific context
There are two primary components of an ACL:
Rule: A single ACL consists of one or more ACL rules. As discussed earlier, the rule is a filter configured to
take a specific action on packets matching specific criteria. Up to 128 rules can be configured per ACL.
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the
rule actions and criteria supported by the system.
rule actions and criteria supported by the system.
Rule Order: A single ACL can consist of multiple rules. Each packet is compared against each of the ACL rules,
in the order in which they were entered, until a match is found. Once a match is identified, all subsequent rules
are ignored.
are ignored.
Important:
For more information on Access Control List configuration, refer IP Access Control List chapter in
System Enhanced Feature Configuration Guide.