Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
PDIF Service Configuration Mode Commands
▀ aaa authentication
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
aaa authentication
Sets the aaa authentication for first and second phase authentication when multiple authentication is configured on the
system.
system.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
Removes any existing authentication configuration.
Specifies the context name and the aaa group name configured in the context for the first authentication
phase.
phase.
: Context where aaa server group is defined.
must be a string of size 1-
79.
: Name of the aaa-group to be used for authentication.
must be a string of
size 1-63.
Specifies the context name and the aaa group name configured in the context for the second authentication
phase.
phase.
: Context where aaa server group is defined.
must be a string of size 1-
79.
: Name of the aaa-group to be used for authentication.
must be a string of
size 1-63.
Usage
Two phase-authentication happens in IKEv2 setup for setting up the IPSec session. The first authentication
uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same
AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA
group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI in the first
authentication is different from NAI in the second authentication each NAI can point to a different domain
profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the
other for RADIUS.
uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same
AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA
group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI in the first
authentication is different from NAI in the second authentication each NAI can point to a different domain
profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the
other for RADIUS.