Cisco Cisco Packet Data Gateway (PDG)
System Operation and Configuration
How the System Selects Contexts ▀
ASR 5500 System Administration Guide, StarOS Release 16 ▄
21
user profile is configured within the context where the subscriber was created (in this case, the Local context).
However, management subscribers may also be authenticated remotely via RADIUS, if an AAA configuration
exists within the local context, or TACACS+.
However, management subscribers may also be authenticated remotely via RADIUS, if an AAA configuration
exists within the local context, or TACACS+.
How the System Selects Contexts
This section describes the process that determines which context to use for context-level administrative users or
subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many
contexts and interfaces you need to configure.
subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many
contexts and interfaces you need to configure.
Context Selection for Context-level Administrative User Sessions
The system comes configured with a context called local that you use specifically for management purposes. The
context selection process for context-level administrative users (those configured within a context) is simplified because
the management ports on the MIO are associated only with the Local context. Therefore, the source and destination
contexts for a context-level administrative user responsible for managing the entire system should always be the local
context.
context selection process for context-level administrative users (those configured within a context) is simplified because
the management ports on the MIO are associated only with the Local context. Therefore, the source and destination
contexts for a context-level administrative user responsible for managing the entire system should always be the local
context.
A context-level administrative user can also connect through other interfaces on the system and still have full system
management privileges.
management privileges.
A context-level administrative user can be created in a non-local context. These management accounts have privileges
only in the context in which they are created. This type of management account can connect directly to a port in the
context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
only in the context in which they are created. This type of management account can connect directly to a port in the
context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
For all FTP or SFTP connections, you must connect through an MIO management interface. If you SFTP or FTP as a
non-local context account, you must use the username syntax of username@contextname.
non-local context account, you must use the username syntax of username@contextname.
The context selection process becomes more involved if you are configuring the system to provide local authentication
or work with a AAA server to authenticate the context-level administrative user.
or work with a AAA server to authenticate the context-level administrative user.
The system gives you the flexibility to configure context-level administrative users locally (meaning that their profile
will be configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts
to log onto the system, the system performs the authentication. If you have configured the user profile on an AAA
server, the system must determine how to contact the AAA server to perform authentication. It does this by determining
the AAA context for the session.
will be configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts
to log onto the system, the system performs the authentication. If you have configured the user profile on an AAA
server, the system must determine how to contact the AAA server to perform authentication. It does this by determining
the AAA context for the session.
The following table and flowchart describe the process that the system uses to select an AAA context for a context-level
administrative user. Items in the table correspond to the circled numbers in the flowchart.
administrative user. Items in the table correspond to the circled numbers in the flowchart.