Cisco Cisco Packet Data Gateway (PDG)
StarOS Operation and Configuration
How StarOS Selects Contexts ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
31
How StarOS Selects Contexts
This section describes the process that determines which context to use for context-level administrative users or
subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many
contexts and interfaces you need to configure.
subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many
contexts and interfaces you need to configure.
Context Selection for Context-level Administrative User Sessions
StarOS comes configured with a context called local that you use specifically for management purposes. The source and
destination contexts for a context-level administrative user responsible for managing the entire system should always be
the local context.
destination contexts for a context-level administrative user responsible for managing the entire system should always be
the local context.
A context-level administrative user can also connect through other interfaces on StarOS and still have full management
privileges.
privileges.
A context-level administrative user can be created in a non-local context. These management accounts have privileges
only in the context in which they are created. This type of management account can connect directly to a port in the
context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
only in the context in which they are created. This type of management account can connect directly to a port in the
context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
For all FTP or SFTP connections, you must connect through a management interface. If you SFTP or FTP as a non-local
context account, you must use the username syntax of username@contextname.
context account, you must use the username syntax of username@contextname.
The context selection process becomes more involved if you are configuring StarOS to provide local authentication or
work with a AAA server to authenticate the context-level administrative user.
work with a AAA server to authenticate the context-level administrative user.
StarOS gives you the flexibility to configure context-level administrative users locally (meaning that their profile will be
configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts to log
onto StarOS, StarOS performs the authentication. If you have configured the user profile on an AAA server, StarOS
must determine how to contact the AAA server to perform authentication. It does this by determining the AAA context
for the session.
configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts to log
onto StarOS, StarOS performs the authentication. If you have configured the user profile on an AAA server, StarOS
must determine how to contact the AAA server to perform authentication. It does this by determining the AAA context
for the session.
The following table and flowchart describe the process that StarOS uses to select an AAA context for a context-level
administrative user. Items in the table correspond to the circled numbers in the flowchart.
administrative user. Items in the table correspond to the circled numbers in the flowchart.