Cisco Cisco ASR 5000
AAA Server Group Configuration Mode Commands
radius ip vrf ▀
Command Line Interface Reference, StarOS Release 18 ▄
207
radius ip vrf
This command associates the specific AAA group (NAS-IP) with a Virtual Routing and Forwarding (VRF) Context
instance for BGP/MPLS, GRE, and IPSec Tunnel functionality which needs VRF support for RADIUS communication.
By default the VRF is NULL, which means that AAA group is associated with global routing table.
instance for BGP/MPLS, GRE, and IPSec Tunnel functionality which needs VRF support for RADIUS communication.
By default the VRF is NULL, which means that AAA group is associated with global routing table.
Product
All
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > AAA Server Group Configuration
configure > context context_name > aaa group group_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-aaa-group)#
Syntax
radius ip vrf vrf_name
no radius ip vrf
no
Disables the configured IP Virtual Routing and Forwarding (VRF) context instance and removes the
association between the VRF context instance and the AAA group instance (NAS-IP).
By default this command is disabled, which means the NAS-IP being used is assumed a non-VRF IP and
specific AAA group does not have any VRF association.
association between the VRF context instance and the AAA group instance (NAS-IP).
By default this command is disabled, which means the NAS-IP being used is assumed a non-VRF IP and
specific AAA group does not have any VRF association.
vrf_name
Specifies the name of a pre-configured VRF context instance.
vrf_name
is the name of a pre-configured virtual routing and forwarding (VRF) context configured in
Context configuration mode through
ip vrf
command.
Caution:
Any incorrect configuration, such as associating AAA group with wrong VRF instance or removing a
VRF instance, will fail the RADIUS communication.
Usage
Use this command to associate/disassociate a pre-configured VRF context for a feature such as BGP/MPLS
VPN or GRE, and IPSec tunneling which needs VRF support for RADIUS communication.
By default the VRF is NULL, which means that AAA group (NAS-IP) is associated with global routing table
and NAS-IP being used is assumed a non-VRF IP.
This IP VRF feature can be applied to RADIUS communication, which associates the VRF with the AAA
group. This command must be configured whenever a VRF IP is used as a NAS-IP in the AAA group or at
the Context level for the “default” AAA group.
This is a required configuration as VRF IPs may be overlapping hence AAA needs to know which VRF the
configured NAS-IP belongs to. By this support different VRF-based subscribers can communicate with
VPN or GRE, and IPSec tunneling which needs VRF support for RADIUS communication.
By default the VRF is NULL, which means that AAA group (NAS-IP) is associated with global routing table
and NAS-IP being used is assumed a non-VRF IP.
This IP VRF feature can be applied to RADIUS communication, which associates the VRF with the AAA
group. This command must be configured whenever a VRF IP is used as a NAS-IP in the AAA group or at
the Context level for the “default” AAA group.
This is a required configuration as VRF IPs may be overlapping hence AAA needs to know which VRF the
configured NAS-IP belongs to. By this support different VRF-based subscribers can communicate with