Cisco Cisco ASR 5500 Administrator's Guide
AAA Introduction and Overview
▀ Overview
▄ Cisco ASR 5x00 AAA Interface Administration and Reference
10
Overview
The Authentication, authorization, and accounting (AAA) subsystem on the chassis provides the basic framework to
configure access control on your network. The AAA subsystem in core network supports Remote Authentication Dial-
In User Service (RADIUS) and Diameter protocol based AAA interface support. The AAA subsystem also provides a
wide range of configurations for AAA servers in groups, which in effect contain a series of RADIUS/Diameter
parameters for each application. This allows a single group to define a mix of Diameter and RADIUS servers for the
various application functions.
configure access control on your network. The AAA subsystem in core network supports Remote Authentication Dial-
In User Service (RADIUS) and Diameter protocol based AAA interface support. The AAA subsystem also provides a
wide range of configurations for AAA servers in groups, which in effect contain a series of RADIUS/Diameter
parameters for each application. This allows a single group to define a mix of Diameter and RADIUS servers for the
various application functions.
Although AAA functionality is available through AAA subsystem, the chassis provides onboard access control
functionality for simple access control through subscriber/APN authentication methods.
functionality for simple access control through subscriber/APN authentication methods.
AAA functionality provides capabilities to operator to enable authentication and authorization for a subscriber or a
group of subscriber through domain or APN configuration. The AAA interface provides the following AAA support to a
network service:
group of subscriber through domain or APN configuration. The AAA interface provides the following AAA support to a
network service:
Authentication: It is the method of identifying users, including login and password, challenge and response,
messaging support, and encryption. Authentication is the way to identify a subscriber prior to being allowed
access to the network and network services. An operator can configure AAA authentication by defining a list of
authentication methods, and then applying that list to various interfaces.
access to the network and network services. An operator can configure AAA authentication by defining a list of
authentication methods, and then applying that list to various interfaces.
All authentication methods, except for chassis-level authentication, must be defined through AAA
configuration.
configuration.
Authorization: It is the method to provide access control, including authorization for a subscriber or domain
profile. AAA authorization sends a set of attributes to the service describing the services that the user can
access. These attributes determine the user’s actual capabilities and restrictions.
access. These attributes determine the user’s actual capabilities and restrictions.
Accounting: Collects and sends subscriber usage and access information used for billing, auditing, and
reporting, such as user identities, start and stop times, performed actions, number of packets, and number of
bytes.
bytes.
Accounting enables operator to analyze the services users are accessing as well as the amount of network
resources they are consuming. Accounting records are comprised of accounting AVPs and are stored on the
accounting server. This accounting information can then be analyzed for network management, client billing,
and/or auditing.
resources they are consuming. Accounting records are comprised of accounting AVPs and are stored on the
accounting server. This accounting information can then be analyzed for network management, client billing,
and/or auditing.
Advantages of using AAA are:
Higher flexibility for subscriber access control configuration
Better accounting, charging, and reporting options
Industry standard RADIUS and Diameter authentication
The following figure shows a typical AAA server group configuration that includes three AAA servers (RADIUS and
Diameter).
Diameter).