Cisco Cisco ASR 5500 Administrator's Guide
AAA Interface Configuration
Configuring RADIUS AAA Functionality ▀
Cisco ASR 5x00 AAA Interface Administration and Reference ▄
23
] [ max <msgs> ] [ oldports ] [ port <port_number> ] [ priority <priority> ] [
type standard ]
type standard ]
radius attribute nas-identifier <identifier>
radius attribute nas-ip-address address <primary_ipv4/ipv6_address> [
backup <secondary_ipv4/ipv6_address> ]
backup <secondary_ipv4/ipv6_address> ]
radius strip-domain [ authentication-only | accounting-only ]
end
Notes:
Optional. If you want to support more than 320 server configurations system-wide, in the Global Configuration
Mode, use the following command:
aaa large-configuration
<context_name>
must be the system context designated for AAA configuration.
For information on GGSN-specific additional configurations using RADIUS accounting see the Creating and
Configuring APNs section of the GGSN Administration Guide.
In this release, the configuration of NAS IP address with IPv6 prefix is currently not supported.
<identifier>
must be the name designated to identify the system in the Access Request message(s) it sends to
the RADIUS server.
Optional. Multiple RADIUS attribute dictionaries have been created for the system. Each dictionary consists of a
set of attributes that can be used in conjunction with the system. As a result, users could take advantage of all
of the supported attributes or only a subset. To specify the RADIUS attribute dictionary that you want to
implement, in the Context Configuration Mode, use the following command:
of the supported attributes or only a subset. To specify the RADIUS attribute dictionary that you want to
implement, in the Context Configuration Mode, use the following command:
radius dictionary { 3gpp | 3gpp2 | 3gpp2-835 | customXX
| standard | starent |
starent-835 | starent-vsa1 | starent-vsa1-835 }
Optional. Configure the system to support NAI-based authentication in the event that the system cannot
authenticate the subscriber using a supported authentication protocol. To enable NAI-construction, in the
Context Configuration Mode, use the following command:
Context Configuration Mode, use the following command:
aaa constructed-nai authentication [ encrypted ] password <password>
Optional. If RADIUS is configured for GGSN service, the system can be configured to support NAI-based
authentication to use RADIUS shared secret as password. To enable, in the Context Configuration Mode, use
the following command:
the following command:
aaa constructed-nai authentication use-shared-secret-password
If authentication type is set to allow-noauth or msid-auth and aaa constructed-nai authentication use-shared-
secret-password is issued then the system will use RADIUS shared secret as password. In case the
authentication type is msid-auth it will always send RADIUS shared secret as password by default in
ACCESS-REQUEST.
secret-password is issued then the system will use RADIUS shared secret as password. In case the
authentication type is msid-auth it will always send RADIUS shared secret as password by default in
ACCESS-REQUEST.
Optional. To configure the system to allow a user session even when all authentication servers are unreachable,
in the Context Configuration Mode, use the following command. When enabled, the session is allowed without
authentication. However, the accounting information is still sent to the RADIUS accounting server, if it is
reachable.
authentication. However, the accounting information is still sent to the RADIUS accounting server, if it is
reachable.
radius allow authentication-down