Cisco Cisco Packet Data Interworking Function (PDIF) Manual De Mantenimiento
AAA Engineering Rules
▀ AAA Interface Rules
▄ Cisco ASR 5000 Series AAA Interface Administration and Reference
OL-23000-01
AAA Interface Rules
The following engineering rules apply to the AAA interface including RADIUS and Diameter:
AAA interfaces are specified by assigning the IP address of a logical interface within a specific context as the
RADIUS NAS IP Address (RFC-2865 and RFC-2866) within the same context. This is done using the
command in the context configuration mode.
AAA interfaces in support of data services can be configured within any context.
Typically it exists in the:
Ingress context for PDSN and ASNGW services
Egress context for GGSN services
Egress context for GGSN services
A AAA interface is selected in the following order:
NAI-based selection
Default AAA context
Last-resort AAA context
If all else fails defaults to the Ingress Context
Default AAA context
Last-resort AAA context
If all else fails defaults to the Ingress Context
AAA servers can be configured with ―primary‖ and ―backup‖ servers for any context.
Authentication and Accounting servers can be configured individually per context.
Multiple AAA contexts can be configured to support different accounting and authentication servers based on
Authentication and Accounting servers can be configured individually per context.
Multiple AAA contexts can be configured to support different accounting and authentication servers based on
the domain where that the subscriber belongs.
AAA server group provides AAA functionality to the each subscriber separately with in the same context.
AAA server group for AAA functionality can be configured with following limits:
AAA server group for AAA functionality can be configured with following limits:
A total of 800 AAA server groups (including ―default‖ server group) are available per context or
system.
A maximum number of authentication/accounting servers per AAA server group is 128.
A maximum of 1600 servers can be configured in a context or a system, regardless of the number of
A maximum of 1600 servers can be configured in a context or a system, regardless of the number of
server groups, with any combination for authentication and/or accounting.
A maximum of 800 NAS-IP addresses/NAS identifier (1 primary and 1 secondary per server group) can
be configured per context.