Cisco Cisco Packet Data Gateway (PDG)
AAA Introduction and Overview
Supported Features ▀
AAA Interface Administration and Reference, StarOS Release 18 ▄
21
To use the template, Diameter applications must be associated with the template. For example, using
associate
failure-handling-template
command in Credit Control Configuration Mode will bind the Diameter Credit
Control Application (DCCA) service to the configured failure handling template. When an association is made to the
template, in the event of a failure, the system takes the action as defined in the failure handling template. Both IMS
Authorization (Gx) and DCCA (Gy) services can be currently associated with the template.
template, in the event of a failure, the system takes the action as defined in the failure handling template. Both IMS
Authorization (Gx) and DCCA (Gy) services can be currently associated with the template.
If the association is not made to the template then failure handling behavior configured in the application with the
failure-handling
command will take effect.
For information on the command used for configuring this feature, refer to the Command Line Interface Reference.
Fire-and-Forget Feature
The current release supports configuring secondary AAA accounting group for the APN. This supports the RADIUS
Fire-and-Forget feature in conjunction with GGSN and P-GW for secondary accounting (with different RADIUS
accounting group configuration) to the RADIUS servers without expecting acknowledgement from the server, in
addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS
accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
Fire-and-Forget feature in conjunction with GGSN and P-GW for secondary accounting (with different RADIUS
accounting group configuration) to the RADIUS servers without expecting acknowledgement from the server, in
addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard RADIUS
accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
This feature also supports configuring secondary AAA accounting group for the subscriber template. This supports the
No-ACK RADIUS Targets feature in conjunction with PDSN and HA for secondary accounting (with different
RADIUS accounting group configuration) to the RADIUS servers without expecting the acknowledgement from the
server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard
RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
No-ACK RADIUS Targets feature in conjunction with PDSN and HA for secondary accounting (with different
RADIUS accounting group configuration) to the RADIUS servers without expecting the acknowledgement from the
server, in addition to standard RADIUS accounting. This secondary accounting will be an exact copy of all the standard
RADIUS accounting message (RADIUS Start / Interim / Stop) sent to the standard AAA RADIUS server.
Typically, the request sent to the Radius Accounting Server configured under the AAA group with the CLI
radius
accounting fire-and-forget
configured will not expect a response from the server. If there is a need to send the
request to multiple servers, the accounting algorithm first-n will be used in the AAA group.
If the server is down, the request is sent to the next server in the group. If all the servers in the group are down, then the
request is deleted.
request is deleted.
Important:
Please note that on-the-fly change in the configuration is not permitted. Any change in the
configuration will have effect only for the new calls.
For information on the commands used for configuring this feature, refer to the Command Line Interface Reference.
Realm-based Routing
In StarOS 12.0 and later releases, the Diameter routing logic has been modified to enable routing to destination hosts
that are not directly connected to the Diameter clients like GGSN, MME, PGW, and that does not have a route entry
configured. Message routing to the host is based on the realm of the host.
that are not directly connected to the Diameter clients like GGSN, MME, PGW, and that does not have a route entry
configured. Message routing to the host is based on the realm of the host.
For a given session towards a Destination Host, all the messages belonging to the session will be routed through the
same peer until the peer is down. If the peer goes down, for the subsequent messages failure handling mechanism will
be triggered and the message will be sent using other available peers connected to the destination host.
same peer until the peer is down. If the peer goes down, for the subsequent messages failure handling mechanism will
be triggered and the message will be sent using other available peers connected to the destination host.
Dynamic Route Addition
Dynamic routes are added when a response to a Diameter request message arrives with Origin-Host AVP. If there is no
route entry corresponding to the Origin-Host, realm and peer, a new dynamic route entry is created and added to the
route entry corresponding to the Origin-Host, realm and peer, a new dynamic route entry is created and added to the