Cisco Cisco Packet Data Gateway (PDG)
System Operation and Configuration
▀ Terminology
▄ ASR 5000 System Administration Guide, StarOS Release 16
22
AAA Servers
Authentication, Authorization and Accounting (AAA) servers store profiles, perform authentication, and maintain
accounting records for each mobile data subscriber. The AAA servers communicate with the system over an AAA
interface. The system supports the configuration of up to 128 interfaces to AAA servers.
accounting records for each mobile data subscriber. The AAA servers communicate with the system over an AAA
interface. The system supports the configuration of up to 128 interfaces to AAA servers.
It is important to note that for Mobile IP, there can be Foreign AAA (FAAA) and Home AAA (HAAA) servers. FAAA
servers typically reside in the carrier’s network. HAAA servers could be owned and controlled by either the carrier or
the home network. If the HAAA server is owned and controlled by the home network, accounting data is transferred to
the carrier via an AAA proxy server.
servers typically reside in the carrier’s network. HAAA servers could be owned and controlled by either the carrier or
the home network. If the HAAA server is owned and controlled by the home network, accounting data is transferred to
the carrier via an AAA proxy server.
Important:
Mobile IP support depends on the availability and purchase of a standalone license or a license
bundle that includes Home Agent (HA).
Subscribers
Subscribers are the end-users of the service; they gain access to the Internet, their home network, or a public network
through the system.
through the system.
There are three primary types of subscribers:
RADIUS-based Subscribers: The most common type of subscriber, these users are identified by their
International Mobile Subscriber Identity (IMSI) number, an Electronic Serial Number (ESN), or by their
domain name or user name. They are configured on and authenticated by a RADIUS AAA server.
domain name or user name. They are configured on and authenticated by a RADIUS AAA server.
Upon successful authentication, various attributes that are contained in the subscriber profile are returned. The
attributes dictate such things as session parameter settings (for example, protocol settings and IP address
assignment method), and what privileges the subscriber has.
attributes dictate such things as session parameter settings (for example, protocol settings and IP address
assignment method), and what privileges the subscriber has.
Important:
Attribute settings received by the system from a RADIUS AAA server take precedence over
local-subscriber attributes and parameters configured on the system.
Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and
authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber’s user profile
(containing attributes like those used by RADIUS-based subscribers) is configured within the context where
they are created.
(containing attributes like those used by RADIUS-based subscribers) is configured within the context where
they are created.
When local subscriber profiles are first created, attributes for that subscriber are set to the system’s default
settings. The same default settings are applied to all subscriber profiles, including the subscriber named default
which is created automatically by the system for each system context. When configuring local profile
attributes, the changes are made on a subscriber-by-subscriber basis.
settings. The same default settings are applied to all subscriber profiles, including the subscriber named default
which is created automatically by the system for each system context. When configuring local profile
attributes, the changes are made on a subscriber-by-subscriber basis.
Important:
Attributes configured for local subscribers take precedence over context-level parameters.
However, they could be over-ridden by attributes returned from a RADIUS AAA server.
Management Subscribers: A management user is an authorized user who can monitor, control, and configure
the system through the CLI or Web Element Manager application. Management is performed either locally,
through the system Console port, or remotely through the use of the Telnet or secure shell (SSH) protocols.
Management users are typically configured as a local subscriber within the Local context, which is used
exclusively for system management and administration. As with a local subscriber, a management subscriber’s
through the system Console port, or remotely through the use of the Telnet or secure shell (SSH) protocols.
Management users are typically configured as a local subscriber within the Local context, which is used
exclusively for system management and administration. As with a local subscriber, a management subscriber’s