Cisco Cisco Packet Data Gateway (PDG)
• aaa-group name: Specifies the name of the aaa-group to be used for authentication as an alphanumeric
string of 1 through 63 characters.
Usage Guidelines
Two phase-authentication happens in IKEv2 setup for setting up the IPSec session. The first authentication
uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same
AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA
group, which could normally be used for the first authentication method.
uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same
AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA
group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI in the first
authentication is different from NAI in the second authentication each NAI can point to a different domain
profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the
other for RADIUS.
authentication is different from NAI in the second authentication each NAI can point to a different domain
profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the
other for RADIUS.
Examples
Use the following to configure first-phase authentication for an aaa group named aaa-10 in the PDIF context:
first-phase context-name pdif aaa-group aaa-10
first-phase context-name pdif aaa-group aaa-10
Command Line Interface Reference, Modes I - Q, StarOS Release 19
1491
PDIF Service Configuration Mode Commands
aaa authentication