Cisco Cisco Packet Data Gateway (PDG)
PDIF Service Configuration Mode Commands
aaa authentication ▀
Command Line Interface Reference, StarOS Release 17 ▄
7809
Usage
Two phase-authentication happens in IKEv2 setup for setting up the IPSec session. The first authentication
uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same
AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA
group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI in the first
authentication is different from NAI in the second authentication each NAI can point to a different domain
profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the
other for RADIUS.
uses Diameter AAA EAP method and second authentication uses RADIUS AAA authentication. The same
AAA context may be used for both authentications. PDIF service allows you to specify only a single AAA
group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI in the first
authentication is different from NAI in the second authentication each NAI can point to a different domain
profile in the PDIF. Each domain profile may be configured with each AAA group, one for Diameter and the
other for RADIUS.
Example
Use the following to configure first-phase authentication for an aaa group named
aaa-10
in the PDIF
context:
first-phase context-name pdif aaa-group aaa-10