Cisco Cisco IOS Software Release 12.2(27)SBC
RADIUS-Based Lawful Intercept
aaa server radius dynamic-author
13
Cisco IOS Security Configuration Guide
aaa server radius dynamic-author
To configure a device as an authentication, authorization, and accounting (AAA) server to facilitate
interaction with an external policy server, use the aaa server radius dynamic-author command in
global configuration mode. To remove this configuration, use the no form of this command.
interaction with an external policy server, use the aaa server radius dynamic-author command in
global configuration mode. To remove this configuration, use the no form of this command.
aaa server radius dynamic-author
no aaa server radius dynamic-author
Syntax Description
This command has no arguments or keywords.
Command Default
The device will not function as a server when interacting with external policy servers.
Command Modes
Global configuration
Command History
Usage Guidelines
Dynamic authorization allows an external policy server to dynamically send updates to a device.
Dynamic Authorization for the Intelligent Service Gateway (ISG)
ISG works with external devices, referred to as policy servers, that store per-subscriber and per-service
information. ISG supports two models of interaction between the ISG device and external policy servers:
initial authorization and dynamic authorization.
information. ISG supports two models of interaction between the ISG device and external policy servers:
initial authorization and dynamic authorization.
The dynamic authorization model allows an external policy server to dynamically send policies to the
Intelligent Service Gateway (ISG). These operations can be initiated in-band by subscribers (through
service selection) or through the actions of an administrator, or applications can change policies on the
basis of an algorithm (for example, change session quality of service (QoS) at a certain time of day).
This model is facilitated by the Change of Authorization (CoA) RADIUS extension. CoA introduced
peer-to-peer capability to RADIUS, enabling ISG and the external policy server each to act as a RADIUS
client and server.
Intelligent Service Gateway (ISG). These operations can be initiated in-band by subscribers (through
service selection) or through the actions of an administrator, or applications can change policies on the
basis of an algorithm (for example, change session quality of service (QoS) at a certain time of day).
This model is facilitated by the Change of Authorization (CoA) RADIUS extension. CoA introduced
peer-to-peer capability to RADIUS, enabling ISG and the external policy server each to act as a RADIUS
client and server.
Examples
The following example configures the ISG to act as a AAA server when interacting with the client at IP
address 10.12.12.12:
address 10.12.12.12:
aaa server radius dynamic-author
client 10.12.12.12 key cisco
message-authenticator ignore
Release
Modification
12.2(28)SB
This command was introduced.