Cisco Cisco IOS Software Release 12.2(27)SBC

To configure a device as an authentication, authorization, and accounting (AAA) server to facilitate 
interaction with an external policy server, use the aaa server radius dynamic-author command in 
global configuration mode. To remove this configuration, use the no form of this command.

aaa server radius dynamic-author 

This command has no arguments or keywords.

The device will not function as a server when interacting with external policy servers.

Global configuration

Dynamic authorization allows an external policy server to dynamically send updates to a device.

ISG works with external devices, referred to as policy servers, that store per-subscriber and per-service 
information. ISG supports two models of interaction between the ISG device and external policy servers: 
initial authorization and dynamic authorization.

The dynamic authorization model allows an external policy server to dynamically send policies to the 
Intelligent Service Gateway (ISG). These operations can be initiated in-band by subscribers (through 
service selection) or through the actions of an administrator, or applications can change policies on the 
basis of an algorithm (for example, change session quality of service (QoS) at a certain time of day). 
This model is facilitated by the Change of Authorization (CoA) RADIUS extension. CoA introduced 
peer-to-peer capability to RADIUS, enabling ISG and the external policy server each to act as a RADIUS 
client and server.

The following example configures the ISG to act as a AAA server when interacting with the client at IP 
address 10.12.12.12:

aaa server radius dynamic-author

 client 10.12.12.12 key cisco

message-authenticator ignore

12.2(28)SB

This command was introduced.