Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
CDMA2000 Wireless Data Services
Features and Functionality—Base Software ▀
Cisco ASR 5000 Series Product Overview ▄
OL-22938-01
Benefits
Provides a mechanism for performing authorization, authentication, and accounting (AAA) for subscriber PDP contexts
based on the following standards:
based on the following standards:
RFC-2618, RADIUS Authentication Client MIB, June 1999
RFC-2620, RADIUS Accounting Client MIB, June 1999
RFC-2865, Remote Authentication Dial In User Service (RADIUS), June 2000
RFC-2866, RADIUS Accounting, June 2000
RFC-2867, RADIUS Accounting Modifications for Tunnel Protocol Support, June 2000
RFC-2868, RADIUS Attributes for Tunnel Protocol Support, June 2000
RFC-2869, RADIUS Extensions, June 2000
Description
The Remote Authentication Dial-In User Service (RADIUS) protocol is used to provide AAA functionality for
subscriber PDP contexts.
subscriber PDP contexts.
Within context contexts configured on the system, there are AAA and RADIUS protocol-specific parameters that can be
configured. The RADIUS protocol-specific parameters are further differentiated between RADIUS Authentication
server RADIUS Accounting server interaction.
configured. The RADIUS protocol-specific parameters are further differentiated between RADIUS Authentication
server RADIUS Accounting server interaction.
Among the RADIUS parameters that can be configured are:
Priority: Dictates the order in which the servers are used allowing for multiple servers to be configured in a
single context.
Routing Algorithm: Dictate the method for selecting among configured servers. The specified algorithm
dictates how the system distributes AAA messages across the configured AAA servers for new sessions. Once
a session is established and an AAA server has been selected, all subsequent AAA messages for the session
will be delivered to the same server.
a session is established and an AAA server has been selected, all subsequent AAA messages for the session
will be delivered to the same server.
In the event that a single server becomes unreachable, the system attempts to communicate with the other servers that
are configured. The system also provides configurable parameters that specify how it should behave should all of the
RADIUS AAA servers become unreachable.
are configured. The system also provides configurable parameters that specify how it should behave should all of the
RADIUS AAA servers become unreachable.
The system provides an additional level of flexibility by supporting the configuration RADIUS server groups. This
functionality allows operators to differentiate AAA services based on the subscriber template used to facilitate their
PDP context.
functionality allows operators to differentiate AAA services based on the subscriber template used to facilitate their
PDP context.
In general, 128 AAA Server IP address/port per context can be configured on the system and it selects servers from this
list depending on the server selection algorithm (round robin, first server). Instead of having a single list of servers per
context, this feature provides the ability to configure multiple server groups. Each server group, in turn, consists of a list
of servers.
list depending on the server selection algorithm (round robin, first server). Instead of having a single list of servers per
context, this feature provides the ability to configure multiple server groups. Each server group, in turn, consists of a list
of servers.
This feature works in following way: