Cisco Cisco Tunnel Terminating Gateway (TTG)
System Operation and Configuration
How the System Selects Contexts ▀
ASR 5500 System Administration Guide, StarOS Release 16 ▄
23
Table 1. Context-level Administrative User AAA Context Selection
Item
Description
1
During authentication, the system determines whether local authentication is enabled in the local context.
If it is, the system attempts to authenticate the administrative user in the local context. If it is not, proceed to item 2 in
this table.
If the administrative user’s username is configured, authentication is performed by using the AAA configuration within
the local context. If not, proceed to item 2 in this table.
If it is, the system attempts to authenticate the administrative user in the local context. If it is not, proceed to item 2 in
this table.
If the administrative user’s username is configured, authentication is performed by using the AAA configuration within
the local context. If not, proceed to item 2 in this table.
2
If local authentication is disabled on the system or if the administrative user’s username is not configured in the local
context, the system determines if a domain was received as part of the username.
If there is a domain and it matches the name of a configured context or domain, the systems uses the AAA configuration
within that context.
If there is a domain and it does not match the name of a configured context or domain, Go to item 4 in this table.
If there is no domain as part of the username, go to item 3 in this table.
context, the system determines if a domain was received as part of the username.
If there is a domain and it matches the name of a configured context or domain, the systems uses the AAA configuration
within that context.
If there is a domain and it does not match the name of a configured context or domain, Go to item 4 in this table.
If there is no domain as part of the username, go to item 3 in this table.
3
If there was no domain specified in the username or the domain is not recognized, the system determines whether an
AAA Administrator Default Domain is configured.
If the default domain is configured and it matches a configured context, the AAA configuration within the AAA
Administrator Default Domain context is used.
If the default domain is not configured or does not match a configured context or domain, go to item 4 item below.
AAA Administrator Default Domain is configured.
If the default domain is configured and it matches a configured context, the AAA configuration within the AAA
Administrator Default Domain context is used.
If the default domain is not configured or does not match a configured context or domain, go to item 4 item below.
4
If a domain was specified as part of the username but it did not match a configured context, or if a domain was not
specified as part of the username, the system determines if the AAA Administrator Last Resort context parameter is
configured.
If a last resort, context is configured and it matches a configured context, the AAA configuration within that context is
used.
If a last resort context is not configured or does not match a configured context or domain, the AAA configuration
within the local context is used.
specified as part of the username, the system determines if the AAA Administrator Last Resort context parameter is
configured.
If a last resort, context is configured and it matches a configured context, the AAA configuration within that context is
used.
If a last resort context is not configured or does not match a configured context or domain, the AAA configuration
within the local context is used.
Context Selection for Subscriber Sessions
The context selection process for a subscriber session is more involved than that for the administrative users. Subscriber
session context selection information for specific products is located in the Administration Guide for the individual
product.
session context selection information for specific products is located in the Administration Guide for the individual
product.