Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
Understanding System Operation and Configuration
▀ How the System Selects Contexts
▄ Cisco ASR 5000 Series System Administration Guide
OL-22970-01
How the System Selects Contexts
The previous section of this chapter defined what a context is and how it is used within the system. This section
provides details about the process that determines which context to use for context-level administrative user or
subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many
contexts and interfaces you need configure.
provides details about the process that determines which context to use for context-level administrative user or
subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how many
contexts and interfaces you need configure.
Context Selection for Context-level Administrative User Sessions
The system comes configured with a context called local that you use specifically for management purposes. The
context selection process for context-level administrative users (those configured within a context) is simplified because
the management port(s) on the SPIO are associated only with the Local context. Therefore, the source and destination
contexts for a context-level administrative user responsible for managing the entire system should always be the local
context.
context selection process for context-level administrative users (those configured within a context) is simplified because
the management port(s) on the SPIO are associated only with the Local context. Therefore, the source and destination
contexts for a context-level administrative user responsible for managing the entire system should always be the local
context.
Although this is not commonly done, a context-level administrative user can also connect through other interfaces on
the system and still have full system management privileges.
the system and still have full system management privileges.
A context-level administrative user can be created in a non-local context. These management accounts have privileges
only in the context in which they are created. This type of management account can connect directly to a port in the
context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
only in the context in which they are created. This type of management account can connect directly to a port in the
context in which they belong, if local connectivity is enabled (SSHD, for example) in that context.
For all FTP or SFTP connections, you must connect through a SPIO interface. If you SFTP or FTP as a non-local
context account, you must use the username syntax of username@contextname.
context account, you must use the username syntax of username@contextname.
The context selection process becomes more involved if you are configuring the system to provide local authentication
or work with a AAA server to authenticate the context-level administrative user.
or work with a AAA server to authenticate the context-level administrative user.
The system gives you the flexibility to configure context-level administrative users locally (meaning that their profile
will be configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts
to log onto the system, the system performs the authentication. If you have configured the user profile on an AAA
server, the system must determine how to contact the AAA server to perform authentication. It does this by determining
the AAA context for the session.
will be configured and stored in its own memory), or remotely on an AAA server. If a locally-configured user attempts
to log onto the system, the system performs the authentication. If you have configured the user profile on an AAA
server, the system must determine how to contact the AAA server to perform authentication. It does this by determining
the AAA context for the session.
The following table and figure describe the process that the system uses to select an AAA context for a context-level
administrative user.
administrative user.
Table 6. Context-level Administrative User AAA Context Selection
Item
Description
1
During authentication, the system determines whether local authentication is enabled in the local context.
If it is, the system attempts to authenticate the administrative user in the local context. If it is not, proceed to item 2 in this
table.
If the administrative user‘s username is configured, authentication is performed by using the AAA configuration within the
local context. If not, proceed to item 2 in this table.
If it is, the system attempts to authenticate the administrative user in the local context. If it is not, proceed to item 2 in this
table.
If the administrative user‘s username is configured, authentication is performed by using the AAA configuration within the
local context. If not, proceed to item 2 in this table.