Руководство По Обслуживанию для Cisco Cisco Tunnel Terminating Gateway (TTG)
AAA Interface Configuration
Configuring RADIUS AAA Functionality ▀
Cisco ASR 5000 Series AAA Interface Administration and Reference ▄
OL-23000-01
Notes:
Optional. If you want to support more than 320 server configurations system-wide, in the Global Configuration
Mode, use the following command:
must be the system context designated for AAA configuration.
For information on GGSN-specific additional configurations using RADIUS accounting see the Creating and
Configuring APNs section of the GGSN Administration Guide.
must be the name designated to identify the system in the Access Request message(s) it sends
to the RADIUS server.
Optional. Multiple RADIUS attribute dictionaries have been created for the system. Each dictionary consists of a
set of attributes that can be used in conjunction with the system. As a result, users could take advantage of all
of the supported attributes or only a subset. To specify the RADIUS attribute dictionary that you want to
implement, in the Context Configuration Mode, use the following command:
of the supported attributes or only a subset. To specify the RADIUS attribute dictionary that you want to
implement, in the Context Configuration Mode, use the following command:
Optional. Configure the system to support NAI-based authentication in the event that the system cannot
authenticate the subscriber using a supported authentication protocol. To enable NAI-construction, in the
Context Configuration Mode, use the following command:
Context Configuration Mode, use the following command:
Optional. If RADIUS is configured for GGSN service, the system can be configured to support NAI-based
authentication to use RADIUS shared secret as password. To enable, in the Context Configuration Mode, use
the following command:
the following command:
If authentication type is set to allow-noauth or msid-auth and aaa constructed-nai authentication use-shared-
secret-password is issued then the system will use RADIUS shared secret as password. In case the
authentication type is msid-auth it will always send RADIUS shared secret as password by default in
ACCESS-REQUEST.
secret-password is issued then the system will use RADIUS shared secret as password. In case the
authentication type is msid-auth it will always send RADIUS shared secret as password by default in
ACCESS-REQUEST.
Optional. To configure the system to allow a user session even when all authentication servers are unreachable,
in the Context Configuration Mode, use the following command. When enabled, the session is allowed without
authentication. However, the accounting information is still sent to the RADIUS accounting server, if it is
reachable.
authentication. However, the accounting information is still sent to the RADIUS accounting server, if it is
reachable.