Руководство По Устранению Ошибки для Cisco Cisco Packet Data Gateway (PDG)
Understanding the Service Operation and Configuration
▀ How the System Selects Contexts
▄ Cisco ASR 5000 Series Packet Data Serving Node Administration Guide
OL-22939-01
How the System Selects Contexts
The previous section of this chapter defined what a context is and how it is used within the system. This section
provides details about the process that is used to determine which context to use for context-level administrative user
and/or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how
many contexts and interfaces need to be configured.
provides details about the process that is used to determine which context to use for context-level administrative user
and/or subscriber sessions. Understanding this process allows you to better plan your configuration in terms of how
many contexts and interfaces need to be configured.
Context Selection for Context-level Administrative User Sessions
The system comes configured with a context called local management context that should be used specifically for
management purposes. The context selection process for context-level administrative users (those configured within a
context) is simplified because the management interface(s) on the SPIO are only associated with the localout-of-band
management context. Therefore, the source and destination contexts for a context-level administrative user responsible
for managing the entire system should always be the local management context.
management purposes. The context selection process for context-level administrative users (those configured within a
context) is simplified because the management interface(s) on the SPIO are only associated with the localout-of-band
management context. Therefore, the source and destination contexts for a context-level administrative user responsible
for managing the entire system should always be the local management context.
Although this is not commonly done, a context-level administrative user can also connect through other interfaces on
the system and still have full system management privileges.A context-level administrative user can be created in a non-
local management context. These management accounts only have privileges in the context where they are created. This
type of management account can connect directly to a port in the context in which they belong, if local connectivity is
enabled (SSHD for example) in that context.For all FTP or SFTP connections, you must connect through a SPIO
interface. If you SFTP or FTP as a non-local management context account you must use the username syntax of
username@contextname.
the system and still have full system management privileges.A context-level administrative user can be created in a non-
local management context. These management accounts only have privileges in the context where they are created. This
type of management account can connect directly to a port in the context in which they belong, if local connectivity is
enabled (SSHD for example) in that context.For all FTP or SFTP connections, you must connect through a SPIO
interface. If you SFTP or FTP as a non-local management context account you must use the username syntax of
username@contextname.
The context selection process becomes more involved depending on whether or not you will be configuring the system
to provide local authentication or work with a AAA server to authenticate the context-level administrative user.
to provide local authentication or work with a AAA server to authenticate the context-level administrative user.
The system provides the flexibility to configure context-level administrative users locally (meaning that their profile
will be configured and stored in its own memory) or remotely on an AAA server. If the user is configured locally, when
he/she attempts to log onto the system, the system performs the authentication. If the user profile is configured on a
AAA server, the system must determine how to contact the AAA server in order to perform authentication. It does this
by determining the AAA context for the session.
will be configured and stored in its own memory) or remotely on an AAA server. If the user is configured locally, when
he/she attempts to log onto the system, the system performs the authentication. If the user profile is configured on a
AAA server, the system must determine how to contact the AAA server in order to perform authentication. It does this
by determining the AAA context for the session.
The following table and figure describe the process that the system uses to select an AAA context for a context-level
administrative user.
administrative user.
Table 5. Context-level Administrative User AAA Context Selection
Item
Description
1
During authentication, the system determines if local authentication is enabled in the local management context.
If it is, the system attempts to authenticate the administrative user in the localout-of-band management context. If it is not,
proceed to item 2 in this table.
If the administrative user‘s username is configured, authentication is performed using the AAA configuration within the
local management context. If not, proceed to item 2 in this table.
If it is, the system attempts to authenticate the administrative user in the localout-of-band management context. If it is not,
proceed to item 2 in this table.
If the administrative user‘s username is configured, authentication is performed using the AAA configuration within the
local management context. If not, proceed to item 2 in this table.