Defining Aaa Attributes; Cisco Asr 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide - Cisco ASR 9000 Series Configuration Manual

Configuring Authentication, Authorization, and Accounting Functions
Command or Action
Configuring Method-list for AAA: An example
configure
aaa authentication subscriber default group radius group rad2 group rad3..
aaa authorization subscriber default group radius group rad1 group rad2 group rad3..
aaa accounting subscriber default group radius group rad1 group rad2 group rad3..
!
!
end

Defining AAA Attributes

The AAA attribute is an element of RADIUS packet. A RADIUS packet transfers data between a RADIUS
server and a RADIUS client. The AAA attribute parameter, and its value - form a Attribute Value Pair (AVP).
The AVP carries data for both requests and responses for the AAA transaction.
The AAA attributes either can be predefined as in Internet Engineering Task Force (IETF) attributes or vendor
defined as in vendor-specific attributes (VSAs). For more information about the list of BNG supported
attributes, see
The RADIUS server provides configuration updates to BNG in the form of attributes in RADIUS messages.
The configuration updates can be applied on a subscriber during session setup through two typical methods—
per-user attributes, which applies configuration on a subscriber as part of the subscriber's authentication Access
Accept, or through explicit domain, port, or service authorization Access Accepts. This is all controlled by
the Policy Rule Engine's configuration on the subscriber.
When BNG sends an authentication or an authorization request to an external RADIUS server as an Access
Request, the server sends back configuration updates to BNG as part of the Access Accept. In addition to
RADIUS configuring a subscriber during setup, the server can send a change of authorization (CoA) message
autonomously to the BNG during the subscriber's active session life cycle, even when the BNG did not send
a request. These RADIUS CoA updates act as dynamic updates, referencing configured elements in the BNG
and instructing the BNG to update a particular control policy or service policy.
BNG supports the concept of a "service", which is a group of configured features acting together to represent
that service. Services can be represented as either features configured on dynamic-templates through CLI, or
as features configured as RADIUS attributes inside Radius Servers. Services are activated either directly from
CLI or RADIUS through configured "activate" actions on the Policy Rule Engine, or through CoA
"activate-service" requests. Services can also be deactivated directly (removing all the involved features within
OL-28375-03
RADIUS Attributes, on page
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
Purpose
end—Prompts user to take one of these actions:
• Yes— Saves configuration changes and exits the configuration
session.
• No—Exits the configuration session without committing the
configuration changes.
• Cancel—Remains in the configuration mode, without
committing the configuration changes.
293.
Defining AAA Attributes
4.3.x
31