Configuring Authentication, Authorization, and
Accounting Functions
This chapter provides information about configuring authentication, authorization, and accounting (AAA)
functions on the BNG router. BNG interacts with the RADIUS server to perform AAA functions. A group
of RADIUS servers form a server group that is assigned specific AAA tasks. A method list defined on a
server or server group lists methods by which authorization is performed. Some of the RADIUS features
include creating specific AAA attribute formats, load balancing of RADIUS servers, throttling of RADIUS
records, Change of Authorization (CoA), and Service Accounting for QoS. This chapter covers these topics:
•
•
•
•
•
•
•
•
•
•
•
AAA Overview
AAA acts as a framework for effective network management and security. It helps in managing network
resources, enforcing policies, auditing network usage, and providing bill-related information. BNG connects
to an external RADIUS server that provides the AAA functions.
The RADIUS server performs the three independent security functions (authentication, authorization, and
accounting) to secure networks against unauthorized access. The RADIUS server runs the Remote
Authentication Dial-In User Service (RADIUS) protocol. (For details about RADIUS protocol, refer to RFC
OL-28375-03
AAA Overview, page 25
Using RADIUS Server Group, page 27
Specifying Method List, page 29
Defining AAA Attributes, page 31
Making RADIUS Server Settings, page 43
Balancing Transaction Load on the RADIUS Server, page 50
Throttling of RADIUS Records, page 53
RADIUS Change of Authorization (CoA) Overview, page 56
Service Accounting, page 58
Understanding Per-VRF AAA Function, page 63
Additional References, page 64
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
3
C H A P T E R
4.3.x
25