Configuring Authentication, Authorization, and Accounting Functions
Restrictions
• On BNG, local authentication and local authorization are not supported. It must be done by the RADIUS
• On session disconnect, transmission of the Accounting-Stop request to RADIUS may be delayed for a
Using RADIUS Server Group
A RADIUS server group is a named group of one or more RADIUS servers. Each server group is used for a
particular service. For example, in an AAA network configuration having two RADIUS server groups, the
first server group can be assigned the authentication and authorization task, while the second group can be
assigned the accounting task.
Server groups can include multiple host entries for the same server. Each entry, however, must have a unique
identifier. This unique identifier is created by combining an IP address and a UDP port number. Different
ports of the server, therefore, can be separately defined as individual RADIUS hosts providing a specific AAA
service. In other words, this unique identifier enables RADIUS requests to be sent to different UDP ports on
the same server. Further, if two different host entries on the same RADIUS server are configured for the same
service (like the authentication process), then the second host entry acts as a fail-over backup for the first one.
That is, if the first host entry fails to provide authentication services, BNG tries with the second host entry.
(The RADIUS host entries are tried in the order in which they are created.)
For assigning specific actions to the server group, see
Configuring RADIUS Server Group
Perform this task to define a named server group as the server host.
SUMMARY STEPS
1. configure
2. aaa group server radius name
3. accounting accept radius_attribute_list_name
4. authorization reply accept radius_attribute_list_name
5. deadtime limit
6. load-balance method least-outstanding batch-size size ignore-preferred-server
7. server host_name acct-port accounting_port_number auth-port authentication_port_number
8. source-interface name value
9. vrf name
10. Use the commit or end command.
OL-28375-03
server.
few seconds while the system waits for the "final" session statistics to be collected from the hardware.
The Event-Timestamp attribute in that Accounting-Stop request should, however, reflect the time the
client disconnects, and not the transmission time.
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
Using RADIUS Server Group
Configuring RADIUS Server Group, on page
27.
4.3.x
27