Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    AAA Profiles

    An authentication, authorization, and accounting (AAA) profile is a collection of authentication, accounting, and RADIUS attribute settings that can be applied to an access point name (APN). When mobile subscribers access the APN to which an AAA profile is applied, they receive authentication and accounting services as specified in the AAA profile.

    The following sections describe the settings that can be configured in an AAA profile.

    Authentication Options

    In the AAA profile, you specify a network element (load-balanced RADIUS server group) to be used for authenticating mobile subscribers.

    Accounting Options

    In an AAA profile, you can specify the following options for RADIUS accounting:

    • The name of the network element or network element group to use for RADIUS accounting.
    • Whether the broadband gateway sends an Accounting-On message when a services PIC is restarted.
    • How often the broadband gateway sends Interim-Update messages for accounting. The broadband gateway can send Interim-Update messages at specified intervals and when specific trigger events occur.

      By default, the broadband gateway sends Interim-Update messages for the following trigger events:

      • The IPv4 address update for the mobile subscriber is deferred.
      • The Mobile Station (MS) time zone changes.
      • The Public Land Mobile Network (PLMN) to which the mobile subscriber is attached changes.
      • The quality of service (QoS) profile applied by the broadband gateway for the Packet Data Protocol (PDP) context or Evolved Packet System (EPS) bearer changes.
      • The Radio Access Technology (RAT) serving the mobile subscriber changes.
      • The SGSN/S-GW serving the mobile subscriber changes.
      • The location information for the mobile subscriber changes.

      You can optionally disable sending of Interim Update messages for any of these trigger events.

    RADIUS Attributes to Ignore or Exclude

    The AAA profile can specify which RADIUS attributes the broadband gateway ignores in Access-Accept messages it receives, as well as which RADIUS attributes the broadband gateway excludes from specific types of RADIUS messages it generates.

    RADIUS Options

    In an AAA profile, you can set the following options for RADIUS attributes:

    • NAS-IP-Address (RADIUS attribute 4)

      This attribute specifies the IP address of the network access server (NAS) that is requesting authentication for the mobile subscriber. By default, this attribute contains the IP address configured for the RADIUS source-interface statement. When you specify a value for the nas-ip-address option in the AAA profile, the broadband gateway uses this IP address as the value for the NAS-IP-Address attribute in RADIUS requests.

    • Prefix for NAS-Identifier (RADIUS attribute 32)

      The NAS-Identifier attribute is a string that identifies the NAS that originated the Access-Request message for the AAA session. On the broadband gateway, the anchor Modular Port Concentrator (MPC) selects a services PIC to handle AAA operations for the duration of the session. The services PIC functions as the NAS for the AAA session.

      Specifying a value for the nas-identifier-prefix option in the AAA profile configures the broadband gateway to include the NAS-Identifier attribute in RADIUS requests. In this case, the broadband gateway appends the ID of the services PIC to the value specified for the nas-identifier-prefix option, and uses the combined prefix and services PIC ID as the value for the NAS-Identifier attribute. If the services PICs are part of a redundancy group, the broadband gateway appends the aggregated multiservices interface (ams) ID to the prefix instead of the services PIC ID.

    • NAS-Port-Type (RADIUS Attribute 61)

      This attribute indicates the type of port used for authenticating the mobile subscriber. In an AAA profile, you can specify a port type of virtual or wireless for the nas-port-type option. If you specify a value for the nas-port-type option, the broadband gateway uses this as the value for the NAS-Port-Type attribute in RADIUS requests.

    Published: 2011-11-23