AAA Service Framework Overview

The AAA Service Framework provides a single point of contact for all the authentication, authorization, accounting, and address assignment services that the router supports for network access. The framework supports authentication and authorization through external servers, such as RADIUS, and the Local Authentication Server component of the framework. The framework also supports accounting through external servers, and address assignment through a combination of local address assignment pools and RADIUS.

When interacting with external back-end RADIUS servers, the AAA Service Framework supports standard RADIUS attributes and Juniper Networks vendor specific attributes (VSAs). The AAA Service Framework also includes an integrated RADIUS client that is compatible with RADIUS servers that conform to RFC-2865, RFC-2866, and RFC-3576, and which can initiate requests.

You create the following types of configurations to manage subscriber access.

• Authentication—Authentication parameters defined in the access profile determine the authentication component of the AAA processing. For example, subscribers can be authenticated using a remote authentication service such as RADIUS. You can also use the Local Authentication Server component of the AAA framework, which authenticates subscribers based on preconfigured credentials.
• Accounting— Accounting parameters in the access profile specify the accounting part of the AAA processing. For example, the parameters determine how the router collects and uses subscriber statistics.
• Address assignment—The AAA Service Framework assigns addresses to subscribers based on the configuration of local address assignment pools. For example, the AAA framework collaborates with RADIUS servers to assign addresses from the specified pools. See Configuring Address-Assignment Pools.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.