Authentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T
AAA Broadcast Accounting-Mandatory Response Support
Downloads: This chapterpdf (PDF - 1.26MB) The complete bookPDF (PDF - 4.52MB) | The complete bookePub (ePub - 826.0KB) | Feedback

AAA Broadcast Accounting-Mandatory Response Support

AAA Broadcast Accounting-Mandatory Response Support

The AAA Broadcast Accounting--Mandatory Response Support feature provides a mechanism to support broadcast accounting under each server group through a Gateway GPRS Support Node (GGSN), which acts as a gateway between a General Packet Radio Service (GPRS) wireless data network and other networks such as the Internet or private networks.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for AAA Broadcast Accounting-Mandatory Response Support

See the Cisco GGSN Release 8.0 Configuration Guide for more information on preparing for the GGSN configuration.

Restrictions for AAA Broadcast Accounting-Mandatory Response Support

Accounting information can be sent simultaneously to a maximum of ten AAA servers.

Information About AAA Broadcast Accounting-Mandatory Response Support

The AAA Broadcast Accounting--Mandatory Response Support feature allows up to 10 server groups (methods) to be configured in a method list. The following sections describe the types of AAA accounting used to support GGSN:

AAA Broadcast Accounting

AAA broadcast accounting allows accounting information to be sent to multiple authentication, authorization, and accounting (AAA) servers at the same time; that is, accounting information can be broadcast to one or more AAA servers simultaneously. This functionality allows service providers to send accounting information to their own private AAA servers and to the AAA servers of their end customers. It also provides redundant billing information for voice applications.

Broadcasting is allowed among groups of servers, which can be either RADIUS or TACACS+, and each server group can define its backup servers for failover independently of other groups. Failover is a process that may occur when more than one server has been defined within a server group. Failover refers to the process by which information is sent to the first server in a server group; if the first server is unavailable, the information is sent to the next server in the server group. This process continues until the information is successfully sent to one of the servers within the server group or until the list of available servers within the server group is exhausted.

Simultaneous Broadcast and Wait Accounting

With Cisco GGSN Release 8.0 and later releases, broadcast and wait accounting can be configured to work together. The wait accounting feature is configured at the Access Point Name (APN) level, while broadcast accounting is specified at the AAA method level.

Broadcast accounting sends start, stop, and interim accounting records to all the server groups that are configured in a method list. Within a server group, the accounting records are sent to the first active server. If the active server cannot be reached, the accounting records are sent to the next server within a group.

Additionally, one or more server groups within a method list can be configured as “mandatory,” meaning that a server from that server group has to respond to the Accounting Start message. The APN-level wait accounting ensures that an accounting response has been received from all mandatory server groups before the packet data protocol (PDP) context is established.

The advantages of broadcast and wait accounting together include:

  • Accounting records are sent to multiple servers, and once the entry is made, the user can start using different services.
  • Records are sent to multiple AAA servers for redundancy purposes.
  • A PDP context is established only when a valid Accounting Start record has been received by all essential servers, avoiding information loss.
  • Broadcast records can be sent to as many as ten server groups within a method list.

When configuring broadcast and wait accounting together, note the following:

  • Under the method list configuration, the mandatory keyword is available only if broadcast accounting is configured.
  • If wait accounting is not required, broadcast accounting to all server groups is available without any mandatory groups defined.
  • If you do not specify any mandatory server groups when configuring broadcast accounting, wait accounting will function as it does in Cisco GGSN Release 7.0 and earlier releases.
  • Wait accounting does not apply to PPP PDP contexts.
  • A PDP is successfully created only when a Accounting response is received from all the mandatory servers.
  • The periodic timer starts when an Accounting Response (PDP creation) is received.

Note


More than one server group can be defined as a mandatory server group in a method list.


How AAA Broadcast Accounting is Supported for GGSN

Configuring Broadcast and Wait Accounting on the GGSN

The tasks in this section describe how to configure broadcast and wait accounting on the GGSN.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    aaa new-model

    4.    aaa accounting network {method-list-name | default}

    5.    action-type {start-stop | stop-only| none}

    6.    broadcast

    7.    group server-group [mandatory]

    8.    exit

    9.    gprs access-point-list list-name

    10.    access-point access-point-index

    11.    aaa-group accounting method-list name

    12.    gtp-response-message wait-accounting


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter the password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 aaa new-model


    Example:
    Router# aaa new-model
     

    Enables new access control commands and functions (disables the old commands).

     
    Step 4 aaa accounting network {method-list-name | default}


    Example:
    Router(config)# aaa accounting network net1
     

    Enables authentication, authorization, and accounting (AAA) accounting of requested services for billing or security purposes when you use RADIUS and enters accounting method list mode.

    • The method-list-name argument is the named accounting list, which has a maximum of 31 characters. Any characters longer than the maximum are rejected.
    • The default keywork specifies the default accounting list.
     
    Step 5 action-type {start-stop | stop-only| none}


    Example:
    Router(cfg-acct-mlist)#action-type start-stop
     

    Performs a type of action on accounting records. Possible values are:

    • start-stop --Sends a “start” accounting notice at the beginning of a process and a “stop” accounting notice at the end of a process.
    • stop-only --Sends a “stop” accounting notice at the end of the requested user process.
    • none --Disables accounting services on this line or interface.
     
    Step 6 broadcast


    Example:
    Router(cfg-acct-mlist)#broadcast
     

    (Optional) Enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group.

     
    Step 7 group server-group [mandatory]


    Example:
    Router(cfg-acct-mlist)#group server1
     

    Specifies the server group. Optionally, specify the mandatory keyword to define this server group as mandatory. If a server group is mandatory, a server from the server group must respond to the Accounting Start message.

    Note   

    Up to ten server groups can be defined within a method list.

     
    Step 8 exit
     

    Exits accounting method list configuration mode.

     
    Step 9 gprs access-point-list list-name


    Example:
    Router(config)# gprs access-point-list public1
     

    Configures an access point list that you use to define public data network (PDN) access points on the GGSN and enters global configuration mode.

     
    Step 10 access-point access-point-index


    Example:
    Router(config-ap-list)# access-point 11
     

    Specifies an access point number and enters access point configuration mode.

     
    Step 11 aaa-group accounting method-list name


    Example:
    Router(config-access-point)#aaa-group accounting net1
     

    Specifies an accounting server group.

     
    Step 12 gtp-response-message wait-accounting


    Example:
    Router(config-access-point)# gtp-response-message wait-accounting
     

    Configures APN to wait for a RADIUS accounting response before sending a Create PDP Context response to the Serving GPRS Support Node (SGSN).

     

    Configuration Examples for AAA Broadcast Accounting-Mandatory Response Support

    AAA Broadcast Accounting-Mandatory Response Support Example

    The following example globally configures the GGSN to wait for an accounting response from the RADIUS server before sending a Create PDP Context response to the SGSN. The GGSN waits for a response for PDP context requests received across all access points, except access-point 1. RADIUS response message waiting has been overridden at access-point 1 by using the no gtp response-message wait-accounting command.

    ! Enables AAA globally
    !
    aaa new-model
    !
    ! Defines AAA server group
    ! 
    aaa group server radius abc
     server 10.2.3.4 auth-port 1645 acct-port 1646
     server 10.6.7.8 auth-port 1645 acct-port 1646
    !
    ! Configures AAA authentication and authorization
    !
    aaa authentication ppp abc group abc
    aaa authorization network abc group abc
    aaa accounting network abc
     action-type start-stop
     broadcast
     group SG1 mandatory
     group SG2
     group SG3 mandatory
    !
    gprs access-point-list gprs
     access-point 1
      access-mode non-transparent
      access-point-name www.pdn1.com
      aaa-group authentication abc
    !
    ! Disables waiting for RADIUS response
    ! message at APN 1
    !
      no gtp response-message wait-accounting
      exit
    access-point 2
     access-mode non-transparent
     access-point-name www.pdn2.com
     aaa-group authentication abc
    !
    ! Enables waiting for RADIUS response
    ! messages across all APNs (except APN 1)
    !
    gprs gtp response-message wait-accounting
    !
    ! Configures global RADIUS server hosts
    ! and specifies destination ports for 
    ! authentication and accounting requests
    !
    radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard
    radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard
    radius-server key ggsntel

    Additional References

    The following sections provide references related to the AAA Broadcast Accounting--Mandatory Response Support feature.

    Related Documents

    Related Topic

    Document Title

    Preparation for the GGSN configuration

    Cisco GGSN Release 8.0 Configuration Guide

    AAA commands

    Cisco IOS Security Command Reference Guide

    AAA features

    Cisco IOS Security Configuration Guide: Securing User Services

    Standards

    Standard

    Title

    No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

    --

    MIBs

    MIB

    MIBs Link

    No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

    To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http:/​/​www.cisco.com/​go/​mibs

    RFCs

    RFC

    Title

    No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

    --

    Technical Assistance

    Description

    Link

    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​techsupport

    Feature Information for AAA Broadcast Accounting-Mandatory Response Support

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 1 Feature Information for AAA Broadcast Accounting--Mandatory Response Support

    Feature Name

    Releases

    Feature Information

    AAA Broadcast Accounting--Mandatory Response Support

    12.4(22)T

    The AAA Broadcast Accounting--Mandatory Response Support feature provides a mechanism to support broadcast accounting under each server group through a Gateway GPRS Support Node (GGSN), which acts as a gateway between a General Packet Radio Service (GPRS) wireless data network and other networks such as the Internet or private networks.

    In Release12.4(22)T, this feature was introduced.

    The following commands were introduced or modified: aaa accounting network, aaa-group accounting, access-point, action-type, broadcast, gprs access-point-list, group, gtp-response-message wait-accounting