- Title Page
- Table of Contents
- Preface
- Setting Up Devices and Using the GUI Clients
- Working with the Cisco Prime Network Vision Client
- Viewing and Managing NE Properties
- Device Configurations and Software Images
- Working with Prime Network Vision Maps
- Working with Links
- Labeling NEs Using Business Tags
- Working with the Prime Network Events
- Tracking Faults Using Prime Network Events
- Working with Tickets in Cisco Prime Network Vision
- Working with Reports
- Using Cisco PathTracer to Diagnose Problems
- Monitoring Carrier Ethernet Services
- Monitoring Carrier Grade NAT Properties
- Monitoring DWDM Properties
- Monitoring Ethernet Operations, Administration,and Maintenance Tool Properties
- Monitoring Y.1731 IPSLA Configuration
- IPv6 and IPv6 VPN over MPLS
- Monitoring MPLS Services
- Viewing IP and MPLS Multicast Configurations
- Monitoring MToP Services
- Viewing and Managing SBCs
- Monitoring AAA Configurations
- Monitoring IP Pools
- Monitoring BNG Configurations
- Monitoring Mobile Technologies
- Monitoring Data Center Configurations
- Icon and Button Reference
- Glossary
- Index
- Supported Network Protocols
- Viewing AAA Configurations in Prime Network Vision
- Viewing AAA Group Profile
- Viewing Dynamic Authorization Profile
- Viewing Radius Global Configuration Details
- Viewing AAA Configuration Details for an AAA group
- Viewing Diameter Configuration Details for an AAA group
- Viewing Radius Configuration Details for an AAA Group
- Viewing Radius Accounting Configuration Details for an AAA group
- Viewing the Radius Keepalive and Detect Dead Server Configuration Details for an AAA group
- Viewing the Radius Authentication Configuration Details for an AAA group
- Viewing the Charging Configuration Details for an AAA group
- Viewing the Charging Trigger Configuration Details for an AAA group
Monitoring AAA Configurations
AAA refers to Authentication, Authorization, and Accounting, which is a security architecture for distributed systems that determines the access given to users for specific services and the amount of resources they have used.
•Authentication—This method identifies users, including their login and password, challenge and response, messaging support, and encryption. Authentication is the way to identify a subscriber before providing access to the network and network services.
•Authorization—This method provides access control, including authorization for a subscriber or domain profile. AAA authorization sends a set of attributes to the service describing the services that the user can access. These attributes determine the user's actual capabilities and restrictions.
•Accounting—This method collects and sends subscriber usage and access information used for billing, auditing, and reporting. For example, user identities, start and stop times, performed actions, number of packets, and number of bytes. Accounting enables an operator to analyze the services that the users access as well as the amount of network resources they consume. Accounting records comprise accounting Attribute Value Pairs (AVPs) and are stored on the accounting server. This accounting information can then be analyzed for network management, client billing, and/or auditing.
This chapter contains the following topics:
•Viewing AAA Configurations in Prime Network Vision
Supported Network Protocols
AAA supports the following protocols:
•Diameter—This is a networking protocol that provides centralized AAA management for devices to connect and use a network service, and an alternative to RADIUS. Diameter Applications can extend the base protocol, by adding new commands and/or attributes.
•Remote Authentication Dial In User Service (RADIUS)—This is a networking protocol that provides centralized AAA management for devices to connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server (RAS), the Virtual Private Network (VPN) server, the network switch with port-based authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server.
Viewing AAA Configurations in Prime Network Vision
Prime Network allows you to view the AAA configurations for Cisco ASR9000 and Cisco ASR5000 series network elements.
This topic contains the following sections:
•Viewing Dynamic Authorization Profile
•Viewing Radius Global Configuration Details
•Viewing AAA Configuration Details for an AAA group
Viewing AAA Group Profile
To view the AAA group profile:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA. The AAA attribute details are displayed in the content pane.
Note These attributes are available only for Cisco ASR 9000 series network elements.
Table 23-1 describes the fields that are displayed in the content pane.
|
|
---|---|
Type |
Customization applied to the attribute. |
Key |
Unique format name applied to the attribute. |
Value |
Formatting applied to the attribute. |
Step 3 In the Inventory window, choose AAA group node under the AAA node.
Step 4 Under the AAA group node, select and expand the required group and choose the Radius Configuration option. The group details are displayed in the content pane.
Table 23-2 describes the fields that are displayed in the Radius Configuration dialog box.
Viewing Dynamic Authorization Profile
To view the dynamic authorization profile:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > Dynamic Authorization. The authorization details are displayed in the content pane. You can click on the tabs to view more details.
Note These attributes are available only for Cisco ASR 9000 series network elements.
Table 23-3 describes the fields that are displayed in the Dynamic authorization content pane.
Viewing Radius Global Configuration Details
To view the radius global configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > Radius Global Configuration. The authorization details are displayed in the content pane.
Note These attributes are available only for Cisco ASR 9000 series network elements.
Table 23-4 describes the fields that are displayed in the Radius global configuration content pane.
Viewing AAA Configuration Details for an AAA group
For a Cisco ASR5000 device, Prime Network Vision allows you to view the following configurations for an AAA group:
•Diameter Configuration
–Accounting Configuration
–Authentication Configuration
•Radius Configuration
–Accounting Configuration
–Accounting Keepalive and Detect Dead Server Configuration
–Authentication Configuration
–Authentication Keepalive and Detect Dead Server Configuration
–Charging Configuration
–Charging Triggers
Prime Network Vision displays the AAA configuration details under the AAA container as shown in Figure 23-1. You can view the individual AAA group details by choosing Logical Inventory > Context > AAA > AAA Groups.
Figure 23-1 AAA Groups in Logical Inventory
Viewing Diameter Configuration Details for an AAA group
To view the diameter configuration details for a AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups.
You can view the AAA groups on the content pane.
Step 3 Choose Diameter Configuration under a specific AAA group node. The diameter configurations made for accounting servers and authentication servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details.
Table 23-5 describes the diameter configuration details for accounting and authentication servers.
Step 4 In the Inventory window, choose Accounting Configuration or Authentication Configuration under the Diameter Configuration node. The configuration details are displayed on the content pane.
Table 23-6 describes the accounting/authentication diameter configuration details.
Viewing Radius Configuration Details for an AAA Group
To view the radius configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration. The configurations made for accounting, authentication, charging, and charging accounting servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details.
Table 23-7 describes the radius configuration details for accounting, authentication, charging, and charging accounting servers.
Viewing Radius Accounting Configuration Details for an AAA group
To view the radius accounting configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Accounting Configuration. The accounting configuration details are displayed in the content pane.
Table 23-8 describes the radius accounting configuration details.
Viewing the Radius Keepalive and Detect Dead Server Configuration Details for an AAA group
To view the radius accounting/authentication Keepalive and Detect Dead Server Configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Accounting Keepalive and Detect Dead Server Configuration or Authentication Keepalive and Detect Dead Server Configuration. The configuration details are displayed in the content pane.
Table 23-9 describes the radius accounting keepalive and detect dead server configuration details.
Viewing the Radius Authentication Configuration Details for an AAA group
To view the radius authentication configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Authentication Configuration. The authentication configuration details are displayed in the content pane.
Table 23-10 describes the radius authentication configuration details.
Viewing the Charging Configuration Details for an AAA group
To view the radius charging configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > AAA Groups > AAA Group > Radius Configuration > Charging Configuration. The charging configuration details are displayed in the content pane.
Table 23-11 describes the charging configuration details.
Viewing the Charging Trigger Configuration Details for an AAA group
To view the radius charging trigger configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Charging Trigger. The charging configuration details are displayed in the content pane.
Table 23-12 describes the charging trigger configuration details.
Configuring AAA Group
The following commands can be launched from the inventory by choosing AAA Group > Commands > Configuration. Before executing any commands, you can preview them and view the results. If desired, you can also schedule the commands. To find out if a device supports these commands, see the Cisco Prime Network 3.10 Supported Cisco VNEs.
Note You might be prompted to enter your device access credentials while executing a command. Once you have entered them, these credentials will be used for every subsequent execution of a command in the same GUI client session. If you want to change the credentials, click Edit Credentials. The Edit Credentials button will not be available for SNMP commands or if the command is scheduled for a later time.