- Overview of Prime Network GUI clients
- Setting Up the Prime Network Clients
- Setting Up Change and Configuration Management
- Setting Up Vision Client Maps
- Setting Up Native Reports
- Setting Up Fault Management and the Events Client Default Settings
- Viewing Devices, Links, and Services in Maps
- Drilling Down into an NE’s Physical and Logical Inventories and Changing Basic NE Properties
- Manage Device Configurations and Software Images
- How Prime Network Handles Incoming Events
- Managing Tickets with the Vision Client
- Viewing All Event Types in Prime Network
- Cisco Path Tracer
- Managing IP Address Pools
- Monitoring AAA Configurations
- Managing DWDM Networks
- Managing MPLS Networks
- Managing Carrier Ethernet Configurations
- Managing Ethernet Networks Using Operations, Administration, and Maintenance Tools
- Monitoring Carrier Grade NAT Configurations
- Monitoring Quality of Service
- Managing IP Service Level Agreement (IP SLA) Configurations
- Monitoring IP and MPLS Multicast Configurations
- Managing Session Border Controllers
- Monitoring BNG Configurations
- Managing Mobile Transport Over Pseudowire (MToP) Networks
- Managing Mobile Networks
- Managing Data Center Networks
- Monitoring Cable Technologies
- Monitoring ADSL2+ and VDSL2 Technologies
- Monitoring Quantum Virtualized Packet Core
- VSS Redundancy System
- Icon Reference
- Permissions Required to Perform Tasks Using the Prime Network Clients
- Correlation Examples
- Managing certificates
- Supported AAA Network Protocols
- Viewing AAA Configurations
- Viewing AAA Group Profile
- Viewing a Dynamic Authorization Profile
- Viewing a Dynamic Dictionary
- Viewing a Radius Global Configuration Details
- Viewing TACACS+ Global Configuration Details
- Viewing TACACS+ Servers Configuration Details
- Viewing AAA Group Configuration Details
- Viewing Diameter Configuration Details for an AAA Group
- Viewing Radius Configuration Details for an AAA Group
- Viewing Radius Client Configuration Details for an AAA Group
- Viewing Radius Accounting Configuration Details for an AAA Group
- Viewing the Radius Keepalive and Detect Dead Server Configuration Details for an AAA Group
- Viewing the RADIUS Attributes Configuration Details for an AAA Group
- Viewing the RADIUS Accounting Attributes Configuration Details for an AAA Group
- Viewing the RADIUS Authentication Attributes Configuration Details for an AAA Group
- Viewing the Radius Authentication Configuration Details for an AAA Group
- Viewing the Charging Configuration Details for an AAA Group
- Viewing the Charging Trigger Configuration Details for an AAA Group
- Viewing TACACS+ Group Configuration Details for an AAA Group
- Configuring AAA Groups
Monitoring AAA Configurations
AAA refers to Authentication, Authorization, and Accounting, which is a security architecture for distributed systems that determines the access given to users for specific services and the amount of resources they have used.
- Authentication—This method identifies users, including their login and password, challenge and response, messaging support, and encryption. Authentication is the way to identify a subscriber before providing access to the network and network services.
- Authorization—This method provides access control, including authorization for a subscriber or domain profile. AAA authorization sends a set of attributes to the service describing the services that the user can access. These attributes determine the user’s actual capabilities and restrictions.
- Accounting—This method collects and sends subscriber usage and access information used for billing, auditing, and reporting. For example, user identities, start and stop times, performed actions, number of packets, and number of bytes. Accounting enables an operator to analyze the services that the users access as well as the amount of network resources they consume. Accounting records comprise accounting Attribute Value Pairs (AVPs) and are stored on the accounting server. This accounting information can then be analyzed for network management, client billing, and/or auditing.
These topics describe how to use the Vision client to view and manage AAA configurations. If you cannot perform an operation that is described in these topics, you may not have sufficient permissions; see Permissions for Managing AAA.
Supported AAA Network Protocols
AAA supports the following protocols:
- Diameter—This is a networking protocol that provides centralized AAA management for devices to connect and use a network service, and an alternative to RADIUS. Diameter Applications can extend the base protocol, by adding new commands and/or attributes.
- Remote Authentication Dial In User Service (RADIUS)—This is a networking protocol that provides centralized AAA management for devices to connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server (RAS), the Virtual Private Network (VPN) server, the network switch with port-based authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server.
- Terminal Access Controller Access Control System (TACACS) is an authentication program used on Unix and Linux based systems, along with certain network routers. TACACS allows a remote access server to communicate with an authentication server to determine whether or not a user has the proper rights to access a network or database. TACACS forwards username and password information to a centralized security server.
- TACACS+ is a networking protocol that provides centralized AAA management for devices to connect and use a network service. Derived from TACACS, TACACS+ provides for separate and modular AAA facilities and uses TCP as transport.
Viewing AAA Configurations
This topic contains the following sections:
- Viewing AAA Group Profile
- Viewing a Dynamic Authorization Profile
- Viewing a Dynamic Dictionary
- Viewing a Radius Global Configuration Details
- Viewing TACACS+ Global Configuration Details
- Viewing TACACS+ Servers Configuration Details
- Viewing AAA Group Configuration Details
For information on the devices that support AAA, refer to Cisco Prime Network 5.0 Supported VNEs.
Viewing AAA Group Profile
To view the AAA group profile:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA. The AAA attribute details are displayed in the content pane. (The attributes that are displayed depend on the device type.)
Table 15-1 describes the fields that are displayed in the content pane.
|
|
---|---|
Step 3 In the Inventory window, choose AAA group node under the AAA node. In the Content pane you can view the AAA method in the Group Type field. The group Type displayed are None, TACACS+, RADIUS, or DIAMETER for the existing device types.
Step 4 Under the AAA group node, select and expand the required group and choose the Radius Configuration option. The group details are displayed in the content pane.
Table 15-2 describes the fields that are displayed in the Radius Configuration dialog box.
|
|
---|---|
Indicates if a transaction associated with a single AAA session should attempt to use the same server or not. |
|
Viewing a Dynamic Authorization Profile
To view the dynamic authorization profile:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > Dynamic Authorization. The authorization details are displayed in the content pane. You can click on the tabs to view more details. (The attributes that are displayed depend on the device type.)
Table 15-3 describes the fields that are displayed in the Dynamic authorization content pane.
Viewing a Dynamic Dictionary
To view the dynamic dictionary:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > local > AAA > AAA Dynamic Dictionaries > Context. The dynamic dictionary VID details are displayed in the content pane.
Table 15-4 describes the fields that are displayed in the Dynamic dictionary content pane.
|
|
---|---|
The static dictionary number and name from which the dynamic dictionary is derived. |
|
Viewing a Radius Global Configuration Details
To view the radius global configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > Radius Global Configuration. The authorization details are displayed in the content pane. (The attributes that are displayed depend on the device type.)
Table 15-5 describes the fields that are displayed in the Radius global configuration content pane.
Viewing TACACS+ Global Configuration Details
To view the TACACS+ global configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > TACACS+ Global Configuration. The configuration details are displayed in the content pane. (The attributes that are displayed depend on the device type.)
Table 15-6 describes the fields that are displayed in the TACACS+ global configuration content pane.
Viewing TACACS+ Servers Configuration Details
To view the TACACS+ Servers configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > TACACS+ Servers. The configuration details for each TACACS+ server are displayed in the content pane. (The attributes that are displayed depend on the device type.)
Table 15-7 describes the fields that are displayed in the TACACS+ Servers configuration content pane.
Viewing AAA Group Configuration Details
For certain devices, the Vision client allows you to view the following configurations for an AAA group:
– Authentication Configuration
– Accounting Keepalive and Detect Dead Server Configuration
– Authentication Configuration
– Authentication Keepalive and Detect Dead Server Configuration
(Refer to Cisco Prime Network 5.0 Supported VNEs for more information.)
The Vision client displays the AAA configuration details under the AAA container as shown in Figure 15-1. You can view the individual AAA group details by choosing Logical Inventory > Context > AAA > AAA Groups.
Figure 15-1 AAA Groups in Logical Inventory

Viewing Diameter Configuration Details for an AAA Group
To view the diameter configuration details for a AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups.
You can view the AAA groups on the content pane.
Step 3 Choose Diameter Configuration under a specific AAA group node. The diameter configurations made for accounting servers and authentication servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details.
Table 15-8 describes the diameter configuration details for accounting and authentication servers.
Step 4 In the Inventory window, choose Accounting Configuration or Authentication Configuration under the Diameter Configuration node. The configuration details are displayed on the content pane.
Table 15-9 describes the accounting/authentication diameter configuration details.
Viewing Radius Configuration Details for an AAA Group
To view the radius configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration. The configurations made for accounting, authentication, charging, and charging accounting servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details.
Table 15-10 describes the radius configuration details for accounting, authentication, charging, and charging accounting servers.
Viewing Radius Client Configuration Details for an AAA Group
To view the radius configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Default > AAA Radius Client Configuration. The configurations made for accounting, authentication, charging, and charging accounting servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details.
Table 15-11 describes the radius client configuration details for accounting, authentication, charging, and charging accounting servers.
Viewing Radius Accounting Configuration Details for an AAA Group
To view the radius accounting configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Accounting Configuration. The accounting configuration details are displayed in the content pane.
Table 15-12 describes the radius accounting configuration details.
Viewing the Radius Keepalive and Detect Dead Server Configuration Details for an AAA Group
To view the radius accounting/authentication Keepalive and Detect Dead Server Configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Accounting Keepalive and Detect Dead Server Configuration or Authentication Keepalive and Detect Dead Server Configuration. The configuration details are displayed in the content pane.
Table 15-13 describes the radius accounting keepalive and detect dead server configuration details.
Viewing the RADIUS Attributes Configuration Details for an AAA Group
To view the radius attributes configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Attributes Configuration. The configuration details are displayed in the content pane.
Table 15-14 describes the attributes configuration details.
|
|
---|---|
Attribute name by which the system is identified in access request messages. |
|
The NAS IP address configured as the secondary or backup IP address to the RADIUS client. |
|
Viewing the RADIUS Accounting Attributes Configuration Details for an AAA Group
To view the RADIUS accounting attributes configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Accounting Attributes Configuration. The configuration details are displayed in the content pane.
Table 15-15 describes the attributes configuration details.
Viewing the RADIUS Authentication Attributes Configuration Details for an AAA Group
To view the radius authentication attributes configuration details:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Authentication Attributes Configuration. The configuration details are displayed in the content pane.
Table 15-16 describes the attributes configuration details.
Viewing the Radius Authentication Configuration Details for an AAA Group
To view the radius authentication configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Authentication Configuration. The authentication configuration details are displayed in the content pane.
Table 15-17 describes the radius authentication configuration details.
Viewing the Charging Configuration Details for an AAA Group
To view the radius charging configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > AAA Groups > AAA Group > Radius Configuration > Charging Configuration. The charging configuration details are displayed in the content pane.
Table 15-18 describes the charging configuration details.
Viewing the Charging Trigger Configuration Details for an AAA Group
To view the radius charging trigger configuration details for an AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Context > AAA > AAA Groups > AAA Group > Radius Configuration > Charging Trigger. The charging configuration details are displayed in the content pane.
Table 15-19 describes the charging trigger configuration details.
Viewing TACACS+ Group Configuration Details for an AAA Group
To view the TACACS+ group configuration details for a AAA group:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > AAA > AAA Groups.The configuration details are displayed on the content pane. (The attributes that are displayed depend on the device type.)
Step 3 Expand a specific TACACS+ Group node and then choose TACACS+ Configuration under a specific AAA group node.
Table 15-20 describes the TACACS+ group configuration details and its associated TACACS+ Servers details.
Configuring AAA Groups
The following commands can be launched from the inventory by right-clicking and AAA group and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions for Vision Client NE-Related Operations). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.