engineering rules apply to the AAA interface including RADIUS and
AAA interfaces are
specified by assigning the IP address of a logical interface within
a specific context as the RADIUS NAS IP Address (RFC-2865 and RFC-2866)
within the same context. This is done using the radius attribute nas-ip-address command
in the context configuration mode.
AAA interfaces in support
of data services can be configured within any context.
Typically it exists
Ingress context for
PDSN and ASNGW services
Egress context for
A AAA interface is
selected in the following order:
Default AAA context
Last-resort AAA context
If all else fails defaults
to the Ingress Context
AAA servers can be
configured with "primary" and "backup" servers
for any context.
Accounting servers can be configured individually per context.
Multiple AAA contexts
can be configured to support different accounting and authentication
servers based on the domain where that the subscriber belongs.
AAA server group provides
AAA functionality to the each subscriber separately with in the
AAA server group for
AAA functionality can be configured with following limits:
A total of 800 AAA
server groups (including "default" server group)
are available per context or system.
A maximum number of
authentication/accounting servers per AAA server group
A maximum of 1600 servers
can be configured in a context or a system, regardless of the number
of server groups, with any combination for authentication and/or accounting.
A maximum of 800 NAS-IP
addresses/NAS identifier (1 primary and 1 secondary per
server group) can be configured per context.