Aaa authorization, Aaa accounting – Cisco 10000 User Manual

11-3

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 11 Configuring Local AAA Server, User Database—Domain to VRF

In the figure, the PPP client attempts to establish a PPP session with user@domain. This PAP or CHAP
user name request is forwarded to the broadband remote access server

(

BRAS) for authentication.

Authentication could be done locally on the BRAS, but in most cases the authentication is forwarded to
a RADIUS server. The RADIUS server looks up the user@domain or user (if the BRAS strips off the
domain), and if found sends a RADIUS ACK back to the BRAS. The BRAS sends a PAP or CHAP ACK
back to the PPP client.

AAA Authorization

Figure 11-2

shows the AAA authorization set up when establishing a PPP connection.

Figure 11-2

AAA Authorization

In the figure, the PPP client requests an IP address using PPP IPCP to the BRAS. The BRAS does a
match of the domain to a local profile. This local profile contains the VRF to assign to this PPP session.
The BRAS replies back to the PPP client with an IP address from the defined IP address pool in the local
profile.

AAA Accounting

Figure 11-3

shows the AAA accounting set up when establishing a PPP connection.

Figure 11-3

AAA Accounting

ADSL

ADSL

119520

MPLS Backbone

BRAS

Central

Site

CE

Central

Site

CE

RADIUS

IP address

PE

PE

IPCP Request

Local Profile

VRF Yellow

IP Address Pool

ADSL

ADSL

119521

MPLS Backbone

BRAS

Central

Site

CE

Central

Site

CE

RADIUS

PE

PE

Accounting Star

t/Stop

, Per

iodic