Table of Contents
Advertisement
Chapter 11
Configuring Local AAA Server, User Database—Domain to VRF
In the figure, the PPP client attempts to establish a PPP session with user@domain. This PAP or CHAP
user name request is forwarded to the broadband remote access server
Authentication could be done locally on the BRAS, but in most cases the authentication is forwarded to
a RADIUS server. The RADIUS server looks up the user@domain or user (if the BRAS strips off the
domain), and if found sends a RADIUS ACK back to the BRAS. The BRAS sends a PAP or CHAP ACK
back to the PPP client.
AAA Authorization
Figure 11-2
Figure 11-2
AAA Authorization
IPCP Request
ADSL
ADSL
In the figure, the PPP client requests an IP address using PPP IPCP to the BRAS. The BRAS does a
match of the domain to a local profile. This local profile contains the VRF to assign to this PPP session.
The BRAS replies back to the PPP client with an IP address from the defined IP address pool in the local
profile.
AAA Accounting
Figure 11-3
Figure 11-3
AAA Accounting
ADSL
ADSL
OL-2226-23
shows the AAA authorization set up when establishing a PPP connection.
Local Profile
VRF Yellow
IP Address Pool
BRAS
MPLS Backbone
shows the AAA accounting set up when establishing a PPP connection.
BRAS
MPLS Backbone
(
BRAS) for authentication.
RADIUS
PE
PE
RADIUS
PE
PE
Cisco 10000 Series Router Software Configuration Guide
CE
Central
Site
Central
Site
CE
CE
Central
Site
Central
Site
CE
11-3
Advertisement
Table of Contents
Troubleshooting
