Named Method Lists For Aaa Authorization & Accounting; Per-Modem Filters (Per-Modem And Per-Host Access Lists); Per-User Configuration; Redirect-Number Support For Radius And Tacacs+ Servers - Cisco 7246VXR - uBR Router Software Configuration Manual

Chapter 1 Overview of Cisco uBR7200 Series Software
Named Method Lists for AAA Authorization & Accounting
Named method lists for Authentication, Authorization, and Accounting (AAA) allow you to define different
methods for authorization and accounting and apply those methods on a per-interface or per-line basis. For
additional information, refer to the following document on Cisco.com:
•

Per-Modem Filters (Per-Modem and Per-Host Access Lists)

Per-modem filters provide you with the ability to filter incoming packets from individual hosts or
cable interfaces based on the source Media Access Controller (MAC) or Internet Protocol (IP) address.
This allows access lists to be specified on a per-interface and per-direction basis. The packets received
from cable interfaces and/or individual hosts are filtered based on the cable interface or the host from
which the packets are received.
For additional information, refer to these documents on Cisco.com:
•
•

Per-User Configuration

Per-user configuration provides a flexible, scalable, easily maintained solution for customers with a
large number of dial-in users. This solution can tie together the following dial-in features:
Virtual template interfaces, generic interface configuration and router-specific configuration information
stored in the form of a virtual template interface that can be applied (cloned) to a virtual access interface each
time any user dials in. This is described in the following document on Cisco.com:
•
AAA per-user security and interface configuration information stored on a separate AAA server and sent
by the AAA server to the access server or router in response to authorization requests during the PPP
authentication phase. The per-user configuration information can add to or override the generic
configuration on a virtual interface.
Virtual profiles, which can use either or both of the two sources of information above for virtual interface
configuration. When a user dials in, virtual profiles can apply the generic interface configuration and then
apply the per-user configuration to create a unique virtual access interface for that user.
A virtual access interface created dynamically for any user dial-in session is deleted when the session
ends. The resources used during the session are returned for other dial-in uses.
This set of features is supported on all platforms that support Multilink PPP.

Redirect-Number Support for RADIUS and TACACS+ Servers

The telco-return RADIUS server has been enhanced to provide additional authentication information,
allowing an administrator to determine whether a subscriber dialed a number that requires special billing
arrangements (such as a toll-free number). If a telco return customer is being authenticated by a
TACACS+ or RADIUS server, and if the number dialed by the cable modem is being redirected to
another number for authentication, the system can include the original number in the information sent
to the authentication server. The original number can be sent as a Cisco vendor-specific attribute (VSA)
for TACACS+ servers and as RADIUS Attribute 93 (Ascend-Redirect-Number) for RADIUS servers.
OL-2239-05
Configuring Authorization
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathor.html
"Configuring Per-Modem Filters" section on page 5-8
Cisco IOS CMTS Cable Command Reference Guide
http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html
"Virtual Templates, Profiles, and Networks"
Configuration Guide, Release 12.2
http://www.cisco.com/en/US/docs/ios/12_2/dial/configuration/guide/fdial_c.html
Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide
chapter in the Cisco IOS Dial Technologies
cops tcp window-size
1-107