A12 Aggregation; Radius Support - Cisco ASR 5000 Series Administration Manual

▀ Features and Functionality
For a detailed presentation of X.509 certificate-based peer authentication, see the section How the FNG Works later in
this chapter.

A12 Aggregation

The Access Network AAA (AN-AAA) servers in 1x networks are not designed to handle a large numbers of FAPs
attempting A12 authentication to access the network. The A12 aggregation feature reduces the number of source
addresses in the A12 Access-Request messages sent to the AN-AAA servers by the FNG, which simplifies the
configuration of the AN-AAA server's database.
A12 authentication is a CHAP-based authentication method used by CDMA2000 AN-AAA servers to provide High
Rate Packet Data (HRPD) access authentication between the AN function in the FAPs and the AN-AAA servers in the
network.
When the FNG receives an A12 Access-Request message from a FAP, it validates the source address of the FAP, then
substitutes the source address (and, optionally, the NAS IP address/port number) in the Access-Request message with its
own source address before sending the message to the AN-AAA server. When the FNG receives the Access-Accept
message from the AN-AAA server, the FNG sends it back to the FAP. In this way, the number of AAA sessions
required by the AN-AAA server is reduced.

RADIUS Support

RADIUS support on the FNG provides a mechanism for performing authentication, authorization, and accounting
(AAA) for subscribers. The benefits of using AAA are:
• Higher flexibility for subscriber access control
• Better accounting, charging, and reporting options
• Industry standard RADIUS authentication
The Remote Authentication Dial-In User Service (RADIUS) protocol can be used to provide AAA functionality for
subscribers. The AAA functionality on the FNG provides a wide range of configuration options via AAA server groups,
which allow a number of RADIUS parameters to be configured in support of the FNG service.
Currently, two types of authentication load-balancing methods are supported: first-server and round-robin. The first-
server method sends requests to the highest priority active server. A request will be sent to a different server only if the
highest priority server is not reachable. With the round-robin method, requests are sent to all active servers in a round-
robin fashion.
The FNG can detect the status of the AAA servers. Status checking is enabled by configuration in the AAA Server
Group Configuration Mode of the system's CLI. Once an AAA server is detected to be down, it is kept in the down state
up to a configurable duration of time called the dead-time period. After the dead-time period expires, the AAA server is
eligible to be retried. If a subsequent request is directed to that server and the server properly responds to the request, the
system makes the server active again.
Important:
and Reference.
▄ Cisco ASR 5000 Series Femto Network Gateway Administration Guide
20
For more information on RADIUS AAA configuration, refer to the AAA Interface Administration
Femto Network Gateway Overview
OL-24872-01