provisioning the aaa server and universal gateway to communicate with cisco rpms - book chapter

Provisioning Cisco RPOL-2328-01

C H A P T E R 4

d

Provisioning the AAA Server andUniversal Gateway to Communicatewith Cisco RPMS

Topics in this chapter include:

• Overview: Configuring the AAA Proxy or Server to Communicate with anRecognize Cisco RPMS as a Proxy, page 4-3

• Overview: Configuring the Universal Gateway to Communicate with theCisco RPMS, page 4-4

– Running a Trial Call, page 4-5

4-1MS in a Wholesale Dial Network

Chapter 4 Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS

o

Description

TasksCisco recommends you provision the network in the following order:

Step 1 SeeChapter 1 to complete the tasks for provisioning Cisco RPMS.

Step 2 SeeChapter 2 to provision Cisco RPMS for non-VPDN service, orChapter 3 toprovision Cisco RPMS with VPDN service.

Step 3 Configure the AAA proxy or server to communicate with and recognize CiscRPMS as a proxy.

Step 4 Configure the UG to communicate with Cisco RPMS.

Step 5 Run a trial call through the system before pointing high volume live traffic toCisco RPMS.

Summary After provisioning Cisco RPMS, you must configure the AAAservers and UG to communicate with Cisco RPMS.

TargetPlatforms

Cisco AS5000 series universal gateways

Components • Cisco RPMS

• AAA server

• Universal gateway

Frequency As needed.

4-2Provisioning Cisco RPMS in a Wholesale Dial Network

OL-2328-01

Chapter 4 Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMSOverview: Configuring the AAA Proxy or Server to Communicate with and Recognize Cisco RPMS as a Proxy

G.

xy

es.S

n

Notes• Cisco RPMS must be configured before configuring the AAA server or U

• You should run the system without preauthentication enabled to verify profunctionality before continuing with preauthentication.

Overview: Configuring the AAA Proxy or Server toCommunicate with and Recognize Cisco RPMS as aProxy

You can use an optional AAA proxy server for AAA records in a Cisco RPMSnetwork architecture. Cisco RPMS provides VPDN and non-VPDN dial servicNote that the VPDN dial services rely on VPDN data specified in the Cisco RPMVPDN group.

If you are deploying a AAA proxy server, you must configure the AAA proxyserver to communicate with Cisco RPMS. Cisco RPMS uses RADIUS tocommunicate with the AAA server and with the UGs.

If using Access Registrar AAA proxies, refer toAppendix B, “ConfiguringAccess Registrar”of theCisco Resource Policy Management System 2.0Configuration Guide for more details.

Note Make sure that all AAA servers support the proxy state attribute.

After enabling the AAA proxy server to communicate with Cisco RPMS, you cacreate a list of AAA proxies. To do so, refer to the“Adding a AAA Server or AAAProxy Server” section on page 2-20 of theCisco Resource Policy ManagementSystem 2.0 Configuration Guide.


OL-2328-01

Chapter 4 Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMSOverview: Configuring the Universal Gateway to Communicate with the Cisco RPMS

les

gr)

heheo

es,G

portre

set ofs inythe

and

t

eate

Overview: Configuring the Universal Gateway toCommunicate with the Cisco RPMS

After provisioning Cisco RPMS and the AAA proxy or server, you must enabcommunication between the UG and Cisco RPMS. Cisco RPMS and the UGcommunicate by using the RADIUS protocol.

Let us assume that the UG has already been configured with a single existinAAA RADIUS server group to send AAA messages to the AAA proxy (or servehost.

After configuring Cisco RPMS, you must provision Cisco RPMS as a host in tAAA RADIUS server group on the UG, and delete the existing host entry for tAAA proxy or server. This directs the UG to send the AAA messages to CiscRPMS instead of the AAA proxy or server.

Once you have verified operation of Cisco RPMS as a proxy for AAA messagenable AAA preauthentication for the defined server group. At this point, the Uis sending both preauthentication and AAA messages to Cisco RPMS. CiscoRPMS processes the preauthentication messages for enforcing port policymanagement features.

The Cisco RPMS system processes AAA messages as well in order to keeppolicies up-to-date, but its proxy functionality ensures that AAA messages aalso delivered to and serviced by the appropriate AAA proxy or AAA server.

The example above assumes that you are adding Cisco RPMS as a host or hosts in an existing server group, and then removing any pre-existing serverthat group. If so, you can retain a copy of the pre-existing host information bcopying and pasting it into a new, unused server group before deleting it fromoriginal server group.

Alternatively, you can add Cisco RPMS hosts to an entirely new server groupchange your AAA commands to point to the new server group name.

To configure a Cisco UG to communicate with Cisco RPMS, refer toAppendix A,“Configuring the Universal Gateway”of theCisco Resource Policy ManagemenSystem 2.0 Configuration Guide.

Once you have enabled the UG to communicate with Cisco RPMS, you can cra list of universal gateways. To do so, refer to the“Adding a Universal Gateway”section on page 2-18 of theCisco Resource Policy Management System 2.0Configuration Guide.


OL-2328-01


is

Running a Trial CallAfter configuring Cisco RPMS and the UG, run a trial call to ensure the systemproperly configured. Do thisbefore pointing high volume live traffic to CiscoRPMS.


OL-2328-01



OL-2328-01

provisioning the aaa server and universal gateway to communicate with cisco rpms - book chapter

Documents