Prerequisites for AAA Broadcast Accounting-Mandatory Response Support
See the Cisco GGSN Release 8.0 Configuration Guide for more information on preparing for the GGSN configuration.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The AAA Broadcast Accounting--Mandatory Response Support feature provides a mechanism to support broadcast accounting under each server group through a Gateway GPRS Support Node (GGSN), which acts as a gateway between a General Packet Radio Service (GPRS) wireless data network and other networks such as the Internet or private networks.
See the Cisco GGSN Release 8.0 Configuration Guide for more information on preparing for the GGSN configuration.
Accounting information can be sent simultaneously to a maximum of ten AAA servers.
The AAA Broadcast Accounting--Mandatory Response Support feature allows up to 10 server groups (methods) to be configured in a method list. The following sections describe the types of AAA accounting used to support GGSN:
AAA broadcast accounting allows accounting information to be sent to multiple authentication, authorization, and accounting (AAA) servers at the same time; that is, accounting information can be broadcast to one or more AAA servers simultaneously. This functionality allows service providers to send accounting information to their own private AAA servers and to the AAA servers of their end customers. It also provides redundant billing information for voice applications.
Broadcasting is allowed among groups of servers, which can be either RADIUS or TACACS+, and each server group can define its backup servers for failover independently of other groups. Failover is a process that may occur when more than one server has been defined within a server group. Failover refers to the process by which information is sent to the first server in a server group; if the first server is unavailable, the information is sent to the next server in the server group. This process continues until the information is successfully sent to one of the servers within the server group or until the list of available servers within the server group is exhausted.
With Cisco GGSN Release 8.0 and later releases, broadcast and wait accounting can be configured to work together. The wait accounting feature is configured at the Access Point Name (APN) level, while broadcast accounting is specified at the AAA method level.
Broadcast accounting sends start, stop, and interim accounting records to all the server groups that are configured in a method list. Within a server group, the accounting records are sent to the first active server. If the active server cannot be reached, the accounting records are sent to the next server within a group.
Additionally, one or more server groups within a method list can be configured as “mandatory,” meaning that a server from that server group has to respond to the Accounting Start message. The APN-level wait accounting ensures that an accounting response has been received from all mandatory server groups before the packet data protocol (PDP) context is established.
The advantages of broadcast and wait accounting together include:
Accounting records are sent to multiple servers, and once the entry is made, the user can start using different services.
Records are sent to multiple AAA servers for redundancy purposes.
A PDP context is established only when a valid Accounting Start record has been received by all essential servers, avoiding information loss.
Broadcast records can be sent to as many as ten server groups within a method list.
When configuring broadcast and wait accounting together, note the following:
Under the method list configuration, the mandatory keyword is available only if broadcast accounting is configured.
If wait accounting is not required, broadcast accounting to all server groups is available without any mandatory groups defined.
If you do not specify any mandatory server groups when configuring broadcast accounting, wait accounting will function as it does in Cisco GGSN Release 7.0 and earlier releases.
Wait accounting does not apply to PPP PDP contexts.
A PDP is successfully created only when a Accounting response is received from all the mandatory servers.
The periodic timer starts when an Accounting Response (PDP creation) is received.
Note |
More than one server group can be defined as a mandatory server group in a method list. |
The tasks in this section describe how to configure broadcast and wait accounting on the GGSN.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
aaa new-model Example:
|
Enables new access control commands and functions (disables the old commands). |
||
Step 4 |
aaa accounting network {method-list-name | default } Example:
|
Enables authentication, authorization, and accounting (AAA) accounting of requested services for billing or security purposes when you use RADIUS and enters accounting method list mode.
|
||
Step 5 |
action-type {start-stop | stop-only | none } Example:
|
Performs a type of action on accounting records. Possible values are:
|
||
Step 6 |
broadcast Example:
|
(Optional) Enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group. |
||
Step 7 |
group server-group [mandatory ] Example:
|
Specifies the server group. Optionally, specify the mandatory keyword to define this server group as mandatory. If a server group is mandatory, a server from the server group must respond to the Accounting Start message.
|
||
Step 8 |
exit |
Exits accounting method list configuration mode. |
||
Step 9 |
gprs access-point-list list-name Example:
|
Configures an access point list that you use to define public data network (PDN) access points on the GGSN and enters global configuration mode. |
||
Step 10 |
access-point access-point-index Example:
|
Specifies an access point number and enters access point configuration mode. |
||
Step 11 |
aaa-group accounting method-list name Example:
|
Specifies an accounting server group. |
||
Step 12 |
gtp-response-message wait-accounting Example:
|
Configures APN to wait for a RADIUS accounting response before sending a Create PDP Context response to the Serving GPRS Support Node (SGSN). |
The following example globally configures the GGSN to wait for an accounting response from the RADIUS server before sending a Create PDP Context response to the SGSN. The GGSN waits for a response for PDP context requests received across all access points, except access-point 1. RADIUS response message waiting has been overridden at access-point 1 by using the no gtp response-message wait-accounting command.
! Enables AAA globally
!
aaa new-model
!
! Defines AAA server group
!
aaa group server radius abc
server 10.2.3.4 auth-port 1645 acct-port 1646
server 10.6.7.8 auth-port 1645 acct-port 1646
!
! Configures AAA authentication and authorization
!
aaa authentication ppp abc group abc
aaa authorization network abc group abc
aaa accounting network abc
action-type start-stop
broadcast
group SG1 mandatory
group SG2
group SG3 mandatory
!
gprs access-point-list gprs
access-point 1
access-mode non-transparent
access-point-name www.pdn1.com
aaa-group authentication abc
!
! Disables waiting for RADIUS response
! message at APN 1
!
no gtp response-message wait-accounting
exit
access-point 2
access-mode non-transparent
access-point-name www.pdn2.com
aaa-group authentication abc
!
! Enables waiting for RADIUS response
! messages across all APNs (except APN 1)
!
gprs gtp response-message wait-accounting
!
! Configures global RADIUS server hosts
! and specifies destination ports for
! authentication and accounting requests
!
radius-server host 10.2.3.4 auth-port 1645 acct-port 1646 non-standard
radius-server host 10.6.7.8 auth-port 1645 acct-port 1646 non-standard
radius-server key ggsntel
The following sections provide references related to the AAA Broadcast Accounting--Mandatory Response Support feature.
Related Topic |
Document Title |
---|---|
Preparation for the GGSN configuration |
Cisco GGSN Release 8.0 Configuration Guide |
AAA commands |
Cisco IOS Security Command Reference Guide |
AAA features |
Cisco IOS Security Configuration Guide: Securing User Services |
Standard |
Title |
---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIB |
MIBs Link |
---|---|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFC |
Title |
---|---|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. |
-- |
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
AAA Broadcast Accounting--Mandatory Response Support |
Cisco IOS XE Release 3.9S |
The AAA Broadcast Accounting--Mandatory Response Support feature provides a mechanism to support broadcast accounting under each server group through a Gateway GPRS Support Node (GGSN), which acts as a gateway between a General Packet Radio Service (GPRS) wireless data network and other networks such as the Internet or private networks. The following commands were introduced or modified: aaa accounting network , aaa-group accounting , access-point , action-type , broadcast , gprs access-point-list , group , gtp-response-message wait-accounting |