Manualshelf

Specifications

ManualsBrandsMotorola ManualsComputer equipmentV3229 - 14.4 Kbps Modem
221222223224225226227228229230
Configuring per-User Configuration
Per-User Configuration Overview
DC-680
Cisco IOS Dial Technologies Configuration Guide
Virtual profiles, which can use either or both of the two sources of information listed in the previous
bullets for virtual interface configuration. When a user dials in, virtual profiles can apply the generic
interface configuration and then apply the per-user configuration to create a unique virtual access
interface for that user. This configuration is described in the chapter “Configuring Virtual Profiles”
in this publication.
The per-user configuration feature provides these benefits:
Maintenance ease for service providers with a large number of access servers and a very large
number of dial-in users. Service providers need not update all their routers and access servers when
user-specific information changes; instead, they can update one AAA server.
Scalability. By separating generic virtual interface configuration on the router from the
configuration for each individual, Internet service providers and other enterprises with large
numbers of dial-in users can provide a uniquely configured interface for each individual user. In
addition, by separating the generic virtual interface configuration from the physical interfaces on the
router, the number and types of physical interfaces on the router or access server are not intrinsic
barriers to growth.
General Operational Processes
In general, the per-user configuration process on the Cisco router or network access server proceeds as
follows:
1. The user dials in.
2. The authentication and authorization phases occur.
a. If AAA is configured, the router sends an authorization request to the AAA server.
b. If the AAA server has information (attribute-value or AV pairs, or other configuration
parameters) that defines a configuration for the specific user, the server includes it in the
information in the approval response packet.
Figure 98 illustrates the request and response part of the process that happens when a user dials
in, given that AAA is configured and that the AAA server has per-user configuration
information for the dial-in user.
c. The router looks for AV pairs in the AAA approval response.
d. The router caches the configuration parameters.
Note TACACS servers treat authentication and authorization as two phases; RADIUS servers combine
authentication and authorization into a single step. For more detailed information, refer to your server
documentation.