C H A P T E R

Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS
Topics in this chapter include:

Overview: Configuring the AAA Proxy or Server to Communicate with and Recognize Cisco RPMS as a Proxy, page 4-3 Overview: Configuring the Universal Gateway to Communicate with the Cisco RPMS, page 4-4
Running a Trial Call, page 4-5

Provisioning Cisco RPMS in a Wholesale Dial Network OL-2328-01

4-1

Chapter 4

Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS

Description
Summary Target Platforms Components
After provisioning Cisco RPMS, you must configure the AAA servers and UG to communicate with Cisco RPMS. Cisco AS5000 series universal gateways

Cisco RPMS AAA server Universal gateway

Frequency

As needed.

Tasks
Cisco recommends you provision the network in the following order:
Step 1 Step 2 Step 3 Step 4 Step 5

See Chapter 1 to complete the tasks for provisioning Cisco RPMS. See Chapter 2 to provision Cisco RPMS for non-VPDN service, or Chapter 3 to provision Cisco RPMS with VPDN service. Configure the AAA proxy or server to communicate with and recognize Cisco RPMS as a proxy. Configure the UG to communicate with Cisco RPMS. Run a trial call through the system before pointing high volume live traffic to Cisco RPMS.

Provisioning Cisco RPMS in a Wholesale Dial Network

4-2

OL-2328-01

Chapter 4

Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS Overview: Configuring the AAA Proxy or Server to Communicate with and Recognize Cisco RPMS as a Proxy

Notes

Cisco RPMS must be configured before configuring the AAA server or UG. You should run the system without preauthentication enabled to verify proxy functionality before continuing with preauthentication.

Overview: Configuring the AAA Proxy or Server to Communicate with and Recognize Cisco RPMS as a Proxy
You can use an optional AAA proxy server for AAA records in a Cisco RPMS network architecture. Cisco RPMS provides VPDN and non-VPDN dial services. Note that the VPDN dial services rely on VPDN data specified in the Cisco RPMS VPDN group. If you are deploying a AAA proxy server, you must configure the AAA proxy server to communicate with Cisco RPMS. Cisco RPMS uses RADIUS to communicate with the AAA server and with the UGs. If using Access Registrar AAA proxies, refer to Appendix B, Configuring Access Registrar of the Cisco Resource Policy Management System 2.0 Configuration Guide for more details.

Note

Make sure that all AAA servers support the proxy state attribute. After enabling the AAA proxy server to communicate with Cisco RPMS, you can create a list of AAA proxies. To do so, refer to the Adding a AAA Server or AAA Proxy Server section on page 2-20 of the Cisco Resource Policy Management System 2.0 Configuration Guide.

Provisioning Cisco RPMS in a Wholesale Dial Network OL-2328-01

4-3

Chapter 4 Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS Overview: Configuring the Universal Gateway to Communicate with the Cisco RPMS

Overview: Configuring the Universal Gateway to Communicate with the Cisco RPMS
After provisioning Cisco RPMS and the AAA proxy or server, you must enable communication between the UG and Cisco RPMS. Cisco RPMS and the UGs communicate by using the RADIUS protocol. Let us assume that the UG has already been configured with a single existing AAA RADIUS server group to send AAA messages to the AAA proxy (or server) host. After configuring Cisco RPMS, you must provision Cisco RPMS as a host in the AAA RADIUS server group on the UG, and delete the existing host entry for the AAA proxy or server. This directs the UG to send the AAA messages to Cisco RPMS instead of the AAA proxy or server. Once you have verified operation of Cisco RPMS as a proxy for AAA messages, enable AAA preauthentication for the defined server group. At this point, the UG is sending both preauthentication and AAA messages to Cisco RPMS. Cisco RPMS processes the preauthentication messages for enforcing port policy management features. The Cisco RPMS system processes AAA messages as well in order to keep port policies up-to-date, but its proxy functionality ensures that AAA messages are also delivered to and serviced by the appropriate AAA proxy or AAA server. The example above assumes that you are adding Cisco RPMS as a host or set of hosts in an existing server group, and then removing any pre-existing servers in that group. If so, you can retain a copy of the pre-existing host information by copying and pasting it into a new, unused server group before deleting it from the original server group. Alternatively, you can add Cisco RPMS hosts to an entirely new server group and change your AAA commands to point to the new server group name. To configure a Cisco UG to communicate with Cisco RPMS, refer to Appendix A, Configuring the Universal Gateway of the Cisco Resource Policy Management System 2.0 Configuration Guide. Once you have enabled the UG to communicate with Cisco RPMS, you can create a list of universal gateways. To do so, refer to the Adding a Universal Gateway section on page 2-18 of the Cisco Resource Policy Management System 2.0 Configuration Guide.

Provisioning Cisco RPMS in a Wholesale Dial Network

4-4

OL-2328-01

Chapter 4

Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS Overview: Configuring the Universal Gateway to Communicate with the Cisco RPMS

Running a Trial Call

After configuring Cisco RPMS and the UG, run a trial call to ensure the system is properly configured. Do this before pointing high volume live traffic to Cisco RPMS.

Provisioning Cisco RPMS in a Wholesale Dial Network OL-2328-01

4-5

Chapter 4 Provisioning the AAA Server and Universal Gateway to Communicate with Cisco RPMS Overview: Configuring the Universal Gateway to Communicate with the Cisco RPMS

Provisioning Cisco RPMS in a Wholesale Dial Network

4-6

OL-2328-01