Enabling ISG to Interact with External Policy Servers
Prerequisites for ISG Interaction with External Policy Servers
2
Prerequisites for ISG Interaction with External Policy Servers
For information about release and platform support, see the “Feature Information for ISG Interaction
with External Policy Servers” section on page 8.
Restrictions for ISG Interaction with External Policy Servers
The ISG and external policy servers should be in the same virtual routing and forwarding instance
(VRF).
Information About ISG Interaction with External Policy Servers
To configure ISG interaction with external policy servers, you should understand the following concept:
• Initial and Dynamic Authorization, page 2
Initial and Dynamic Authorization
ISG works with external devices, referred to as policy servers, that store per-subscriber and per-service
information. ISG supports two models of interaction between ISG and external policy servers: initial
authorization and dynamic authorization.
In the initial authorization model, ISG must retrieve policies from the external policy server at specific
points in a session. In this model, the external policy server is typically an authentication, authorization,
and accounting (AAA) server that uses RADIUS. ISG is the RADIUS client. Instead of a AAA server,
some systems use a RADIUS proxy component that converts to other database protocols such as
Lightweight Directory Access Protocol (LDAP).
The dynamic authorization model allows the external policy server to dynamically send policies to the
ISG. These operations can be initiated in-band by subscribers (through service selection) or through the
actions of an administrator, or applications can change policies on the basis of some algorithm (for
example, change session quality of service (QoS) at a certain time of day). This model is facilitated by
the Change of Authorization (CoA) RADIUS extension. CoA introduced peer-to-peer capability to
RADIUS, enabling ISG and the external policy server each to act as a RADIUS client and server.
How to Enable ISG to Interact with External Policy Servers
This section contains the following tasks:
• Configuring the ISG as a AAA Client, page 2
• Configuring the ISG as a AAA Server, page 4
Configuring the ISG as a AAA Client
Perform this task to configure AAA method lists and enable ISG to retrieve policies from a AAA server.
This task must be performed for both initial and dynamic authorization models.
To Next Page
Loading...
Need help?
General