AAA interfaces are specified by assigning the IP address of a logical interface within a specific context as the RADIUS NAS IP Address (RFC-2865 and RFC-2866) within the same context. This is done using the radius attribute nas-ip-address command in the context configuration mode.

AAA interfaces in support of data services can be configured within any context.

Typically it exists in the:

• Ingress context for PDSN and ASNGW services

• Egress context for GGSN services

A AAA interface is selected in the following order:

• NAI-based selection

• Default AAA context

• Last-resort AAA context

• If all else fails defaults to the Ingress Context

AAA servers can be configured with "primary" and "backup" servers for any context.

Authentication and Accounting servers can be configured individually per context.

Multiple AAA contexts can be configured to support different accounting and authentication servers based on the domain where that the subscriber belongs.

AAA server group provides AAA functionality to the each subscriber separately with in the same context.

AAA server group for AAA functionality can be configured with following limits:

• A total of 800 AAA server groups (including "default" server group) are available per context or system.

• A maximum number of authentication/accounting servers per AAA server group is 128.

• A maximum of 1600 servers can be configured in a context or a system, regardless of the number of server groups, with any combination for authentication and/or accounting.

• A maximum of 800 NAS-IP addresses/NAS identifier (1 primary and 1 secondary per server group) can be configured per context.

• The maximum attribute size in Diameter-EAP-Answer (DEA) message is 3400 bytes.