12.2 Configuring AAA
12.2.5 AAA and virtual profiles
Virtual profiles provide the next step in dialer profile evolution. As dialer profiles keep the profile specific to a particular user on a single NAS, the AAA server contains multiple virtual profiles for many users.

Dialer profiles can be further scaled through the use of AAA architecture:

  • Per-user configurations from a centralized AAA server.
  • Support for RADIUS/TACACS+ servers.
  • Use standards-based vendor-specific attribute/value pairs.
  • No proprietary lock-in.
Lab Activity    
  The Denver office has setup and configured a Cisco Secure TACACS+ server and needs to place the routers under the control of the TACACS+ server. In this lab, you may need to modify the hostname and IP address of your router.

Virtual profiles allow profiles to be applied to non-dial-on-demand routing (non-DDR)-enabled interfaces, and allow for centralized configuration management and smaller configurations on routers. With virtual profiles, caller profiles are stored on a centralized AAA server, not on individual access routers.

The steps in virtual profile operation, which are shown in Figure , are as follows:

  1. Check authentication.
  2. Authentication is OK. 
  3. Clone the virtual access interface from the virtual template interface.
  4. Request user configuration information. User configuration information is sent and applied to the virtual access interface.
  5. The virtual access interface is built from the configuration of the physical interface, to which are added the virtual template interface configuration and the user-specific configuration of the virtual profile from the AAA server, as shown in Figure . At this point, the complete virtual access interface is available to handle data to and from the user accessing the network.