IPSG RADIUS Snoop Configuration Mode Commands


IPSG RADIUS Snoop Configuration Mode Commands
 
 
The IP Services Gateway (IPSG) RADIUS Snoop Configuration Mode is used to create and configure IPSG services within the current system context. The IPSG RADIUS Snoop Mode configures the system to inspect RADIUS accounting requests on the way to the RADIUS accounting server and extract user information.
 
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
 
bind
Configures the service to accept data on any interface configured in the context. Optionally allows the system to limit the number of sessions processed by this service.
Product
IPSG
Privilege
Security Administrator, Administrator
Syntax
bind [ max-subscribers num ]
no bind
no
Removes the binding for the service.
max-subscribers num
Specifies the maximum number of subscriber sessions allowed for the service. If this option is not configured, the system defaults to the license limit.
In Release 8.x, on an ASR 5000 chassis, num must be an integer from 0 through 3000000.
In Release 9.0 and later, num must be an integer from 0 through 4000000.
Usage
Use this command to initiate the service and begin accepting data on any interface configured in the context.
Example
The following command prepares the system to receive subscriber sessions on any interface in the context and limits the sessions to 10000:
bind max-subscribers 10000
 
connection authorization
Sets the RADIUS authorization password that must be matched by the RADIUS accounting requests “snooped” by this service.
Product
IPSG
Privilege
Security Administrator, Administrator
Syntax
connection authorization { [ encrypted ] password password }
no connection authorization
no
Removes the RADIUS authorization for the IPSG RADIUS snoop service.
[ encrypted ] password password
encrypted: Indicates that the received RADIUS authorization password is encrypted.
password password: Specifies the password that must be matched by incoming RADIUS accounting requests.
password must be an alpha and/or numeric string of 1 through 63 characters in length.
Usage
RADIUS accounting requests being examined by the IPSG RADIUS snoop service are destined for a RADIUS Accounting Server. Since the “snoop” service does not terminate user authentication, the user password is unknown.
Use this command to configure the authorization password that the RADIUS accounting requests must match in order for the service to examine and extract user information.
Example
The following command sets the RADIUS authorization password that must be matched by the RADIUS accounting requests “snooped” by this service. The password must be encrypted and the example provided is the word “secret”.
connection authorization encrypted password secret
 
end
Exits the current mode and returns to the Exec Mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to change to the Exec Mode.
 
exit
Exits the current mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to returns to the parent configuration mode.
 
radius
Specifies RADIUS Accounting Servers where accounting requests are sent after being “inspected” by this service.
Product
IPSG
Privilege
Security Administrator, Administrator
Syntax
[ no ] radius { accounting server address [ port num | source-context name ] | dictionary { 3gpp2 | 3gpp2-835 | customXX | standard | starent | starent-835 | starent-vsa1 | starent-vsa1-835 } }
no
Removes the RADIUS accounting server identifier from this service.
radius accounting server address
Specifies the IP address of a RADIUS Accounting Server where accounting requests are sent after being “snooped” by this service. address must be specified using standard IPv4 or IPv6 dotted decimal notation and must be a valid IP address.
Up to 16 addresses can be configured.
port num
Default: 1813
Specifies the port number of the RADIUS Accounting Server where accounting requests are sent after being “snooped” by this service.
num must be an integer from 0 through 65535.
source-context name
Specifies the source context where RADIUS accounting requests are received.
name must be an alpha and/or numeric string of 1 through 79 characters in length.
If this keyword is not configured, the system will default to the context in which the IPSG service is configured.
disctionary { 3gpp2 | 3gpp2-835 | customXX | standard | starent | starent-835 | starent-vsa1 | starent-vsa1-835 }
Specifies what dictionary database to use. The possible values are described in the following table:
 
XX is the integer value of the custom dictionary.
Important: RADIUS dictionary custom23 should be used in conjunction with Enhanced Charging Service (ECS). Refer to the Enhanced Charging Service Configuration and Reference Guide for more information.
Usage
Use this command to specify the RADIUS Accounting Servers where accounting requests are sent after being snooped by this service.
Example
The following command specifies the IP address (1.2.3.4) of a RADIUS Accounting Server whose accounting requests are to be “snooped”, and the source context (aaa_ingress) where the requests are received on the system:
radius accounting server 1.2.3.4 source-context aaa_ingress
 
setup-timeout
Configures a timeout value for IPSG session setup attempts.
Product
IPSG
Privilege
Security Administrator, Administrator
Syntax
setup-timeout seconds
default setup-timeout
seconds
Default: 60
Specifies the period of time, in seconds, the IPSG session setup is allowed to continue before the setup attempt is terminated.
seconds must be an integer from 1 through 100000.
Usage
Use this command to prevent IPSG session setup attempts from continuing without termination.
Example
The following command sets the session setup timeout to 20 seconds:
setup-timeout 20
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883