Field | Description |
---|---|
Group name
|
The AAA server group
name.
|
Context
|
The context name.
|
Diameter config:
|
|
Authentication:
|
|
Dictionary
|
The Diameter dictionary
used for authentication.
|
Endpoint name
|
The Diameter endpoint
used for authentication.
|
Max-transmissions
|
The maximum number
of transmission attempts for Diameter authentication.
|
Max-retries
|
The number of retry
attempts for Diameter authentication requests.
|
Request-timeout
|
The Diameter authentication
request timeout period.
|
Redirect-host-avp
|
Indicates whether to
use just one returned AVP, or use the first returned AVP as selecting
the primary host and the second returned AVP as selecting the secondary host.
|
Accounting:
|
|
Dictionary
|
The Diameter dictionary
used for accounting.
|
Endpoint name
|
The Diameter endpoint
used for accounting.
|
Max-transmissions
|
The maximum number
of transmission attempts for Diameter accounting.
|
Max-retries
|
The number of retry
attempts for Diameter accounting requests.
|
Request-timeout
|
The Diameter accounting
request timeout period.
|
Radius Config:
|
|
Dictionary
|
The RADIUS dictionary.
|
Strip-domain
|
Indicates whether the
domain is stripped from the user name prior to authentication or
accounting.
|
Authenticator-validation
|
Indicates whether the
MD5 authentication of RADIUS user is enabled.
|
Allow authentication-down
|
Indicates whether the
system allows subscriber sessions when RADIUS authentication is
unavailable.
|
Allow accounting-down
|
Indicates whether the
system allows subscriber sessions when RADIUS accounting is unavailable.
|
Attributes:
|
|
Nas-identifier
|
The attribute name
by which the system is identified in Access-Request messages.
|
Nas-ip
|
The AAA interface IP
address(es) used to identify the system.
|
Nas-ip backup
|
The IP address of the
secondary interface to use in the current context.
|
Nexthop
|
The next hop IP address
for this NAS IP address.
|
MPLS-label
|
Indicates the MPLS
label used for traffic from the specified RADIUS client NAS IP address.
|
VRF
|
The Virtual Routing
and Forwarding (VRF) Context instance associated with this AAA group.
|
Authentication
|
|
called-station-id
|
Indicates whether RADIUS
authentication attribute for called station id is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
calling-station-id
|
Indicates whether RADIUS
authentication attribute for calling station id is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
imsi
|
Indicates whether RADIUS
authentication attribute for IMSI is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-pdp-type
|
Indicates whether RADIUS
authentication attribute for 3GPP PDP type is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-cg-address
|
Indicates whether RADIUS
authentication attribute for 3GPP CG address is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-gprs-qos-negotiated-profile
|
Indicates whether RADIUS
authentication attribute for 3GPP GPRS QoS negotiated profile is
enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-sgsn-address
|
Indicates whether RADIUS
authentication attribute for 3GPP SGSN address is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-ggsn-address
|
Indicates whether RADIUS
authentication attribute for 3GPP GGSN address is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-imsi-mcc-mnc
|
Indicates whether RADIUS
authentication attribute for 3GPP IMSI MCC MNC is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-ggsn-mcc-mnc
|
Indicates whether RADIUS
authentication attribute for 3GPP GGSN MCC MNC is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-nsapi
|
Indicates whether RADIUS
authentication attribute for 3GPP NSAPI is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-select-mode
|
Indicates whether RADIUS
authentication attribute for 3GPP select mode is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-charging-characteristics
|
Indicates whether RADIUS
authentication attribute for 3GPP charging characteristics is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-sgsn-mcc-mnc
|
Indicates whether RADIUS
authentication attribute for 3GPP SGSN MCC MNC is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-imeisv
|
Indicates whether RADIUS
authentication attribute for 3GPP imeisv is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-rat-type
|
Indicates whether RADIUS
authentication attribute for 3GPP RAT type is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-user-location-info
|
Indicates whether RADIUS
authentication attribute for 3GPP user location information is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-ms-timezone
|
Indicates whether RADIUS
authentication attribute for 3GPP ms timezone is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
Accounting
|
|
called-station-id
|
Indicates whether RADIUS
accounting attribute for called station id is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
calling-station-id
|
Indicates whether RADIUS
accounting attribute for calling station id is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
acct-input-octets
|
Indicates whether RADIUS
accounting attribute for accounting input octets is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
acct-input-packets
|
Indicates whether RADIUS
accounting attribute for accounting input packets is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
acct-session-time
|
Indicates whether RADIUS
accounting attribute for accounting session time is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
acct-output-octets
|
Indicates whether RADIUS
accounting attribute for accounting output octets is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
acct-output-packets
|
Indicates whether RADIUS
accounting attribute for accounting output packets is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
event-timestamp
|
Indicates whether RADIUS
accounting attribute for event timestamp is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
imsi
|
Indicates whether RADIUS
accounting attribute for IMSI is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-charging-id
|
Indicates whether RADIUS
accounting attribute for 3GPP charging ID is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-pdp-type
|
Indicates whether RADIUS
accounting attribute for 3GPP PDP type is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-cg-address
|
Indicates whether RADIUS
accounting attribute for 3GPP CG address is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-gprs-qos-negotiated-profile
|
Indicates whether RADIUS
accounting attribute for 3GPP GPRS QoS negotiated profile is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-sgsn-address
|
Indicates whether RADIUS
accounting attribute for 3GPP SGSN address is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-ggsn-address
|
Indicates whether RADIUS
accounting attribute for 3GPP GGSN address is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-imsi-mcc-mnc
|
Indicates whether RADIUS
accounting attribute for 3GPP IMSI MCC MNC is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-ggsn-mcc-mnc
|
Indicates whether RADIUS
accounting attribute for 3GPP GGSN MCC MNC is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-nsapi
|
Indicates whether RADIUS
accounting attribute for 3GPP NSAPI is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-select-mode
|
Indicates whether RADIUS
accounting attribute for 3GPP select mode is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-charging-characteristics
|
Indicates whether RADIUS
accounting attribute for 3GPP charging characteristics is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-sgsn-mcc-mnc
|
Indicates whether RADIUS
accounting attribute for 3GPP SGSN MCC MNC is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-imeisv
|
Indicates whether RADIUS
accounting attribute for 3GPP imeisv is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-rat-type
|
Indicates whether RADIUS
accounting attribute for 3GPP RAT type is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-user-location-info
|
Indicates whether RADIUS
accounting attribute for 3GPP user location information is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
3gpp-ms-timezone
|
Indicates whether RADIUS
accounting attribute for 3GPP ms timezone is enabled.
The attribute must
also be supported in the configured RADIUS dictionary.
|
Authentication:
|
|
Algorithm
|
The RADIUS authentication
server selection algorithm for the current context.
|
Deadtime
|
The time period to
wait before changing the state of a RADIUS server from “Down” to “Active”,
in minutes.
|
Max-outstanding
|
The maximum number
of messages a AAA manager will queue.
|
Max-retries
|
The maximum number
of times communication with a AAA server is attempted before it
is marked as “Not Responding” and the detect dead
server’s consecutive failures count is incremented.
|
Max-transmissions
|
The maximum number
of re-transmissions for RADIUS authentication requests.
|
Timeout
|
The time period to
wait for a response from the RADIUS server before re-sending the
messages, in seconds.
|
Apn-to-be-included
|
The APN name included
for RADIUS authentication.
|
Authenticate null-username
|
Indicates whether authentication
of user names that are blank or empty is enabled.
|
Probe:
|
|
Interval
|
The time period between
two RADIUS authentication probes.
|
Timeout
|
The timeout period
for HAGR to wait for a response for RADIUS authentication probes.
|
Max-retries
|
The maximum number
of retries for RADIUS authentication probe response.
|
Keepalive:
|
|
Interval
|
The time period between
two keepalive access requests.
|
Timeout
|
The time period between
two keepalive access request retries.
|
Retries
|
The number of times
the keepalive access request is sent before marking the server as
unreachable.
|
consecutive-response
|
The number of consecutive
authentication responses after which the server is marked as reachable.
|
Username
|
The user name used
for authentication.
|
Calling-station-id
|
The calling station
ID used for keepalive authentication.
|
Password
|
The password used for
authentication.
|
Allow access-reject
|
Indicates whether both
access-accept and access-reject are considered as success for the
keepalive authentication request.
|
Detect-dead-server:
|
|
Consecutive-failures
|
The number of consecutive
failures, for any AAA manager, before a server’s state
is changed from “Active” to “Down”.
|
Response-timeout
|
The time period for
any AAA manager to wait for a response to any message before a server’s
state is changed from “Active” to “Down”,
in seconds.
|
Keepalive
|
Indicates whether the
AAA server alive-dead detect mechanism based on sending keepalive
authentication messages to all authentication servers is enabled.
|
Accounting:
|
|
Algorithm
|
The RADIUS accounting
server selection algorithm for the current context.
|
Deadtime
|
The time period to
wait before changing the state of a RADIUS server from “Down” to “Active”,
in minutes.
|
Fire-And-Forget
|
Displays whether or
not the Fire-and-Forget feature is enabled in the AAA Group configuration.
|
Max-outstanding
|
The maximum number
of messages a AAA manager will queue.
|
Max-retries
|
The maximum number
of times communication with a AAA server will be attempted before
it is marked as “Not Responding” and the detect
dead server’s consecutive failures count is incremented.
|
Max-transmissions
|
The maximum number
of re-transmissions for RADIUS accounting requests.
|
Max-pdu-size
|
The maximum sized packet
data unit which can be accepted/generated, in bytes.
|
Interim-timeout
|
The timeout period
for sending accounting INTERIM-UPDATE records, in seconds.
|
Interim-downlink-volume
|
The downlink volume
limit that triggers RADIUS interim accounting, in bytes.
|
Interim-uplink-volume
|
The uplink volume limit
that triggers RADIUS interim accounting, in bytes.
|
Interim-total-volume
|
The total volume limit
for RADIUS interim accounting, in bytes.
|
Timeout
|
The time period to
wait for a response from a RADIUS server before retransmitting a
request.
|
Remote-address
|
Indicates whether remote
IP address lists are configured, and collection of accounting data
for the addresses in those lists on a per-subscriber basis is enabled.
|
Archive
|
Indicates whether archiving
of RADIUS Accounting messages in the system after the accounting
message has exhausted retries to all available RADIUS Accounting
servers is enabled.
|
Apn-to-be-included
|
The APN name included
for RADIUS accounting.
|
R-P originated:
|
|
Trigger active-start
|
Indicates whether when
an Active-Start is received from the PCF and there has been a parameter
change, an R-P event occurs.
|
Trigger active-handoff
|
Indicates whether when
an Active PCF-to-PFC Handoff occurs, a single or two R-P events
will occur (one for the Connection Setup, and the second for the
Active-Start).
|
Trigger active-stop
|
Indicates whether when
an Active-Stop is received from the PCF, an R-P event occurs.
|
Trigger policy
|
the overall accounting
policy for R-P sessions.
|
Trigger stop-start
|
Indicates whether a
stop/start RADIUS accounting pair is sent to the RADIUS server
when an applicable R-P event occurs.
|
Handoff policy
|
The overall accounting
policy for R-P sessions.
|
TOD
|
The time of day a RADIUS
event is generated for accounting.
|
GTP originated:
|
|
Trigger policy
|
The RADIUS accounting
policy for GTP.
|
MIP HA:
|
|
Policy
|
The RADIUS accounting
policy for Mobile IP HA calls.
|
Keepalive:
|
|
Interval
|
The time period between
the two keepalive access requests.
|
Timeout
|
The time period between
each keepalive access request retries.
|
Retries
|
The number of times
the keepalive access request is sent before marking the server as
unreachable.
|
consecutive-response
|
The number of consecutive
authentication response after which the server is marked as reachable.
|
Username
|
The user name used
for authentication.
|
Calling-station-id
|
The calling station
ID used for keepalive authentication.
|
Framed-ip-address
|
The framed-ip-address
used for keepalive accounting.
|
Detect-dead-server:
|
|
Consecutive-failures
|
The number of consecutive
failures, for any AAA manager, before a server’s state
is changed from “Active” to “Down”.
|
Response-timeout
|
The time period for
any AAA manager to wait for a response to any message before a server’s
state is changed from “Active” to “Down”,
in seconds.
|
Keepalive
|
Indicates whether the
AAA server alive-dead detect mechanism based on sending keepalive
authentication messages to all authentication servers is enabled.
|
Charging:
|
|
Auth-algorithm
|
The RADIUS authentication
algorithm.
|
Acct-algorithm
|
The RADIUS accounting
algorithm.
|
Deadtime
|
The time period to
wait before changing the state of a RADIUS server from “Down” to “Active”,
in minutes.
|
Max-outstanding
|
The maximum number
of messages a AAA manager will queue.
|
Max-retries
|
The maximum number
of times communication with a AAA server will be attempted before
it is marked as “Not Responding” and the detect
dead server’s consecutive failures count is incremented.
|
Max-transmissions
|
The maximum number
of re-transmissions for RADIUS requests.
|
Timeout
|
The time period to
wait for a response from a RADIUS server before retransmitting a
request.
|
Detect-dead-server:
|
|
Consecutive-failures
|
The number of consecutive
failures, for any AAA manager, before a server’s state
is changed from “Active” to “Down”.
|
Response-timeout
|
The time period for
any AAA manager to wait for a response to any message before a server’s
state is changed from “Active” to “Down”,
in seconds.
|