IP Services Gateway Configuration

IP Services Gateway Configuration
 
 
This chapter describes how to configure the IPSG.
This chapter covers the following topics:
 
 
Configuration Requirements for the IPSG
This section provides a high-level description of the configuration requirements of the IPSG.
The Snoop and Server methods use the same configuration components and differ only in how the IPSG service is configured.
The IPSG can be configured in various ways such as by creating a single context with interfaces for the RADIUS messages and both inbound and outbound data traffic. The following figure presents another method in which the IPSG context manages communication with the access gateway for both RADIUS messaging and inbound data traffic. The ISP context is responsible for all outbound data traffic.
The following figure also shows other important components such as IP access control lists (ACLs) in both contexts as well as an Enhanced Charging Service (ECS) configuration.
 
IPSG Support
 
Required Configuration File Components
The following configuration components are required to complete an IPSG configuration file:
Required Component Information
Prior to configuring the system, determine the following information:
For a complete understanding of the required information for all configuration mode commands, refer to the Command Line Interface Reference.
Configuring the IPSG
This section describes how to configure the IPSG to accept RADIUS accounting requests (start messages) in order to extract user information used to apply other services. The following figure illustrates the required components within the system supporting IPSG.
IPSG Configuration Detail
To configure the system to perform as an IPSG:
Step 1
Step 2
Configure the global active charging parameters as described in the Enhanced Charging Service Administration Guide.
Step 3
Step 4
Step 5
Step 6
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
note_smallImportant: Commands used in the configuration examples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands.
 
IPSG Context and Service Configuration
To configure IPSG context and service:
Step 1
 
Step 2
Create two interfaces within the IPSG context for communication with the access gateway by referring to the Creating and Configuring Ethernet Interfaces and Ports procedure in the System Administration Guide.
 
Option 1: RADIUS Server Mode Configuration
To create an IPSG context and IPSG service in RADIUS Server Mode, use the following configuration:
configure
  context <ipsg_context_name>
     ipsg-service <service_name> mode radius-server
        bind address <ip_address>
        radius dictionary <dictionary>
        radius accounting client <ip_address> [ encrypted ] key <secret> [ dictionary <dictionary> ] [ disconnect-message [ dest-port <port_num> ] ]
        end
 
Option 2: RADIUS Server with Proxy Mode Configuration
To create an IPSG context and IPSG service in RADIUS Server Mode with IPSG authentication and accounting proxy configuration, use the following configuration:
configure
  context <ipsg_context_name>
     ipsg-service <service_name> mode radius-server
        bind address <ip_address>
        radius dictionary <dictionary>
        radius accounting client <ip_address> [ encrypted ] key <secret> [ dictionary <dictionary> ] [ disconnect-message [ dest-port <port_num> ] ]
# IPSG Authentication Proxy Configuration:
        bind authentication-proxy address <ip_address>
        connection authorization [ encrypted ] password <password>
        radius dictionary <dictionary>
        radius accounting client <ip_address> [ encrypted ] key <secret> [ dictionary <dictionary> ] [ disconnect-message [ dest-port <port_num> ] ]
        exit
     aaa group default
        radius attribute nas-ip-address address <ip_address>
        radius dictionary <dictionary>
        radius server <ip_address> [ encrypted ] key <key> port <port>
        radius accounting server <ip_address> [ encrypted ] key <key> port <port>
        exit
# IPSG Accounting Proxy Configuration:
     ipsg-service <service_name> mode radius-server
        bind accounting-proxy address <ip_address> port <port>
        radius dictionary <dictionary>
        radius accounting client <ip_address> [ encrypted ] key <secret_key> [ dictionary <dictionary> ] [ disconnect-message [ dest-port <port_num> ] ]
        exit
     aaa group default
        radius attribute nas-ip-address address <ip_address>
        radius dictionary <dictionary>
        radius accounting server <ip_address> [ encrypted ] key <key> port <port>
        end
Notes:
 
For basic AAA configurations please refer to the AAA and GTPP Interface Administration and Reference.
 
Option 3: RADIUS Snoop Mode Configuration
To create an IPSG context and IPSG service in RADIUS Snoop Mode, use the following configuration:
configure
  context <ipsg_context_name>
     ipsg-service <service_name> mode radius-snoop
        bind
        connection authorization [ encrypted ] password <password>
        radius accounting server <ip_address>
        radius dictionary <dictionary>
        end
 
Gx Interface Configuration
For information on how to configure R7 Gx interface support, please refer to the Configuring Rel. 7 Gx Interface section of the Gx Interface Support appendix.
Note the following for IPSG:
 
 
Gy Interface Configuration
For information on how to configure Gy interface support, refer to the Gy Interface Support appendix.
 
ISP Context Configuration
To configure the ISP context:
Step 1
Step 2
Step 3
Create an IP access control list within the ISP context as described in the IP Access Control Lists chapter of the System Administration Guide.
 
Creating the ISP Context
To configure an ISP context, use the following configuration. Note that the following configuration also includes an IP route for data traffic through the IPSG context.
configure
  context <isp_context_name>
     subscriber default
        exit
     ip access-list <access_list>
        redirect css service <service> any
        permit any
        exit
     aaa group default
        exit
     ip route <ip_address/mask> <next_hop_address> <isp_data_intfc_name>
        end
 
Saving the Configuration
Refer to the Verifying and Saving Your Configuration chapter to save the IPSG configuration.
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883