Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
aaa attribute { 3gpp2-bsid string | 3gpp2-service-option integer | calling-station-id integer | 3gpp2-serving-pcf ip-address }3gpp2-bsid stringstring must contain 12 hexadecimal upper-case ASCII characters.3gpp2-service-option integercalling-station-id integer3gpp2-serving-pcf ip-address3gpp2-serving-pcf attribute value (if configured) is sent in both RADIUS authentication and accounting messages. If the attribute value is not configured (or explicitly “not configured” using the no keyword), RADIUS attributes are still included with just type and length. This is because inclusion/exclusion of RADIUS attributes are still controlled through the dictionary, not via the CLI.Important: First phase authentication is mandatory when multiple authentication is configured on the system.
• context-name name: Specifies the context where the aaa server group is defined as an alphanumeric string of 1 through 79 characters.
• aaa-group name: Specifies the name of the aaa-group to be used for authentication as an alphanumeric string of 1 through 79 characters.
• context-name name: Specifies the context where aaa server group is defined as an alphanumeric string of 1 through 79 characters.
• aaa-group name: Specifies the name of the aaa-group to be used for authentication as an alphanumeric string of 1 through 63 characters.Use the following to configure first-phase authentication for an aaa group named aaa-10 in the PDIF context:crypto-template stringmax-sessions numberThe following command binds a service with the IP address 13.1.1.1 to the crypto template T1 and sets the maximum number of sessions to 2000000:default { { aaa attribute 3gpp2-service-option } | duplicate-session-detection | hss { failure-handling mac-address-validation-failure | mac-address-validation | update-profile } | ip source-violation { drop-limit | period } | setup-timeout | subscriber name | username mac-address-stripping } }
• mac-address-validation: By default, validating the MAC address is disabled.
• update-profile: By default, updating the PDIF profile is disabled.
• drop-limit: Default number of ip source violations permitted in detection period before the call is dropped is 10.
• period: Default detection period is 120 seconds.subscriber nameConfigures the default subscriber name. name is a string of 1-127 characters.
• continue: Ignores a mac-address-validation-failure and continue the session.
• terminate: Terminates the session on a mac-address-validation-failure.The following example enables mac-address validation:ims-sh-service name namedrop-limit numSets the number of allowed source violations within a detection period before forcing a call disconnect. If num is not specified, the value is set to the default.num is an integer from 1 to 1000000. Default: 10period secsIf secs is not specified, the value is set to the default.secs is an integer from 1 to1000000. Default: 120The following command sets the drop limit to 15 and leaves the other values at their defaults:foreign-agent context stringfa-service stringsetup-timeout integersetup-timeout integer
|
| Cisco Systems Inc. |
| Tel: 408-526-4000 |
| Fax: 408-527-0883 |