Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).bind { accounting-proxy address ipv4/ipv6_address | address ipv4/ipv6_address } [ max-subscribers max_sessions | port port_number | source-context source_context ]
bind authentication-proxy address ipv4/ipv6_address [ acct-port port_number | auth-port port_number | max-subscribers max-sessions | source-context source_context ]
accounting-proxy address ipv4/ipv6_address | address ipv4/ipv6_address } [ max-subscribers max_sessions | port port_number | source-context source_context ]
|
•
|
accounting-proxy address ipv4/ipv6_address: Specifies the IP address of the interface where accounting proxy requests are received by this service in IPv4 dotted-decimal or IPv6 colon-separated notation.
|
|
•
|
address ipv4/ipv6_address: Specifies the IP address of the interface where accounting requests are received by this service in IPv4 dotted-decimal or IPv6 colon-separated notation.
|
|
•
|
max-subscribers max_sessions: Specifies the maximum number of subscriber sessions allowed for the service. If this option is not configured, the system defaults to the license limit.
|
In 8.3 and earlier releases, max_sessions must be an integer from 0 through 3000000.
In 9.0 and later releases, max_sessions must be an integer from 0 through 4000000.
|
•
|
port port_number: Specifies the port number of the interface where accounting requests are received by this service.
|
port_number must be an integer from 1 through 65535.
|
•
|
source-context source_context: Specifies the source context where RADIUS accounting requests are received.
|
source_context must be an alphanumeric string of 1 through 79 characters.
authentication-proxy address ipv4/ipv6_address [ acct-port port_number | auth-port port_number | max-subscribers max_sessions | source-context source_context ]
|
•
|
authentication-proxy address ipv4/ipv6_address: Specifies the IP address of the interface where authentication proxy requests are received by this service in IPv4 dotted-decimal or IPv6 colon-separated notation.
|
Important: Enabling authentication proxy also enables accounting proxy.|
•
|
acct-port port_number: Specifies the port number of the interface where accounting proxy requests are received by this service.
|
port_number must be an integer from 0 through 65535.
|
•
|
auth-port port_number: Specifies the port number of the interface where authentication proxy requests are received by this service.
|
port_number must be an integer from 0 through 65535.
|
•
|
max-subscribers max_sessions: Specifies the maximum number of subscriber sessions allowed for the service. If this option is not configured, the system defaults to the license limit.
|
In 8.3 and earlier releases, max_sessions must be an integer from 0 through 3000000.
In 9.0 and later releases, max_sessions must be an integer from 0 through 4000000.
|
•
|
source-context source_context: Specifies the source context where RADIUS accounting requests are received.
|
source_context must be an alphanumeric string of 1 through 79 characters.
Use this command to bind the IPSG RADIUS Server service to a logical AAA interface and specify the number of allowed subscriber sessions. If the AAA interface is not located in this context, configure the source-context parameter.
The following command binds the service to a AAA interface with and IP address of 10.2.3.4 located in the source context named aaa_ingress:
[ encrypted ] password password
|
•
|
encrypted: Specifies that the RADIUS authorization password is encrypted.
|
|
•
|
password password: Specifies the password that must be matched by incoming RADIUS accounting requests.
|
In 12.0 and earlier releases, password must be an alphanumeric string of 1 through 63 characters.
In 12.2 and later releases, with encryption password must be an alphanumeric string of 1 through 132 characters. And without encryption, password must be an alphanumeric string of 1 through 63 characters.
Default: APN
Use this command to set the service to support APN profiles (supporting Gx through the enabling of ims-auth-service) or for basic subscriber profile lookup.
radius accounting { { client { ipv4/ipv6_address | ipv4/ipv6_address/mask } [ encrypted ] key secret [ dictionary dictionary ] [ disconnect-message [ dest-port destination_port ] ] } | { interim create-new-call } }
ipv4/ipv6_address and ipv6/ipv6_address/mask are expressed in IPv4 dotted-decimal or IPv6 colon-separated notation with CIDR.
dictionary dictionary
Specifies what dictionary database to use. The possible values for dictionary are described in the following table:
|
X is the integer value of the custom dictionary.
|
|
 Important: In 12.0 and later releases, no new attributes can be added to the starent-vsa1 dictionary. If there are any new attributes to be added, these can only be added to the starent dictionary. For more information, please contact your Cisco account representative. |
|
[ encrypted ] key secret
|
•
|
encrypted: Specifies that the shared key between the RADIUS client and this service is encrypted.
|
|
•
|
key secret: Specifies the shared key between the RADIUS client and this service.
|
In 12.0 and earlier releases, secret must be an alphanumeric string of 1 through 127 characters and is case sensitive.
In 12.2 and later releases, with encryption secret must be an alphanumeric string of 1 through 236 characters and is case sensitive. And, without encryption secret must be an alphanumeric string of 1 through 127 characters and is case sensitive
dest-port destination_port: Specifies the port number to which the disconnect message must be sent. destination_port must be an integer from 1 through 65535.
The following command configures the service to communicate with a RADIUS client with an IP address of 10.2.3.4 and an encrypted shared secret of secret_1234:
radius dictionary dictionary
dictionary dictionary
Default: starent-vsa1
Specifies what dictionary database to use. The possible values for dictionary are described in the table that follows:
|
customXX
|
XX is the integer value of the custom dictionary.
|
The following command configures the IPSG service to use the custom10 RADIUS database dictionary:
setup-timeout setup_timeout
setup_timeout must be an integer from 1 through 1000000.
