Source context name
|
This is an identification string between 1 and 79 characters
(alpha and/or numeric) by which the source context will be recognized by the
system.
Important:
The name of the source context should be the same as the name
of the context in which the FA-context is configured if a separate system is
being used to provide PDSN/FA functionality.
|
Pi Interface Configuration
|
Pi interface name
|
This is an identification string between 1 and 79 characters
(alpha and/or numeric) by which the interface will be recognized by the system.
Multiple names are needed if multiple interfaces will be
configured.
Pi interfaces are configured in the destination context.
If this interface is being used for Interchassis Session
Recovery, you must specify a loopback interface type after the interface_name.
|
IP address and subnet
|
These will be assigned to the Pi interfaces.Multiple addresses
and/or subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
This specifies the physical port to which the interface will be
bound. Ports are identified by the chassis slot number where the line card
resides in, followed by the number of the physical connector on the line card.
For example, port 17/1 identifies connector number 1 on the card
in slot 17.
A single physical port can facilitate multiple interfaces.
|
Physical port description
|
This is an identification string between 1 and 79 characters
(alpha and/or numeric) by which the physical port will be recognized by the
system.
Multiple descriptions are needed if multiple ports will be used.
Physical ports are configured within the destination context and
are used to bind logical Pi interfaces.
|
Gateway IP address(es)
|
Used when configuring static routes from the Pi interfaces to a
specific network.
|
HA service Configuration
|
HA service name
|
This is an identification string between 1 and 63 characters
(alpha and/or numeric) by which the HA service will be recognized by the
system.
Multiple names are needed if multiple HA services will be used.
HA services are configured in the destination context.
|
UDP port number for Mobile IP traffic
|
Specifies the port used by the HA service and the FA for
communications. The UDP port number can be any integer value between 1 and
65535. The default value is 434.
|
Mobile node re-registration requirements
|
Specifies how the system should handle authentication for mobile
node re-registrations.The HA service can be configured as follows:
-
Always require authentication
-
Never require authentication.
Important:
(the initial registration and de-registration will still
be handled normally)
-
Never look for mn-aaa extension
-
Not require authentication but will authenticate if mn-aaa
extension present
|
FA-to-HA Security Parameter Index
Information
|
FA IP address:
The HA service allows the creation of a security profile that
can be associated with a particular FA.
This specifies the IP address of the FA that the HA service will
be communicating with.
Multiple FA addresses are needed if the HA will be communicating
with multiple FAs.
|
Index:
Specifies the shared SPI between the HA service and a particular
FA.
The SPI can be configured to any integer value between 256 and
4294967295.
Multiple SPIs can be configured if the HA service is to
communicate with multiple FAs.
|
Secret:
Specifies the shared SPI secret between the HA service and the
FA.
The secret can be between 1 and 127 characters (alpha and/or
numeric).
An SPI secret is required for each SPI configured.
|
Hash-algorithm:
Specifies the algorithm used to hash the SPI and SPI secret.
The possible algorithms that can be configured are MD5 per RFC
1321 and keyed-MD5 per RFC 2002.
The default algorithm is hmac-md5.A hash-algorithm is required
for each SPI configured.
|
Mobile Node Security Parameter Index
Information
|
Index:
Specifies the shared SPI between the HA service and the mobile
node(s).
The SPI can be configured to any integer value between 256 and
4294967295.Multiple SPIs can be configured if the HA service is to communicate
with multiple mobile nodes.
|
Secret(s):
Specifies the shared SPI secret between the HA service and the
mobile node.
The secret can be between 1 and 127 characters (alpha and/or
numeric).An SPI secret is required for each SPI configured.
|
Hash-algorithm:
Specifies the algorithm used to hash the SPI and SPI secret.
The possible algorithms that can be configured are MD5 per RFC
1321 and keyed-MD5 per RFC 2002.
The default algorithm is hmac-md5.A hash-algorithm is required
for each SPI configured.
|
Replay-protection process:
Specifies how protection against replay-attacks is implemented.
The possible processes are nonce and timestamp.
The default is timestamp with a tolerance of 60 seconds.
A replay-protection process is required for each mobile
node-to-HA SPI configured.
|
Maximum registration lifetime
|
Specifies the longest registration lifetime that the HA service
will allow in any Registration Request message from the mobile node.
The time is measured in seconds and can be configured to any
integer value between 1 and 65534.
An infinite registration lifetime can also be configured by
disabling the timer. The default is 600.
|
Maximum number of simultaneous bindings
|
Specifies the maximum number of "care-of" addresses that can
simultaneously be bound for the same user as identified by NAI and Home
address.
The number can be configured to any integer value between 1 and
5. The default is 3.
|
AAA Interface Configuration
|
AAA interface name
|
This is an identification string between 1 and 79 characters
(alpha and/or numeric) by which the interface will be recognized by the system.
Multiple names are needed if multiple interfaces will be
configured.
AAA interfaces will be configured in the source context.
|
IP address and subnet
|
These will be assigned to the AAA interface.Multiple addresses
and/or subnets are needed if multiple interfaces will be configured.
|
Physical port number
|
This specifies the physical port to which the interface will be
bound. Ports are identified by the chassis slot number where the line card
resides in, followed by the number of the physical connector on the line card.
For example, port 17/1 identifies connector number 1 on the card in slot 17.
A single physical port can facilitate multiple interfaces.
|
Physical port description
|
This is an identification string between 1 and 79 characters
(alpha and/or numeric) by which the physical port will be recognized by the
system.
Multiple descriptions are needed if multiple ports will be used.
Physical ports are configured within the source context and are
used to bind logical AAA interfaces.
|
Gateway IP address
|
Used when configuring static routes from the AAA interface(s) to
a specific network.
|
Home RADIUS Server Configuration
|
Home RADIUS Authentication server
|
IP Address:
Specifies the IP address of the home RADIUS authentication
server the source context will communicate with to provide subscriber
authentication functions.
Multiple addresses are needed if multiple RADIUS servers will be
configured.Home RADIUS authentication servers are configured within the source
context.
Multiple servers can be configured and each assigned a priority.
|
Shared Secret:
The shared secret is a string between 1 and 15 characters (alpha
and/or numeric) that specifies the key that is exchanged between the RADIUS
authentication server and the source context.
A shared secret is needed for each configured RADIUS server.
|
UDP Port Number:
Specifies the port used by the source context and the home
RADIUS authentication server for communications.
The UDP port number can be any integer value between 1 and
65535. The default value is 1812.
|
Home RADIUS Accounting server
|
IP Address:
Specifies the IP address of the home RADIUS accounting server
that the source context will communicate with to provide subscriber accounting
functions.
Multiple addresses are needed if multiple RADIUS servers will be
configured.
Home RADIUS accounting servers are configured within the source
context.
Multiple servers can be configured and each assigned a priority.
|
Shared Secret:
The shared secret is a string between 1 and 15 characters (alpha
and/or numeric) that specifies the key that is exchanged between the RADIUS
accounting server and the source context.A shared secret is needed for each
configured RADIUS server.
|
UDP Port Number:
Specifies the port used by the source context and the home
RADIUS Accounting server for communications. The UDP port number can be any
integer value between 1 and 65535. The default value is 1813.
|
RADIUS attribute NAS Identifier
|
Specifies the name by which the source context will be
identified in the Access-Request message(s) it sends to the home RADIUS server.
The name must be between 1 and 32 alpha and/or numeric characters and is case
sensitive.
|
RADIUS NAS IP address
|
Specifies the IP address of the source context\'s AAA interface.
A secondary address can be optionally configured.
|
Default Subscriber Configuration
|
"Default" subscriber\'s IP context name
|
Specifies the name of the egress context on the system that
facilitates the PDN ports.
Important:
For this configuration, the IP context name should be
identical to the name of the destination context.
|