-
Optional. If you want
to support more than 320 server configurations system-wide, in the Global
Configuration Mode, use the following command:
aaa large-configuration
-
<context_name> must be the system context
designated for AAA configuration.
-
For information
on GGSN-specific additional configurations using RADIUS accounting see the
Creating
and Configuring APNs section of the
GGSN
Administration Guide.
-
In this release,
the configuration of NAS IP address with IPv6 prefix is currently not
supported.
-
<identifier> must be the name designated to
identify the system in the Access Request message(s) it sends to the RADIUS
server.
-
Optional. Multiple
RADIUS attribute dictionaries have been created for the system. Each dictionary
consists of a set of attributes that can be used in conjunction with the
system. As a result, users could take advantage of all of the supported
attributes or only a subset. To specify the RADIUS attribute dictionary that
you want to implement, in the Context Configuration Mode, use the following
command:
radius dictionary { 3gpp | 3gpp2 | 3gpp2-835 |
customXX
| standard | starent |
starent-835 | starent-vsa1 | starent-vsa1-835 }
-
Optional. Configure
the system to support NAI-based authentication in the event that the system
cannot authenticate the subscriber using a supported authentication protocol.
To enable NAI-construction, in the Context Configuration Mode, use the
following command:
aaa constructed-nai authentication [ encrypted ] password
<password>
-
Optional. If RADIUS is
configured for GGSN service, the system can be configured to support NAI-based
authentication to use RADIUS shared secret as password. To enable, in the
Context Configuration Mode, use the following command:
aaa constructed-nai authentication
use-shared-secret-password
If
authentication type is set to allow-noauth or msid-auth and aaa constructed-nai
authentication use-shared-secret-password is issued then the system will use
RADIUS shared secret as password. In case the authentication type is msid-auth
it will always send RADIUS shared secret as password by default in
ACCESS-REQUEST.
-
Optional. To configure
the system to allow a user session even when all authentication servers are
unreachable, in the Context Configuration Mode, use the following command. When
enabled, the session is allowed without authentication. However, the accounting
information is still sent to the RADIUS accounting server, if it is reachable.
radius allow authentication-down
-
Optional. To configure
the maximum number of times RADIUS authentication requests must be
re-transmitted, in the Context Configuration Mode, use the following command:
radius max-transmissions
<transmissions>
-
Optional. If RADIUS is
configured for PDSN service, to configure the accounting trigger options for
R-P originated calls to generate STOP immediately or to wait for active-stop
from old PCF on handoff, in the Context Configuration Mode, use the following
command:
radius accounting rp
handoff-stop { immediate |
wait-active-stop }
For more
information on configuring additional accounting trigger options for R-P
generated calls for a PDSN service, refer to the
radius accounting
rp command in the
Command
Line Interface Reference.
-
Optional. To configure
the system to check for failed RADIUS AAA servers, in the Context Configuration
Mode, use the following command:
radius detect-dead-server { consecutive-failures
<count>
| keepalive |
response-timeout
<seconds>
}
After a
server's state is changed to "Down", the deadtime timer is started. When the
timer expires, the server's state is returned to "Active". If both
consecutive-failures and
response-timeout are configured, then both
parameters have to be met before a server's state is changed to "Down". For a
complete explanation of RADIUS server states, refer to
RADIUS
Server State Behavior appendix.
-
Optional. To
configure the system to check for failed RADIUS accounting servers, in the
Context Configuration Mode, use the following command:
radius accounting detect-dead-server { consecutive-failures
<count>
| response-timeout
<seconds>
}
After a
server's state is changed to "Down", the deadtime timer is started. When the
timer expires, the server's state is returned to "Active". If both
consecutive-failures and
response-timeout are configured, then both
parameters have to be met before a server's state is changed to "Down". For a
complete explanation of RADIUS server states, refer to
RADIUS
Server State Behavior.
-
Optional. If
required, users can configure the dynamic redundancy for HA as described in the
HA
Redundancy for Dynamic Home Agent Assignment chapter of the
Home
Agent Administration Guide.