configure mobile-gateway profile radius-group command descriptions
radius-group
Syntax
- [no] radius-group radius-group
Context
- [Tree] configure mobile-gateway profile radius-group
Description
This command creates a named radius-group and enters a radius-group context. A radius-group may only apply to a single pdn gateway ID. A radius-group defines a list of RADIUS servers and associated parameters. The radius-profile is applied to the entire group or to an individual server. The radius-group is used at the PDN level or at the APN level.
Parameters
- radius-group
- specifies the group name
accounting-buffer
Syntax
- [no] accounting-buffer
Context
- [Tree] configure mobile-gateway profile radius-group accounting-buffer
Description
This command enables the buffering of one Accounting Stop message per session when no RADIUS server responds. The Accounting Start and Interim Update messages are buffered optionally. The system retries sending the buffered messages periodically using a non-configurable retransmit timer.
The no form of this command disables the buffering of all accounting messages.
Default
no accounting-buffer
interim-update
Syntax
- [no] interim-update
Context
- [Tree] configure mobile-gateway profile radius-group accounting-buffer interim-update
Description
- Non-critical messages do not reflect a significant state change. When buffering is enabled, only the last non-critical Interim Update message per session is buffered.
- Critical messages reflect a significant state change (for example, SPI stop). When buffering is enabled, up to four critical Interim Update messages per session are buffered to prevent loss of data.
The no form of this command disables buffering of the Accounting Interim Update messages.
Default
no interim-update
lifetime
Syntax
- lifetime hours
- no lifetime
Context
- [Tree] configure mobile-gateway profile radius-group accounting-buffer lifetime
Description
This command configures the lifetime for buffered accounting messages. Buffered messages exceeding the lifetime are discarded.
The no form of this command reverts to the default.
Default
lifetime 24
Parameters
- hours
- specifies the lifetime in hours
start
Syntax
- [no] start
Context
- [Tree] configure mobile-gateway profile radius-group accounting-buffer start
Description
This command enables buffering of one Accounting Start message per session.
The no form of this command disables the buffering of the Accounting Start messages.
Default
no start
acct-server-port
Syntax
- acct-server-port port
- no acct-server-port
Context
- [Tree] configure mobile-gateway profile radius-group acct-server-port
Description
This command sets the destination UDP port for the RADIUS accounting server. When configured at the radius-group level it is the default for the entire group.
The no form of this command reverts to the default.
Parameters
- port
- specifies the destination UDP port
auth-server-port
Syntax
- auth-server-port port
- no auth-server-port
Context
- [Tree] configure mobile-gateway profile radius-group auth-server-port
Description
This command sets the destination UDP port for the RADIUS authentication server. When configured at the radius-group level it is the default for the entire group.
The no form of this command reverts to the default.
Parameters
- port
- specifies the destination UDP port
description
Syntax
- description long-description-string
- no description
Context
- [Tree] configure mobile-gateway profile radius-group description
Description
This command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of this command removes the description from the configuration.
Parameters
- long-description-string
- Specifies the description string, up to 80 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
interface
Syntax
- interface [router router-instance] interface-name
- no interface
Context
- [Tree] configure mobile-gateway profile radius-group interface
Description
This command names the interface that will be used to send and receive RADIUS messages. Therefore this command indirectly determines the source IP address. In case this interface belongs to a VPRN other than the master instance, this command must include the VPRN name. (Interface names have VPRN scope.)
The no form of this command removes the parameter values from the configuration.
Parameters
- router-instance
- specifies the name of a VPRN
- interface-name
- specifies an interface name, up to 32 characters; must start with a letter
interim-update-interval
Syntax
- interim-update-interval value
- no interim-update-interval
Context
- [Tree] configure mobile-gateway profile radius-group interim-update-interval
Description
This command enables interim accounting and sets the interval for sending interim-update messages to the accounting server.
The no form of this command reverts to the default.
Parameters
- value
- specifies the time interval, in minutes, for sending interim-update messages to the accounting server
peer
Syntax
- [no] peer {ipv4-address | ipv6-address}
Context
- [Tree] configure mobile-gateway profile radius-group peer
Description
This command identifies a RADIUS server and enters the server context to configure parameters specific to the identified server. This command may configure a single RADIUS server by its IPv4 or IPv6 address. The servers belonging to a radius-group must use the same IP version and the IP version must match that of the RADIUS source interface.
The no form of this command removes the IP address from the configuration.
Parameters
- ipv4-address
- specifies the IPv4 address of a RADIUS server
- ipv6-address
- specifies the IPv6 address of a RADIUS server
acct-server-port
Syntax
- acct-server-port
Context
- [Tree] configure mobile-gateway profile radius-group peer acct-server-port
Description
No description found
auth-server-port
Syntax
- auth-server-port
Context
- [Tree] configure mobile-gateway profile radius-group peer auth-server-port
Description
No description found
failover-threshold
Syntax
- failover-threshold count
- no failover-threshold
Context
- [Tree] configure mobile-gateway profile radius-group peer failover-threshold
Description
This command configures the number of times an unresponsive peer is re-selected, before the RADIUS server is considered unresponsive.
The no form of this command reverts to the default value.
Parameters
- count
- specifies the number of re-selection attempts
failure-detection-time
Syntax
- failure-detection-time value
- no failure-detection-time
Context
- [Tree] configure mobile-gateway profile radius-group peer failure-detection-time
Description
This command configures the failure detection timer defining the maximum duration in seconds the PGW/GGSN waits to receive any successful Auth/Acct response before the server is considered failed. A timer is maintained separately for each authentication and accounting server. This command is effective only with transaction-based load balancing.
The no form of this command reverts to the default.
Parameters
- value
- specifies the failure detection timer, in seconds
priority
Syntax
- priority value
- no priority
Context
- [Tree] configure mobile-gateway profile radius-group peer priority
Description
This command specifies the priority value. This is a number from 1 to 3 with 3 considered the highest priority. The system will attempt to use the highest priority server available at the time. The system will automatically use round-robin load-balancing among servers configured with the same priority.
The no form of this command reverts to the default.
Parameters
- value
- specifies the priority of the server
radius-profile
Syntax
- radius-profile profile-name
- no radius-profile
Context
- [Tree] configure mobile-gateway profile radius-group peer radius-profile
Description
This command applies a radius-profile to the radius-group or to an individual server. When configured at the radius-group level it is the default for the entire group.
The no form of this command removes the name parameter from the configuration.
Parameters
- profile-name
- specifies the group name
secret
Syntax
- secret secret [hash | hash2]
- no secret
Context
- [Tree] configure mobile-gateway profile radius-group peer secret
Description
This is the shared secret key to be used with the server. When configured at the radius-group level it is the default for the entire group. If the hash/hash2 parameter is not used for the password, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are anyway stored automatically in encrypted hash form in the configuration. The info/save uses the configuration defined in system security hash-control context.
Parameters
- secret
- specifies the shared secret key to be used with the server
- hash
- specifies the key is entered in an encrypted form
- hash2
- specifies the key is entered in a more complex encrypted form
shutdown
Syntax
- [no] shutdown
Context
- [Tree] configure mobile-gateway profile radius-group peer shutdown
Description
This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.
The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.
python-policy
Syntax
- python-policy policy-name
- no python-policy
Context
- [Tree] configure mobile-gateway profile radius-group python-policy
Description
This command configures the Python policy to modify the RADIUS messages.
The no form of the command removes the configuration.
Default
no python-policy
Parameters
- policy-name
- References a Python policy that is configured in the following context,
up to 32
characters.
configure python python-policy
radius-profile
Syntax
- radius-profile
Context
- [Tree] configure mobile-gateway profile radius-group radius-profile
Description
No description found
secret
Syntax
- secret
Context
- [Tree] configure mobile-gateway profile radius-group secret
Description
No description found
server-type
Syntax
- server-type server-type
- no server-type
Context
- [Tree] configure mobile-gateway profile radius-group server-type
Description
This command configures the RADIUS group to be all authentication servers, accounting servers, or both.
Parameters
- server-type
- specifies the type of the RADIUS server group
transaction-based-load-balancing
Syntax
- [no] transaction-based-load-balancing
Context
- [Tree] configure mobile-gateway profile radius-group transaction-based-load-balancing
Description
This command configures the PGW/GGSN load balancing behavior for RADIUS authentication and accounting messages. Instead of the default behavior (session-based load balancing), where in the case of a response timeout the messages are retried to the same server until the retry-count is exhausted, in the transaction-based load balancing the server is selected separately for each authentication and accounting request using round-robin distribution. There is no guarantee that all accounting requests related to the same bearer are sent to the same RADIUS server. Authentication and accounting functions are handled separately from each other. Accounting ON/OFF messages (per APN) are not affected by this command. This setting also affects retries. The RADIUS profile containing the retry-count parameter must be linked to the RADIUS group level, in which case it is used for all peers in that group (differing values per server are not supported). The system maintains this counter on group level.
Default
no transaction-based-load-balancing