|
Techpubs Home
Report an Error
Entire manual as PDF [11118 KB]
|
 |
-
About This Guide
- Objective
- Audience
- Documentation Conventions
- Related Documentation
- Requests for Comments (RFCs)
- 3GPP and 3GPP2 Technical Specifications
- WiMAX Technical Specifications
- Third-Party Products
- Obtaining Documentation
- Documentation Feedback
- Requesting Technical Support
- Self-Help Online Tools and Resources
- Opening a Case with JTAC
-
Steel-Belted Radius Carrier Overview
- Introduction to Steel-Belted Radius Carrier
- SBR Carrier Core Features
- 3rd Generation Partnership Project (3GPP) Support
- Native Support for Structured Attributes
- Adding NAS Location Information to Access-Requests
- Support for Additional EAP Authentication Protocols
- Statistics and Reporting Capabilities
- Management Interfaces
- SBR Administrator (GUI)
- LDAP Configuration Interface (LCI)
- Command Line Utility
- XML/HTTPS Interface
- SNMP
- Optional SIM Authentication Module
- Optional SMS Authentication Module
- Optional CDMA Mobility Module Features
- Mobile IP
- Dynamic Home Agent Assignment
- New Session Hotlining
- Prepaid Data Services
- High Rate Packet Data
- Optional WiMAX Mobility Module Features
- Optional Session Control Module
- Optional Scripting Module
- Optional Session State Register (High Availability) Module
- Optional Concurrency Module
- Licensing
- SBR Administrator
-
RADIUS Basics
- RADIUS Overview
- RADIUS Packets
- RADIUS Ports
- RADIUS Configuration
- RADIUS Server Configuration
- RADIUS Client Configuration
- Multiple RADIUS Servers
- Shared Secrets
- RADIUS Secret
- Replication Secret
- Node Secret
- Accounting
- Attributes
- Dictionaries
- Vendor-Specific Attributes
- Dictionaries and the Make/Model Field
- Updating Attribute Information
- Structured Attributes
- User Attribute Lists
- Check List Attributes
- Return List Attributes
- Structured Attributes in Check Lists and Return Lists
- Attribute Values
- Single- and Multi-Valued Attributes
- Orderable Multi-Valued Attributes
- System Assigned Values
- Echo Property
- Default Values
- Wildcard Support
- Attribute Filtering
- Adding NAS Location Attributes to Access-Requests
- Centralized Configuration Management
- Proxy RADIUS
- Proxy RADIUS Authentication
- Proxy RADIUS Accounting
- Authentication
- Authentication Methods
- Native User Authentication
- Pass-Through Authentication
- Proxy RADIUS Authentication
- External Authentication
- Directed Authentication
- HTTP Digest Access Authentication
- Authenticate-Only Requests
- Configuring the Authentication Sequence
- Configuring Authentication Methods
- Advanced Options
- Account Lockout
- Account Redirection
- Blacklisting
- Allowed Access Hours
- Two-Factor Authentication
- Password Protocols
- Password Authentication Protocol
- Challenge Handshake Authentication Protocol
- MS-CHAP v2
- Accounting
- Accounting Sequence
- Comma-Delimited Log Files
- Proxy RADIUS Accounting
- External Accounting
- Tunneled Accounting
- Directed Accounting
- Accounting Spooling
- Request Routing
- Match Rules
- User-Names with a Single Delimiter
- User-Names with a Single Tunnel Delimiter
- User-Names with a Single Realm Delimiter
- User-Names with Multiple Suffix Delimiters
- User-Names with Multiple Prefix Delimiters
- Undecorated User-Names
- Configuring Undecorated User-Name Support
- Example
- Request Routing by DNIS
- Request Routing by Any Attribute
- Local Services
- Control Over Routing Methods
- Radius Client Groups
- IP Address Assignment
- Address Pools and Replication
- Hints
- Resource Management
- Network Address Assignment
- How Address Assignment Works
- Setting Return List Attributes
- Handling Address Leaks
- Address Leakage Upon Stopping and Starting the Server
- Overlapping Address Ranges
- Order of Address Assignment
- Concurrent Network Connections
- Concurrent User Connections
- Concurrent Tunnel Connections
- Attribute Value Pooling
- Phantom Records
- IPv6 Support
- IPv6 and Steel-Belted Radius Carrier
- IPv6 Features
- IPv6 Addressing
- Address Notation
- Address Prefixes
- Address Interface IDs
- IPv6 Network Numbers
- IPv6 Support in Steel-Belted Radius Carrier
- RADIUS IPv6 Attributes
- NAS-IPv6-Address
- Framed-Interface-Id
- Framed-IPv6-Prefix
- Login-IPv6-Host
- Framed-IPv6-Pool
- Framed-IPv6-Route
- Enabling IPv6 Networking
- Configuring IPv6 Scope IDs
- Configuring IPv6 Addresses for RADIUS Client Connections
- Configuring DNSv6 Support
-
Using SBR Administrator
- Running the SBR Administrator
- Navigating in SBR Administrator
- SBR Administrator Panels
- SBR Administrator Sidebar
- SBR Administrator Menus
- File Menu
- Edit Menu
- Tools Menu
- Web Menu
- Help Menu
- SBR Administrator Toolbar
- SBR Administrator Dialogs
- Adding an Entry
- Editing an Entry
- Cutting/Copying/Pasting Records
- Resizing Columns
- Changing Column Sequence
- Sorting Information
- Adding License Keys
- Displaying Version Information
- Closing the SBR Administrator
-
Administering RADIUS Clients and Client Groups
- Overview
- RADIUS Clients Panel
- Adding a RADIUS Client or Client Group
- Verifying a Shared Secret
- Deleting a RADIUS Client
-
Administering RADIUS Location Groups
- About RADIUS Location Groups
- Location Groups Panel
- Adding a Location Group
- Deleting a Location Group
-
Administering Users
- User Files
- Users Panels
- Setting Up Native Users
- Adding a Native User
- Editing a Native User
- Deleting a Native User
- Adding a Check List or Return List Attribute to a User
- Adding Structured Attributes to the Check List or Return List of a User
- Setting Up SecurID Users
- Adding a SecurID User
- Setting Up UNIX Users
- Editing User Settings
- Assigning a Profile to a User
- Setting Attribute Values
- Removing Attribute/Value Pairs
- Reordering Attributes
- Changing Attributes Inherited from a Profile
- Concurrent Connection Limits
- Allowed Access Hours
- Deleting a User
-
Administering Profiles
- About Profiles
- Adding a Check List or Return List Attribute to a Profile
- Resolving Profile and User Attributes
- Setting Up Profiles
- Adding a Profile
- Adding Structured Attributes to the Check List or Return List of a Profile
- Removing a Profile
-
Administering Proxy RADIUS
- Proxy RADIUS Overview
- Proxy RADIUS Authentication
- Proxy RADIUS Accounting
- Proxy RADIUS Realms
- Target Selection Within a Realm
- Message-Authenticator Support
- Proxy Fast-Fail
- Static Proxy Accounting
- Proxy AutoStop Feature
- Routed Proxy Authentication
- Operation
- Adding a Proxy Target
- Maintaining an Accounting Shared Secret
- Deleting a Proxy Target
- Steel-Belted Radius Carrier as a Target
- Dictionaries When Steel-Belted Radius Carrier is the Target
- Accepting Packets from Any Proxy
-
Administering RADIUS Tunnels
- About RADIUS Tunnels
- Tunnel Authentication Sequence
- Configuring Tunnel Support
- Called Station Id
- Dictionaries for Tunnel Support
- Concurrent Tunnel Connections
- Configuring RADIUS Tunnels
- Adding a Tunnel
- Editing a Tunnel
- Deleting a Tunnel
- Configuring Tunnel Name Parsing
-
Administering Address Pools
- Address Pool Files
- Setting Up IP Address Pools
- Adding an IPv4 Address Pool
- Editing an IP Address Pool
- Removing an IP Address Pool
- Specifying an IP Address Pool for User/Profile Records
- NAS-Specific IP Address Pools
- Service-Level IP Address Pools
- Specifying IP Address Assignment from a DHCP Server
- Address Allocation
- Address Renewal
- Address Release
- DHCP Option Mapping
- Using Multiple Servers
-
Setting Up Administrator Accounts
- Administrators Panel
- Adding an Administrator or Group
- Deleting an Administrator or Group
- Administrator Configuration Files
-
Configuring Realm Support
- Realm Configuration Files
- Stage One of Realm Configuration
- Configuring a Proxy RADIUS Realm
- Configuring a Directed Realm
- Editing the radius.ini Realm Settings
- Editing the proxy.ini File
- Setting Up Smart Static Accounting
- Setting Up Proxy RADIUS Realms
- Configuration Tasks
- Setting Up Directed Realms
- How to Update Realm Configuration
-
Setting Up Filters
- Overview
- Order of Filter Rules
- Values in Filter Rules
- Referencing Attribute Filters
- Filters Panel
- Adding a Filter
- Searching the Filter List
-
Setting Up Authentication Policies
- Authentication Policy Overview
- Order of Authentication Methods
- Adding EAP Methods to an Authentication Policy
- Enabling EAP Methods
- Activating an EAP Method
- Certificates
- Certificate Chains
- Certificate Revocation Lists
- Configuring Server Certificates
- Adding a Certificate
- Trusted Root Certificates
- Adding a Trusted Root Certificate
- Configuring a CRL Distribution Point Web Proxy
- Configuring Authentication Rejection Messages
- Configuring the Server
- Configuring External Databases
- Configuring SecurID Authentication
- Set the Location of the sdconf.rec File
-
Setting Up EAP Methods
- About the Extensible Authentication Protocol
- Handling EAP Requests
- Automatic EAP Helpers
- Authentication Request Routing
- EAP-Only Setting
- First-Handle-Via-Auto-EAP Setting
- EAP-NAK Notifications
- Reauthenticating Connections
- Certificates
- Certificate Chains
- Certificate Revocation Lists
- EAP-TLS Authentication Protocol
- Configuring EAP-TLS as an EAP Authentication Method
- Configuring Client Certificate Validation
- Configuring Session Resumption
- Configuring Advanced Server Settings
- Configuring EAP-TLS as an Automatic EAP Helper
- Configuring Client Certificate Validation
- Configuring Secondary Authentication
- Configuring Session Resumption
- Configuring Advanced Server Settings
- EAP-TTLS Authentication Protocol
- Configuring EAP-TTLS as an EAP Authentication Method
- Configuring Request Filters
- Configuring Response Filters
- Configuring Client Certificate Validation
- Configuring Session Resumption
- Configuring Inner Authentication Settings
- Configuring Advanced Server Settings
- EAP-PEAP Authentication Protocol
- Configuring EAP-PEAP as an EAP Authentication Method
- Configuring Request Filters
- Configuring Response Filters
- Configuring Session Resumption
- Configuring Inner Authentication Settings
- Configuring Advanced Server Settings
- EAP-LEAP Authentication Protocol
- EAP-POTP Authentication Protocol
- EAP-GTC Authentication Protocol
- EAP-MD5-Challenge Authentication Protocol
- EAP-MS-CHAP-V2 Authentication Protocol
- EAP-SIM and EAP-AKA Authentication Protocols
-
Configuring Replication
- Overview of Replication
- Replication Requirements
- Configuring Replica Servers
- Adding a Replica Server
- Enabling a Replica Server
- Deleting a Replica Server
- Publishing Server Configuration Information
- Notifying Replica RADIUS Servers
- Designating a New Primary Server
- Making a Standalone Server the Primary Server
- Making a Standalone Server a Replica Server
- Verifying the Primary and Replica Servers Are Enabled
- Demote a Primary or Replica Server to a Standalone Server
- Recovering a Replica After a Failed Configuration Package Download
- Changing the Name or IP Address of a Server
- Replication Error Messages
- Error Messages on Replica Servers
- Error Messages on Primary Servers
-
3GPP Support
- Overview
- Data Connection Process
- Accounting Process
- 3GPP Configuration
-
Configuring SQL Authentication
- Overview of SQL Authentication
- SQL Authentication Process
- Stored Procedures
- Connectivity Issues
- Configuring SQL Authentication
- Files
- Using the SQL Authentication Configuration File
- Using Multiple SQL Authentication Methods
- Connecting to the SQL Database
- SQL Statement Construction
- Password Parameters
- Overlapped Execution of SQL Statements
- %result Parameter
- SQL Authentication and Password Format
- Hashed Passwords
- Automatic Parsing
- Working with Stored Procedures in Oracle
- Working with Stored Procedures in MS-SQL
- Example 1
- Example 2
- Tips on Using SQL Stored Procedures
- Calling Stored Procedures
- Using the Insert Function
-
Configuring SQL Accounting
- SQL Accounting Overview
- Stored Procedures
- Connectivity Issues
- Configuring SQL Accounting
- Files
- Using the SQL Accounting Configuration File
- Using Multiple SQL Databases
- Connecting to the SQL Database
- SQL Statement Construction
- INSERT Statement and VALUES Section
- Using Multiple SQL Statements
- Overlapped Execution of SQL Statements
- SQL Accounting Return Values
- Accounting Stored Procedure Example
-
Configuring LDAP Authentication
- LDAP Authentication Overview
- LDAP Variable Table
- Types of LDAP Authentication
- BindName Authentication
- Bind Authentication
- Attributes and LDAP Authentication
- Configuring LDAP Authentication
- Supporting Secure Sockets Layer
- Files
- LDAP Database Schema
- LDAP Authentication and Password Format
- Hashed Passwords
- Automatic Parsing
- LDAP Authentication Sequence
- LDAP Authentication Examples
- Bind Authentication with Default Profile
- BindName Authentication with Callback Number Returned
- LDAP Bind with Profile Based on Network Access Server
-
SS7 and SIGTRAN Gateway Support
-
Proxy RADIUS Authentication and Accounting
- Proxy RADIUS as an Authentication Method
- Proxy RADIUS Accounting
-
Simple Network Management Protocol
- SNMP and Steel-Belted Radius Carrier Overview
- The SBR Carrier SNMP Package
- Supported MIBs
- Configuring the SNMP Agent
- Running the SNMP Agent
- Starting the SNMP Agent
- Stopping the SNMP Agent
- Rereading the jnprsnmpd.conf File
- Verifying SNMP Agent Operation
- Running the testagent.sh Script
- Using the snmpget Command
- Using the snmpwalk Command
- Resetting Rate Statistics
- Troubleshooting
-
Using the LDAP Configuration Interface
- LDAP Configuration Interface File
- LDAP Configuration Interface Overview
- LDAP Utilities
- LDAP Requests
- Downloading the LDAP Utilities
- LDAP Version Compliance
- Configuring the LDAP TCP Port
- Example
- Configuring the LCI Password
- LDAP Virtual Schema
- LDAP Rules and Limitations
- Using the LCI to Define Structured Attributes in Check Lists and Return Lists
- LCI XML Format
- LDAP Command Examples
- Searching for Records
- Modifying Records
- Importing Records from Another LDAP Database
- Deleting Records
- LDIF File Examples
- Adding RADIUS Clients with LDIF
- Adding Users with LDIF
- Adding Proxy Targets with LDIF
- Adding Tunnels with LDIF
- Adding IP Address Pools with LDIF
- Configuring a RADIUS Server with LDIF
- Statistics Variables
- Counter Statistics
- stattype: server
- stattype: authentication
- stattype: accounting
- stattype: proxy
- Rate Statistics
-
SIM Authentication Module
- SIM Authentication Module Component Overview
- SIMAuth
- Ulticom Signalware SS7 and SIGTRAN Protocol Stacks
- Ulticom SS7 Interface Board
- MAP Gateway (authGateway) Application
- CDR Accounting
- Data Accessors
- Operation Overview
- SIM Card-Based Authentication
- EAP-SIM/EAP-AKA Authorization/Service Delivery
- EAP-SIM/EAP-AKA Identities
- EAP-SIM/EAP-AKA Fast Reauthentication
- SIM Authentication Module Configuration
- Special Attribute Handling Features
- Assigning IP Addresses Based on Access Point Name (APN)
- Overview
- Configuration Tasks for Assigning IP Address Based on Access Point Name
- Adding Attributes to an Access-Accept
- Overview
- Data Flow
- Configuration Tasks for Adding Attributes to Access-Accept
- Files to Configure for Adding Attributes to Access-Accept
- Activating the Authentication Method
- Kineto S1 Support
-
SMS Authentication Module
- SMS Authentication Module Component Overview
- SMS Provisioning and Authentication
- Ulticom Signalware SS7 and SIGTRAN Protocol Stacks
- Ulticom SS7 Interface Board
- SMS Gateway Application
- MAP Gateway (authGateway) Application
- CDR Accounting
- Data Accessors
- Web-Based Authentication Using the SMS Module
- SMS Authorization and Temporary Account Provisioning
- SMS Authentication
- CDR Accounting and Billing
- Fraud Prevention
- SMS Authentication Module Configuration
- Kineto S1 Support
-
Overview of the WiMAX Mobility Module
- Supported Features of the WiMAX Mobility Module
- WiMAX Network Reference Model
- Home Network Communication Flow Example
- AAA-Generated Cryptographic Keys
- Home Agent Root Key (HA-RK)
- Allowing the VAAA to Assign the HA-RK
- DHCP Server Root Key (DHCP-RK)
- EAP Authentication Methods and EAP-Derived Cryptographic Keys
- Master Session Key (MSK)
- Extended Master Session Key (EMSK)
- EMSK-Derived Key Generation and Identification
- MSK and EMSK-Derived Key Lifetime and Deprecation
- EMSK-Derived Key Storage and Retrieval
- WiMAX Vendor Specific Attribute (VSA) Format
- Structured Attributes
- WiMAX Capabilities Negotiation
- WiMAX-Capability Attribute
- WiMAX-Capability Structured Attribute
- Enabling WiMAX Capabilities Negotiation
- Home Agent and DHCP Server Assignment
- Assignment Using Return List Attributes
- Assignment Using Statically Weighted Round-Robin Groups
- Assignment Using the Smart Dynamic Home Agent Assignment Feature
- WiMAX Post-Paid (Offline) Accounting
- Flow-Based Accounting
- IP-Session-Based Accounting
- WiMAX Prepaid Accounting
- Prepaid Scenarios
- Single-Service Prepaid Solution
- Multi-Service Prepaid Solution
- Data Flow for Prepaid Accounting in SBR Carrier
- Data Flow for Single-Service Prepaid Accounting Model
- Categorizing Access-Requests from Different Devices
- Access-Request from the ASN-GW
- Access-Request from the Home Agent
- Access-Request from the DHCP Server
- Categorization Rules
-
Configuring the WiMAX Mobility Module
- Before You Begin
- Configuring the radius.ini File for WiMAX
- Configuring Support for Authorize-Only Requests
- Enabling the WiMAX Module and Configuring What Request Types Are Supported
- Configuring Support for Mobile IP Requests
- Configuring the Home Agent and DHCP Server Assignment
- Define the List of Home Agents and DHCP Servers
- Configuring Return List Attributes to Assign the Home Agent and DHCP Server
- Assignment When Acting as the HAAA Server
- Assignment When Acting as the VAAA Server
- Configuring Statically Weighted Round-Robin Groups to Assign the Home Agent and DHCP Server
- Configuring the Smart Dynamic Home Agent Assignment Feature
- Smart Dynamic Home Agent Assignment Configuration Overview
- Operation of the Smart Dynamic Home Agent Assignment Feature
- Access-Request Processing
- Configuring WiMAX Clients
- Configuring WiMAX Users and Profiles
- Configuring the WiMAX-Capabilities Negotiation
- Example Configuration for New Session Hotlining
- Configuring the EAP Methods for WiMAX
- EAP-TTLS Secondary Authentication Support
-
Overview of the CDMA Mobility Module
- CDMA Mobility Module Overview
- IP Address Management
- Simple IP
- Mobile IP
- IP Address Durability in Roaming Scenarios
- Support for Special Accounting Requests
-
Configuring the CDMA Mobility Module
- Configuring Simple IP Support
- Simple IP Request Types
- Simple IP User Authentication Request
- Mobile IP Configuration
- Mobile IP Request Types
- Determining Mobile IP Request Types
- Foreign Agent User Authentication Requests
- Home Agent Assignment Process
- Home Agent Assignment Summary
- Home Address Assignment Process
- Home Address Assignment Summary
- IPsec Security Attributes Needed for Foreign Agent and Home Agent Communications
- Proxy Realm Based Configuration
- Home Agent Key Distribution Requests
- MN-HA Shared Key Distribution Requests
- Home Agent User Authentication Requests
- IP Address Assignments from Filters
- Attributes and Filters
- Configuring the CDMA Module
-
Configuring the Advanced Features of the CDMA Module
- Assigning the Home Agent Dynamically
- Configuring Dynamic Home Agent Assignment
- Example
- Inter-PDSN Handoff
- Inter-PDSN Handoff Process
- Configuring Inter-PDSN Handoff
- Example
- New Session Hotlining
- Configuring New Session Hotlining
- Enabling New Session Hotlining
- Example
- Configuring the nshl.att File
- Example
- Hotlining Prepaid Sessions
- Example
- Disabling New Session Hotlining
- Creating Hotline Profiles
- Hotline Capability Attribute
- Filtering Hotlining Capabilities
- Assigning Hotline Profiles to Users
- Assigning Hotline Profiles with the SQL Database
- Populating the SQL Database with Profile Names
- Configuring the radsql.aut or radsqljdbc.aut File
- Example
- Assigning Hotline Profiles in Steel-Belted Radius Carrier
- Prepaid Data Services
- Overview
- Components of the Prepaid Data Services
- Supporting Authorize-Only Requests
- Configuring Prepaid Functionality
- Configuring the 3gpp2.ini File for the Prepaid Data Services
- Configuring Filters for Prepaid Attributes
- Example
- Configuring the prepaidAcct.acc Plug-in File
- Example
- Configuring the prepaidAttr.att Plug-in File
- [Bootstrap] Section of prepaidAttr.att
- [Settings] Section of prepaidAttr.att
- Example
- Configuring the parlayPPSplugin.gen File
- Determining the Volume or Duration Threshold
- Example
- Configuring the radius.ini File for the Prepaid Services
- Example
- Sending and Receiving Prepaid Attributes
- Prepaid Attributes
- Filtering Prepaid Attributes
- Configuring Prepaid Timeouts
- Session Timeouts
- Example
- Request Timeouts
- Example
- Using New Session Hotlining and Prepaid Sessions Together
- Example
- Disabling Prepaid Functionality
- HRPD Access Network Support
- Binary Coded Decimal (BCD) Format
- Configuring Steel-Belted Radius Carrier for BCD Encoding
- Subscriber QoS (Quality of Service) Profile Definition at Authentication
- Using Structured Attributes to Build the Compound Attributes for the QoS Profile
- Using the mimAttributeProcessor Plug-In to Build the Compound Attributes for the QoS Profile (Deprecated)
- Packet Tracing
- Flow-based Accounting Message Processing
- Main and Auxiliary Service Connections
- Proxying Per-Flow Accounting Messages
- Example - proxy.ini file
- Example - sample.pro file
- LDAP Configuration Interface Enhancements
-
Session State Register Overview
- SSR Cluster Concepts and Terminology
- Session State Register Servers
- Session State Register Nodes
- SSR Data Entities
- Cluster Configurations
- Session State Register Scaling
- Adding a Data Node Expansion Kit
- Adding a Third Management Node
- Adding More SBR Carrier Front End Servers
- Cluster Network Requirements
- Supported SBR Carrier SSR Cluster Configurations
- Failover Overview
- Failover Examples
- Distributed Cluster Failure and Recovery
- Session State Register Database Tables
- IP Address Pools
- Subscriber Session Data Controls
- Application Support
-
Session State Register Administration
- SSR Administration Overview
- Overview of Starting and Stopping a Session State Register Cluster
- Starting the Cluster
- Stopping the Cluster
- Stopping a Single Node
- Starting a Single Node
- sbrd
- Running sbrd on a Stand-Alone Server
- Running sbrd on Session State Register Nodes
- When to Stop, Start, or Restart SBR Carrier Nodes
- Administration Scripts Overview
- Using the Monitor Script
- Monitor.sh
- Creating and Destroying the SSR Database
- CreateDB.sh
- DestroyDB.sh
- Creating a Demonstration Database
- DemoSetup.sh
- Steel-Belted Radius Carrier Node Administration Scripts
- Using IP Address and IP Address Pool Scripts
- Using Management Mode
- ClearCache.sh
- ShowCaches.sh
- AddPool.sh
- RenamePool.sh
- DelPool.sh
- ShowPools.sh
- AddRange.sh
- DelRange.sh
- ShowRanges.sh
- KillZombieAddrs.sh
- ShowAddrs.sh
- SSR Session Management
- Session Management Scripts
- ShowSessions.sh
- DelSession.sh
- User Concurrency Scripts
- ShowUserConc.sh
- DelUserConc.sh
- Administration Script Control Files
-
Managing User Concurrency with Session State Register
- Overview
- How User Concurrency Works
- UserConcurrencyID Construction
- Retrospective Dynamicity
-
Managing Concurrency with Attributes in Session State Register
- How Attribute-Based Concurrency Works
- UserConcurrencyID Construction
- Retrospective Dynamicity
- Configuring Attribute-Based Concurrency
- Setting the Size of the ID Field in the User Concurrency Table
- Specifying the User Attribute
- Distributing the Files
-
Introduction to Managing and Controlling Sessions in SBR Carrier
- Overview of Managing and Controlling Sessions in SBR Carrier
- Introduction
- Session Management and Control Capabilities
- Viewing and Deleting Sessions
- Disconnecting or Changing the State of Active Sessions
- Available User Interfaces for Managing and Controlling Sessions
- SBR Administrator
- Command Line Utility
- XML over HTTPS Application Programming interface
- Administrative Scripts
-
Overview of the Optional Session Control Module
- Change of Authorization/Disconnect Messages Overview
- How Disconnect Messages Work
- How Change of Authorization Messages Work
- How Steel-Belted Radius Carrier Processes CoA/DM Messages
- Current Sessions Table
- Formatting and Sending CoA/DM Requests with the Correct Attributes
- Controlled Devices and Actions
- Sequence and Flow of CoA/DM Requests Through Steel-Belted Radius Carrier
- Implementing CoA/DM Support
- Step 1: Develop a Deployment Plan
- Step 2: Consult Your NAS-Specific Documentation
- Step 3: Configure Each NAS as a Client in Steel-Belted Radius Carrier
- Step 4: Configure the deviceModels.xml File
- Step 5: Configure the Current Sessions Table (CST) for Your Environment
-
Using SBR Administrator to Manage and Control Sessions
- Current Sessions Panel
- Searching for Sessions Using SBR Administrator
- Session Query Fields and Searchable Attributes
- Viewing Session Detail
- Deleting Sessions
- Setting Session Limits with SBR Administrator
- Factors Affecting the Number of Sessions Returned
- Number of Sessions Returned
- Executing CoA and Disconnect Requests Using SBR Administrator
- Example of Executing a Disconnect Action
-
Using the Command Line Utility to Manage and Control Sessions
- Command Line Utility Overview
- Starting the Command Line Utility
- Example
- Using Command Line Arguments
- Access Control Arguments
- Syntax
- Arguments
- Example
- Action Arguments
- Syntax
- Arguments
- IP Address Ranges
- Unique Session IDs
- Setting Session Limits Using the Command Line Utility
- Factors Affecting the Number of Sessions Returned
- Number of Sessions Returned
- Examples of Limiting the Number of Sessions Returned Using the Command Line Utility
- Examples of Issuing CoA/DM Requests Using the Command Line Utility
- Query Example Using Wildcard
- Disconnect Example
- Lawful Intercept Example
- Shortcut Arguments
- Syntax
- Arguments
- Disconnect Example with Shortcut
- Finding All Sessions Using the Command Line Utility
- Example of Finding All Sessions
-
Configuring the deviceModels.xml File
- Summary of Allowed Elements in the deviceModels.xml File
- Element: action
- XML Instance Representation
- Schema Component Representation
- Element: actions
- XML Instance Representation
- Schema Component Representation
- Element: attributes
- XML Instance Representation
- Schema Component Representation
- Element: controlledDeviceModel
- XML Instance Representation
- Schema Component Representation
- Element: controlledDeviceModels
- XML Instance Representation
- Schema Component Representation
- Element: defaultAttribute
- XML Instance Representation
- Schema Component Representation
- Element: localSessionQuery
- XML Instance Representation
- Schema Component Representation
- Element: onFailure
- XML Instance Representation
- Schema Component Representation
- Element: onSuccess
- XML Instance Representation
- Schema Component Representation
- Element: onTimeout
- XML Instance Representation
- Schema Component Representation
- Element: overrideAttribute
- XML Instance Representation
- Schema Component Representation
- Element: radiusPort
- XML Instance Representation
- Schema Component Representation
- Element: radiusPorts
- XML Instance Representation
- Schema Component Representation
- Element: radiusRequest
- XML Instance Representation
- Schema Component Representation
- Element: requiredAttribute
- XML Instance Representation
- Schema Component Representation
- Element: sessionStop
- XML Instance Representation
- Schema Component Representation
-
XML over HTTPS API
- XML over HTTPS API Overview
- Transport Protocol
- Client Request Schema Example
- Client Request Elements
- Element: attribute
- XML Instance Representation
- Schema Component Representation
- Element: attributes
- XML Instance Representation
- Schema Component Representation
- Element: body
- XML Instance Representation
- Schema Component Representation
- Element: envelope
- XML Instance Representation
- Schema Component Representation
- Element: header
- XML Instance Representation
- Schema Component Representation
- Element: request
- XML Instance Representation
- Schema Component Representation
- Client Request Examples
- Example: Query
- Example: Query
- Example: RADIUS Disconnect
- Example: RADIUS Disconnect
- Example: RADIUS Disconnect
- Example: (CoA) Action Called Intercept
- Client Response Schema Example
- Client Response Elements
- Element: attribute
- XML Instance Representation
- Schema Component Representation
- Element: attributes
- XML Instance Representation
- Schema Component Representation
- Element: body
- XML Instance Representation
- Schema Component Representation
- Element: clientRequest
- XML Instance Representation
- Schema Component Representation
- Element: clientResponse
- XML Instance Representation
- Schema Component Representation
- Element: clientResult
- XML Instance Representation
- Schema Component Representation
- Element: clientResults
- XML Instance Representation
- Schema Component Representation
- Element: defaultAttribute
- XML Instance Representation
- Schema Component Representation
- Element: deviceRequest
- XML Instance Representation
- Schema Component Representation
- Element: deviceRequestSpec
- XML Instance Representation
- Schema Component Representation
- Element: deviceResponse
- XML Instance Representation
- Schema Component Representation
- Element: deviceResult
- XML Instance Representation
- Schema Component Representation
- Element: deviceResults
- XML Instance Representation
- Schema Component Representation
- Element: envelope
- XML Instance Representation
- Schema Component Representation
- Element: header
- XML Instance Representation
- Schema Component Representation
- Element: optionalAttribute
- XML Instance Representation
- Schema Component Representation
- Element: overrideAttribute
- XML Instance Representation
- Schema Component Representation
- Element: requiredAttribute
- XML Instance Representation
- Schema Component Representation
- Element: sessionData
- XML Instance Representation
- Schema Component Representation
- Element: sessionRequest
- XML Instance Representation
- Schema Component Representation
- Element: sessionResponse
- XML Instance Representation
- Schema Component Representation
- Element: sessionResult
- XML Instance Representation
- Schema Component Representation
- Element: sessionResults
- XML Instance Representation
- Schema Component Representation
- Client Response Examples
- Example: Client Response to Query for Username 'bob'
- Example: Client Response to Query for Any Username Using Wildcard
- Example: Client Response to Request for Action Called "foo" on Username TestUser9
- Example: Client Response to Request for Action Called "foo" on Username TestUser99
- Example: Client Response to RADIUS Disconnect
- Example: Client Response to Action Intercept
- Example: Client Response to Action Intercept
- Example: Client Response to Action Intercept
-
Example CoA/DM Configuration
- Requirements of the CoA/DM Requests
- Requirements for the Disconnect Message Request
- Requirements for the CoA (Hotline) Request
- Requirements for Supporting the Attributes in CoA/DM Requests
- Dictionaries
- deviceModels.xml
- Configuring the Attribute Handling Parameters
- radius.ini
- classmap.ini
- Example Result
-
Displaying Statistics
- Displaying Authentication Statistics
- Displaying Accounting Statistics
- Displaying Proxied Request Statistics
- Displaying RADIUS Client Statistics
- Displaying RADIUS Proxy Targets Statistics
- Displaying IP Address Pool Statistics
-
Logging and Reporting
- Logging Files
- Displaying Authentication Log Files
- File Permissions for Log Files
- Security Groups and Permissions
- Using the User File Creation Mode Mask
- Implementing Default File Permissions in Steel-Belted Radius Carrier
- Implementing Override File Permissions in Steel-Belted Radius Carrier
- Enabling and Disabling the Authentication Log Files
- Viewing the Authentication Log Files
- Saving the Log Files
- Searching the Log Files
- Using the Locked Accounts List
- Configuring Locked Account Settings
- Displaying the Locked Accounts List
- Unlocking a Locked Account
- Configuring the Log Retention Period
- Using the Server Log File
- Level of Logging Detail
- Using the Authentication Log File
- Authentication Log File Format
- First Line Headings
- Comma Placeholders
- Using the Accounting Log File
- Accounting Log File Format
- First Line Headings
- Comma Placeholders
- Standard RADIUS Accounting Attributes
-
Introduction to Scripting
- Scripting Overview
- Script Types
- LDAP Authentication
- Realm Selection
- Attribute Filter
- About JavaScript
-
Creating Scripts
- Script Development Steps
- JavaScript Initialization Files
- [Settings] Section
- [Script] Section
- [ScriptTrace] Section
- [Failure] Section
- Writing Steel-Belted Radius Carrier Scripts in JavaScript
- Programming in JavaScript
- Hidden Wrapper Function
- Script Return Values
- Initializing Reusable Data Objects
- General Recommendations
- Saving the Script File
- Sample Script
-
Debugging Scripts
- SbrWriteToLog()
- SbrTrace and ScriptTraceLevel
- scriptcheck
- Unpacking the scriptcheck Utility
- Running the scriptcheck Utility
-
Creating LDAP Scripts
- LDAP Basics
- LDAP Request Life Cycle
- Unscripted LDAP Searches
- LDAP Script Basics
- Working with the Variable Table
- Invoking LDAP Queries
- Writing to the Steel-Belted Radius Carrier Log
- Choosing the Return Code
- Script Return Codes
- SCRIPT_RET_SUCCESS
- SCRIPT_RET_DO_NOT_AUTHENTICATE
- SCRIPT_RET_TRY_NEXT_AUTH_METHOD
- SCRIPT_RET_NOT_AUTHENTICATED
- SCRIPT_RET_FAILURE
- LDAP Script Return Codes
- LDAP Script Examples
- Example 1: Simple Authentication
- Example 2: Profile Assignment
- Example 3: Received Attribute Normalization
- Example 4: Conditional Profile Assignment from User Attribute
-
Creating Realm Selection Scripts
- Realm Selection Script Functions
- Enabling Built-In Realm Selection Methods
- Choosing the Return Code
- Configuring Realm Selection Scripts
- Core Realm Selection Scripts
- [Processing] Section
- Tunneled Authentication Plug-in Realm Selection Scripts
- Realm Selection Script Examples
- Example 1: Querying Multiple SQL Databases
- Example 2: Using JavaScript to Manipulate Request Attributes
-
Creating Attribute Filter Scripts
- Using Attribute Filter Scripts
- Attribute Filter Script Functions
- Choosing the Return Code
- Configuring Attribute Filter Scripts
- Defining Scripted Filters
- Attribute Filter Script Examples
- Example 1: Using an LDAP Query to Select a Static Filter to Execute
- Example 2: Adding Values to Multi-Valued Attributes
-
Working with Data Accessors
- Data Accessor Overview
- Variable Containers
- Internal Variable Table (LDAP Only)
- Data Accessor Configuration
- SQL Data Accessor Configuration
- [Bootstrap] Section
- [Results] Section
- [Settings] Section
- [VariableTypes] Section
- LDAP Data Accessor Configuration
- [Bootstrap] Section
- [Attributes/name] Sections
- [Response] Section
- [Search/name] Sections
- [Request] Section
- [Defaults] Section
- [Server/name] Sections
- [Server] Section
- [Settings] Section
- [VariableTypes] Section
- Data Conversion Rules
- Output Container
- Input Container
- Examples
- Example 1
- Example 2
- Example 3
- Supported Data Types and Conversions
- Data Accessor Configuration File Examples
- Example: LDAP Data Accessor Configuration File
- Example: SQL Data Accessor Configuration File
-
Script Reference
- JavaScript Types
- API Method Support by Script Type
- Local and Global Variable Declarations
- Global Object
- Logging and Diagnostic Methods
- SbrWriteToLog()
- SbrTrace()
- Ldap Object
- Ldap Methods
- Ldap.Search()
- LdapVariables Object
- LdapVariables Methods
- LdapVariables.Get()
- LdapVariables.Add()
- LdapVariables.Reset()
- RealmSelector Object
- Constructor
- new RealmSelector()
- RealmSelector Methods
- Execute()
- SetAuthUserName()
- SetAuthProfile()
- AttributeFilter Object
- Constructor
- new AttributeFilter()
- AttributeFilter Methods
- Get()
- Add()
- Reset()
- Replace()
- Execute()
- AttributeFilter API
- DataAccessor Object
- Properties
- FOUND
- NOTFOUND
- FAILED
- Constructor
- new DataAccessor()
- Methods
- SetInputVariable()
- GetOutputVariable()
- Execute()
- Clear()
-
When and How to Stop and Restart Steel-Belted Radius Carrier
- Stopping the Steel-Belted Radius Carrier Server
- Starting the Steel-Belted Radius Carrier Server
-
Authentication Protocols
-
Importing and Exporting Data
- Importing Information from an XML File
- Exporting Information to an XML File
-
Technical Bulletins
- Service Type Mapping
- Configuration
- Local User Database Entries
- servtype.ini File
- CCA Support for 3COM
- Configuration
- Setting User and Profile Attributes
- Ascend Filter Translation
- Configuration
- Syntax
- Ericsson Enhanced Token Caching
- Enhanced Token Caching Configuration
- Enhanced Token Caching Administration
- Ericsson e-h235 Authentication Protocol
- Operation
- Configuration
- Uniport Plug-In
- Operation
- Configuration
-
Glossary
-
Index
|
