wimax.ini File

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

Steel-Belted Radius Carrier 7.2.x Reference Guide > WiMAX Mobility Module Configuration File > wimax.ini File
wimax.ini File
The wimax.ini configuration file contains parameters that control basic behavior of the WiMAX mobility module. You must configure the wimax.ini file for the WiMAX features you want Steel-Belted Radius Carrier to support. The features described in the wimax.ini file require a WiMAX mobility module license key, which is entered during installation. For details about installing Steel-Belted Radius Carrier, see the Steel-Belted Radius Carrier 7.2 Installation Guide.

NOTE: The wimax.ini file is read whenever Steel-Belted Radius Carrier restarts or receives a HUP signal. However, the Enable parameter in the [Settings] section cannot be updated by a HUP signal; all other parameters in the [Settings] section can be updated by a HUP signal. See the UpdateWiMAX parameter in the update.ini File.

The wimax.dct file shipped with Steel-Belted Radius Carrier has been configured with the attributes necessary for supporting WiMAX in compliance with the WiMAX Forum Network Working Group standards.

[Settings] Section

The [Settings] section (Table 185) contains the settings that control the basic operation of the WiMAX mobility module.

Table 185: wimax.ini [Settings] Syntax

Parameter

Function

Enable

Specifies whether the WiMAX mobility module is enabled.

If set to 0, WiMAX is disabled.

If set to 1, WiMAX is enabled.

Default value is 0.

HARK-Lifetime-Secs

Specifies the HA-RK (root key) lifetime for all home agents in seconds. The HA-RK key is cryptographic key and is a random number generated by the AAA server.

Default value is 86400 seconds (24 hours).

DHCPRK-Lifetime-Secs

Specifies the DHCP-RK (root key) lifetime for all DHCP servers in seconds. The DHCP-RK key is cryptographic key and is a random number generated by the AAA server.

Default value is 86400 seconds (24 hours).

Add-Diagnostic-Reply-Message-To-Access-Reject

When an Access-Reject is rejected, a programmatically-generated Reply-Message attribute can be added to the Access-Reject. The Reply-Message contents may be used for diagnostic purposes.

If set to 0, do not add a Reply-Message to the Access-Reject.

If set to 1, add a Reply-Message to the Access-Reject.

Default value is 0.

Chargeable-User-Identity-Type

Specifies the value of the Chargeable-User-Identity (CUI) attribute to attach to the Access-Accept. This value can be programmatically-generated or configured. Possible values are:

Session-Id

Return-List-Attr

True-Identity

Default value is Return-List-Attr.

The same CUI value is sent to both the ASN-GW and home agent. Because the CUI is attached to all Accouting-Requests, it can be used to match the accounting records associated with the ASN-GW and home agent, and for a single Mobile IP (MIP) session.

If you want to return a specific value for the CUI, you need to set this parameter to Return-List-Attr, and configure the attribute in a return list in either the User or Profile entry. The CUI attribute is attached to the Access-Accept message.

If you want the true identity of the user to be sent in the CUI, select True-Identity. For EAP-TTLS, the true identity is the inner identity. For EAP-AKA, the true identity is the Permanent Identity. These identify the actual username used for authentication by Steel-Belted Radius Carrier, not a pseudo-identity or alternate identity.

If you want each MIP session to be uniquely identified, select Session-Id. The AAA-Session-Id sent to the ASN-GW is used as a unique identifier of the MIP session.

Encrypt-Chargeable-User-Identity

Specifies whether to salt-encrypt the value of the Chargeable-User-Identity attribute attached to the Access-Accept.

If set to 0, do not salt-encrypt the Chargeable-User-Identity attribute.

If set to 1, salt-encrypt the Chargeable-User-Identity attribute.

Default value is 1.

Setting this value to 1 ensures the user identity is uniquely encrypted for each session. In WiMAX, even when an identity is encrypted, if it is encrypted in the same way each time (encryption of the identity results in the same cipher text each time), then the user's network traffic can be identified and tracked, even if the true identity of the user is not known. When Steel-Belted Radius Carrier salt-encrypts the CUI, the cipher text value is different for each encryption. Encryption is especially important when the CUI contains the true identity of the user.

Add-Funk-WiMAX-Client-Type-To-Request

The Funk-WiMAX-Client-Type attribute contains an integer value that specifies the type of RADIUS client sending the Access-Request or Accounting-Request. This information may be of use with scripts or stored procedures.

If set to 0, do not attach Funk-WiMAX-Client-Type attribute

If set to 1, attach Funk-WiMAX-Client-Type attribute.

Default value is 0.

Check-CN-In-TTLS-Client-
Certificate

Enables and disables checking of the Common Name (CN) field of a client certificate in TTLS authentication.

If enabled, the MAC Address field of the client certificate is verified against the Calling-Station-Id in the outer Access-Request; if they do not match, the request is rejected.

If set to 0, checking of the CN field is disabled.

If set to 1, the CN is required to start with the 12 character hex representation of the MAC address, which must match the Calling-Station-Id request attribute (as per WiMAX specifications). Non-hex characters in the Calling-Station-Id are skipped in the check.

HA-Dynamic-Addr-Weight-File = <path/filename>

Specifies the path and filename of the dynamically updated file used by the smart dynamic home agent assignment feature. This file contains pairs of IP addresses and weights, and is read by SBR Carrier upon the receipt of a signal (either HUP or USR2, as defined in update.ini file. For more information about the smart dynamic home agent assignment feature, see Home Agent and DHCP Server Assignment in the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

[ASNGW-Requests] Section

The [ASNGW-Requests] section (Table 186) contains the settings that control the processing of ASN-GW (Access Server Network-Gateway) requests.

Table 186: wimax.ini [ASNGW-Requests] Syntax

Parameter

Function

Accept-ASNGW-Requests

Specifies whether ASN-GW request processing is enabled.

If set to 0, ASN-GW request processing is disabled. If an Access-Request is received from an ASN-GW, the request is rejected.

If set to 1, ASN-GW request processing is enabled. If an Access-Request is received from an ASN-GW, the request is processed.

Default value is 0.

Allow-VAAA-To-Assign-Home-Agent-And-DHCP-Server

Specifies whether or not to allow the VAAA server to assign the home agent and DHCP server IP addresses. If the VAAA server can assign the home agent and DHCP server IP addresses, it attaches the vHA-IP-MIP4 attribute to the Access-Request it proxies to the Home Authentication, Authorization, and Accounting (HAAA) server. If the HAAA server is configured to allow the VAAA server to assign the home agent and DHCP server IP addresses, then the HAAA server attaches that same vHA-IP-MIP4 attribute to the Access-Accept returned to the VAAA server. For more details about allowing the VAAA server to assign the home agent and DHCP server IP addresses, see Configuring the Home Agent and DHCP Server Assignment in Chapter 28, Configuring the WiMAX Mobility Module of the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

If set to 0, do not allow the VAAA server to assign the home agent and DHCP server IP addresses.

If set to 1, allow the VAAA server to assign the home agent and DHCP server IP addresses. If this parameter is set to 1 and the VAAA server attaches the vHA-IP-MIP4 attribute to the Access-Request, then the HAAA server attaches the following additional attributes to the Access-Accept: vHA-IP-MIP4, MN-vHA-MIP4-KEY, and MN-vHA-MIP4-SPI.

Default value is 0.

Add-Funk-WiMAX-Auth-Mode-To-
Access-Request

Specifies whether to attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request. The Funk-WiMAX-Auth-
Mode attribute contains the numeric value to the right of the equal sign in any {am=} decoration prepended to the User-Name. For example, if the User-Name contains {am=2} joe@bigco.com, then the Funk-WiMAX-Auth-Mode attribute value is 2. This information is useful for scripts and stored procedures.

If set to 0, do not attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request.

If set to 1, attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request.

Default value is 0.

NOTE: For authentication methods with both inner and outer authentication such as EAP-PEAP and EAP TTLS, the Funk-WiMAX-Auth-Mode attribute is set in the outer authentication method. To transfer it to the inner authentication method, the EAP method must be configured to pass the outer attributes to the inner request by setting the Transfer_Outer_Attribs_to_New parameter. This is set either in the .aut configuration file, or on the Request Filters tab in the EAP Methods panel using SBR Administrator.

NOTE: For more details about the Funk-WiMAX-Auth-
Mode attribute, see the radius.dct dictionary that is shipped with Steel-Belted Radius Carrier.

Add-Generated-PMIP-Auth-Id-To-
Access-Accept

Steel-Belted Radius Carrier can optionally generate the PMIP-Authenticated-Identity. This parameter specifies whether to add the value for the PMIP-Authenticated-Identity to the Access-Accept.

If set to 0, do not attach the PMIP-Authenticated-Identity to the Access-Accept.

If set to 1, attach the PMIP-Authenticated-Identity to the Access-Accept.

Default value is 0.

ASNGW-Accept-Filter

Specifies the name of the attribute filter to be applied to the ASN-GW Access-Accept. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

Default value is no filter.

[ASNGW-Requests/<name>] Section

Multiple sections with names of the style [ASNGW-Requests/<name>] can also exist in the wimax.ini file. These sections are only referenced when a proxy realm's configuration file (.pro) contains an ASNGW-Requests-Section setting in its [WiMAX] section.

Specifying this option in a realm's configuration file puts the options in the matching ASNGW user authentication request processing section of the wimax.ini file in effect for all ASNGW user authentication request transactions that are processed by the proxy realm. As a result, the settings in this section are used instead of the settings in the [ASNGW-Requests] section for transactions processed against the proxy realm.

The options in these sections are identical to those documented for the [ASNGW-Requests] section, which is described on 420.

[Home-Agent-Requests] Section

The [Home-Agent-Requests] section (Table 187) contains the settings that control the processing of the home agent requests.

Table 187: wimax.ini [Home-Agent-Requests] Syntax

Parameter

Function

Accept-Home-Agent-Requests

Specifies whether home agent Access-Request processing is enabled.

If set to 0, home agent request processing is disabled. If an Access-Request is received from a home agent, the request is rejected.

If set to 1, home agent request processing is enabled. If an Access-Request is received from a home agent, the request is processed.

Default value is 0.

Add-Funk-Full-User-Name-To-Access-
Request

Specifies whether to attach the Funk-Full-User-Name attribute to the Access-Request. The Funk-Full-User-Name attribute contains the true identity of the user. For the EAP-TTLS method, this is the inner identity, for the EAP-TLS method, this is the identity obtained from the certificate, for the EAP-AKA method, this is the permanent identity.

If set to 0, do not attach the Funk-Full-User-Name attribute to the Access-Request.

If set to 1, attach the Funk-Full-User-Name attribute to the Access-Request.

Default value is 0.

NOTE: For more details about the Funk-Full-User-
Name attribute, see the radius.dct dictionary that is shipped with Steel-Belted Radius Carrier.

Check-Rcvd-HA-IP-MIP-Same-As-
Assigned-By-HAAA

Specifies whether to check if the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW specifies the IP address of the assigned home agent in the home network. The home HA-IP-MIP4 attribute received from a home agent identifies that particular home agent.

If set to 0, do not check the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW.

If set to 1, check the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If the received home HA-IP-MIP4 attribute is not the assigned home HA-IP-MIP4 attribute, then the home agent request is rejected.

Default value is 0.

Check-Rcvd-HA-IP-MIP-Same-As-
Assigned-By-VAAA

Specifies whether to check if the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW specifies the IP address of the assigned home agent in the visited network. The visited HA-IP-MIP4 attribute received from a home agent identifies that particular home agent.

If set to 0, do not check the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW.

If set to 1, check the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If the received visited HA-IP-MIP4 attribute is not the assigned visited HA-IP-MIP4 attribute, then the home agent request is rejected.

Default value is 0.

Home-Agent-Accept-Filter

Specifies the name of the attribute filter to be applied to the home agent Access-Accept. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

Default value is no filter.

[DHCP-Server-Requests] Section

The [DHCP-Server-Requests] section (Table 188) contains the settings that control the processing of the DHCP server requests.

Table 188: wimax.ini [DHCP-Server-Requests] Syntax

Parameter

Function

Accept-DHCP-Server-Requests

Specifies whether DHCP server request processing is enabled.

If set to 0, any DHCP server request is rejected.

If set to 1, DHCP server request processing is enabled.

Default value is 0.

DHCP-Server-Accept-Filter

Specifies the name of the attribute filter to be applied to the DHCP server Access-Accept. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

Default value is no filter.

[Other-Requests] Section

The [Other-Requests] section (Table 189) specifies how other Accept-Requests (ones that do not fit in any of the other categories of ASN-GW, home agent, or DHCP server) from a client are handled.

Table 189: wimax.ini [Other-Requests] Syntax

Parameter

Function

Pass-On-Other-Requests

Specifies whether Access-Request processing is enabled from a RADIUS client that is not an ASN-GW, home agent, or DHCP server.

If set to 0 (disabled) and an Access-Request is received from such a client, then the request is rejected.

If set to 1 (enabled), then the WiMAX mobility modules applies the filter (specified in the Other-Accept-Filter parameter) and passes the Access-Request on to the next entry in the [MobileIpMethods] section of the mip.ini file. For more details, see Chapter 27, Mobile IP Request Processing File.

Default value is 0.

Other-Accept-Filter

Specifies the name of the filter to be applied to attributes in an Access-Accept in response to all requests of type Other. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

Default value is no filter.

[HAs] Section

The [HAs] section lists the NAS-Identifier (for example, homeAgent.bigco.com) of each home agent from which an Access-Request is processed.

If the list is not empty and the received NAS-Identifier is not in the list, then the Access-Request is rejected.

If the list is empty, then Access-Requests from all home agents are processed.

[DHCPServers] Section

The [DHCPServers] section lists the NAS-Identifier (for example, dhcpServer.bigco.com) of each DHCP server from which an Access-Request is processed.

If the list is not empty and the received NAS-Identifier is not in the list, then the Access-Request is rejected.

If the list is empty, then Access-Requests from all DHCP servers are processed.

[RADIUS client-Access-Request-Required-Attributes] Sections

These sections list the attributes that must be present in an Access-Request to classify the RADIUS client as a WiMAX ASN-GW, home agent, DHCP server, or something else (Other).
[ASNGW-Access-Request-Categorization-Attributes] section
If all attributes in the [ASNGW-Access-Request-Categorization-Attributes] section are present on the Access-Request, then the client is classified as ASN-GW; if not, check the attributes in the [Home-Agent-Access-Request-Categorization-Attributes] section.
[ASNGW-Access-Request-Categorization-Attributes]
User-Name
Service-Type
EAP-Message
WiMAX-Capability
NAS-Identifier
NAS-Port-Type
Calling-Station-Id
GMT-Time-Zone-Offset
[Home-Agent-Access-Request-Categorization-Attributes] section
If all attributes in the [Home-Agent-Access-Request-Categorization-Attributes] section are present on the Access-Request, then the client is classified as a home agent; if not, check the attributes in the [DHCP-Server-Access-Request-
Required-Attributes] section.
[Home-Agent-Access-Request-Categorization-Attributes]
User-Name
NAS-Identifier
WiMAX-Capability
MN-HA-MIP4-SPI
[DHCP-Server-Access-Request-Categorization-Attributes] section
If all attributes in the [DHCP-Server-Access-Request-Categorization-Attributes] section are present on the Access-Request, then the client is classified as a DHCP server; if not, then the client is classified as other.
[DHCP-Server-Access-Request-Categorization-Attributes]
NAS-Identifier
DHCP-RK-Key-ID
For more information about how Steel-Belted Radius Carrier categorizes Access-Request messages, see Categorizing Access-Requests from Different Devices in Chapter 27, Overview of the WiMAX Mobility Module in the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

Example wimax.ini File
[Settings]
;Enable = 0
;HARK-Lifetime-Secs=86400
;DHCPRK-Lifetime-Secs=86400
;Add-Diagnostic-Reply-Message-To-Access-Reject = 0
;Chargeable-User-Identity-Type = Return-List-Attr
;Encrypt-Chargeable-User-Identity = 1
;Add-Funk-WiMAX-Client-Type-To-Request = 0
[ASNGW-Requests]
;Accept-ASNGW-Requests = 0
;Allow-VAAA-To-Assign-Home-Agent-And-DHCP-Server = 0
;Add-Generated-PMIP-Auth-Id-To-Access-Accept= 0
;Add-Funk-WiMAX-Auth-Mode-To-Access-Request = 0
;ASNGW-Accept-Filter =
[Home-Agent-Requests]
;Accept-Home-Agent-Requests = 0
;Add-Funk-Full-User-Name-To-Access-Request = 0  ;Contains true identity
;Check-Rcvd-HA-IP-MIP-Same-As-Assigned-By-HAAA = 0
;Check-Rcvd-HA-IP-MIP-Same-As-Assigned-By-VAAA = 0
;Home-Agent-Accept-Filter  =
[DHCP-Server-Requests]
;Accept-DHCP-Server-Requests = 0
;DHCP-Server-Accept-Filter  =
[Other-Requests]
;Pass-On-Other-Requests = 0
;Other-Accept-Filter =
[HAs]
;homeAgent.bigco.com
[DHCPServers]
;dhcpServer.bigco.com
[ASNGW-Access-Request-Categorization-Attributes]
User-Name
Service-Type
EAP-Message
WiMAX-Capability
NAS-Identifier
NAS-Port-Type
Calling-Station-Id
WiMAX-GMT-Time-Zone-Offset
[Home-Agent-Access-Request-Categorization-Attributes]
User-Name
NAS-Identifier
WiMAX-Capability
WiMAX-MN-HA-MIP4-SPI
[DHCP-Server-Access-Request-Categorization-Attributes]
NAS-Identifier
WiMAX-DHCP-RK-Key-ID

Parameter	Function
Enable	Specifies whether the WiMAX mobility module is enabled. If set to 0, WiMAX is disabled. If set to 1, WiMAX is enabled. Default value is 0.
HARK-Lifetime-Secs	Specifies the HA-RK (root key) lifetime for all home agents in seconds. The HA-RK key is cryptographic key and is a random number generated by the AAA server. Default value is 86400 seconds (24 hours).
DHCPRK-Lifetime-Secs	Specifies the DHCP-RK (root key) lifetime for all DHCP servers in seconds. The DHCP-RK key is cryptographic key and is a random number generated by the AAA server. Default value is 86400 seconds (24 hours).
Add-Diagnostic-Reply-Message-To-Access-Reject	When an Access-Reject is rejected, a programmatically-generated Reply-Message attribute can be added to the Access-Reject. The Reply-Message contents may be used for diagnostic purposes. If set to 0, do not add a Reply-Message to the Access-Reject. If set to 1, add a Reply-Message to the Access-Reject. Default value is 0.
Chargeable-User-Identity-Type	Specifies the value of the Chargeable-User-Identity (CUI) attribute to attach to the Access-Accept. This value can be programmatically-generated or configured. Possible values are: Session-Id Return-List-Attr True-Identity Default value is Return-List-Attr. The same CUI value is sent to both the ASN-GW and home agent. Because the CUI is attached to all Accouting-Requests, it can be used to match the accounting records associated with the ASN-GW and home agent, and for a single Mobile IP (MIP) session. If you want to return a specific value for the CUI, you need to set this parameter to Return-List-Attr, and configure the attribute in a return list in either the User or Profile entry. The CUI attribute is attached to the Access-Accept message. If you want the true identity of the user to be sent in the CUI, select True-Identity. For EAP-TTLS, the true identity is the inner identity. For EAP-AKA, the true identity is the Permanent Identity. These identify the actual username used for authentication by Steel-Belted Radius Carrier, not a pseudo-identity or alternate identity. If you want each MIP session to be uniquely identified, select Session-Id. The AAA-Session-Id sent to the ASN-GW is used as a unique identifier of the MIP session.
Encrypt-Chargeable-User-Identity	Specifies whether to salt-encrypt the value of the Chargeable-User-Identity attribute attached to the Access-Accept. If set to 0, do not salt-encrypt the Chargeable-User-Identity attribute. If set to 1, salt-encrypt the Chargeable-User-Identity attribute. Default value is 1. Setting this value to 1 ensures the user identity is uniquely encrypted for each session. In WiMAX, even when an identity is encrypted, if it is encrypted in the same way each time (encryption of the identity results in the same cipher text each time), then the user's network traffic can be identified and tracked, even if the true identity of the user is not known. When Steel-Belted Radius Carrier salt-encrypts the CUI, the cipher text value is different for each encryption. Encryption is especially important when the CUI contains the true identity of the user.
Add-Funk-WiMAX-Client-Type-To-Request	The Funk-WiMAX-Client-Type attribute contains an integer value that specifies the type of RADIUS client sending the Access-Request or Accounting-Request. This information may be of use with scripts or stored procedures. If set to 0, do not attach Funk-WiMAX-Client-Type attribute If set to 1, attach Funk-WiMAX-Client-Type attribute. Default value is 0.
Check-CN-In-TTLS-Client- Certificate	Enables and disables checking of the Common Name (CN) field of a client certificate in TTLS authentication. If enabled, the MAC Address field of the client certificate is verified against the Calling-Station-Id in the outer Access-Request; if they do not match, the request is rejected. If set to 0, checking of the CN field is disabled. If set to 1, the CN is required to start with the 12 character hex representation of the MAC address, which must match the Calling-Station-Id request attribute (as per WiMAX specifications). Non-hex characters in the Calling-Station-Id are skipped in the check.
HA-Dynamic-Addr-Weight-File = <path/filename>	Specifies the path and filename of the dynamically updated file used by the smart dynamic home agent assignment feature. This file contains pairs of IP addresses and weights, and is read by SBR Carrier upon the receipt of a signal (either HUP or USR2, as defined in update.ini file. For more information about the smart dynamic home agent assignment feature, see Home Agent and DHCP Server Assignment in the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide.

Parameter	Function
Accept-ASNGW-Requests	Specifies whether ASN-GW request processing is enabled. If set to 0, ASN-GW request processing is disabled. If an Access-Request is received from an ASN-GW, the request is rejected. If set to 1, ASN-GW request processing is enabled. If an Access-Request is received from an ASN-GW, the request is processed. Default value is 0.
Allow-VAAA-To-Assign-Home-Agent-And-DHCP-Server	Specifies whether or not to allow the VAAA server to assign the home agent and DHCP server IP addresses. If the VAAA server can assign the home agent and DHCP server IP addresses, it attaches the vHA-IP-MIP4 attribute to the Access-Request it proxies to the Home Authentication, Authorization, and Accounting (HAAA) server. If the HAAA server is configured to allow the VAAA server to assign the home agent and DHCP server IP addresses, then the HAAA server attaches that same vHA-IP-MIP4 attribute to the Access-Accept returned to the VAAA server. For more details about allowing the VAAA server to assign the home agent and DHCP server IP addresses, see Configuring the Home Agent and DHCP Server Assignment in Chapter 28, Configuring the WiMAX Mobility Module of the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide. If set to 0, do not allow the VAAA server to assign the home agent and DHCP server IP addresses. If set to 1, allow the VAAA server to assign the home agent and DHCP server IP addresses. If this parameter is set to 1 and the VAAA server attaches the vHA-IP-MIP4 attribute to the Access-Request, then the HAAA server attaches the following additional attributes to the Access-Accept: vHA-IP-MIP4, MN-vHA-MIP4-KEY, and MN-vHA-MIP4-SPI. Default value is 0.
Add-Funk-WiMAX-Auth-Mode-To- Access-Request	Specifies whether to attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request. The Funk-WiMAX-Auth- Mode attribute contains the numeric value to the right of the equal sign in any {am=} decoration prepended to the User-Name. For example, if the User-Name contains {am=2} joe@bigco.com, then the Funk-WiMAX-Auth-Mode attribute value is 2. This information is useful for scripts and stored procedures. If set to 0, do not attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request. If set to 1, attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request. Default value is 0. NOTE: For authentication methods with both inner and outer authentication such as EAP-PEAP and EAP TTLS, the Funk-WiMAX-Auth-Mode attribute is set in the outer authentication method. To transfer it to the inner authentication method, the EAP method must be configured to pass the outer attributes to the inner request by setting the Transfer_Outer_Attribs_to_New parameter. This is set either in the .aut configuration file, or on the Request Filters tab in the EAP Methods panel using SBR Administrator. NOTE: For more details about the Funk-WiMAX-Auth- Mode attribute, see the radius.dct dictionary that is shipped with Steel-Belted Radius Carrier.
Add-Generated-PMIP-Auth-Id-To- Access-Accept	Steel-Belted Radius Carrier can optionally generate the PMIP-Authenticated-Identity. This parameter specifies whether to add the value for the PMIP-Authenticated-Identity to the Access-Accept. If set to 0, do not attach the PMIP-Authenticated-Identity to the Access-Accept. If set to 1, attach the PMIP-Authenticated-Identity to the Access-Accept. Default value is 0.
ASNGW-Accept-Filter	Specifies the name of the attribute filter to be applied to the ASN-GW Access-Accept. You can use this parameter to specify regular or scripted filters. If no filter is specified, all attributes are returned unchanged. NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide. Default value is no filter.

Parameter	Function
Accept-Home-Agent-Requests	Specifies whether home agent Access-Request processing is enabled. If set to 0, home agent request processing is disabled. If an Access-Request is received from a home agent, the request is rejected. If set to 1, home agent request processing is enabled. If an Access-Request is received from a home agent, the request is processed. Default value is 0.
Add-Funk-Full-User-Name-To-Access- Request	Specifies whether to attach the Funk-Full-User-Name attribute to the Access-Request. The Funk-Full-User-Name attribute contains the true identity of the user. For the EAP-TTLS method, this is the inner identity, for the EAP-TLS method, this is the identity obtained from the certificate, for the EAP-AKA method, this is the permanent identity. If set to 0, do not attach the Funk-Full-User-Name attribute to the Access-Request. If set to 1, attach the Funk-Full-User-Name attribute to the Access-Request. Default value is 0. NOTE: For more details about the Funk-Full-User- Name attribute, see the radius.dct dictionary that is shipped with Steel-Belted Radius Carrier.
Check-Rcvd-HA-IP-MIP-Same-As- Assigned-By-HAAA	Specifies whether to check if the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW specifies the IP address of the assigned home agent in the home network. The home HA-IP-MIP4 attribute received from a home agent identifies that particular home agent. If set to 0, do not check the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If set to 1, check the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If the received home HA-IP-MIP4 attribute is not the assigned home HA-IP-MIP4 attribute, then the home agent request is rejected. Default value is 0.
Check-Rcvd-HA-IP-MIP-Same-As- Assigned-By-VAAA	Specifies whether to check if the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW specifies the IP address of the assigned home agent in the visited network. The visited HA-IP-MIP4 attribute received from a home agent identifies that particular home agent. If set to 0, do not check the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If set to 1, check the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If the received visited HA-IP-MIP4 attribute is not the assigned visited HA-IP-MIP4 attribute, then the home agent request is rejected. Default value is 0.
Home-Agent-Accept-Filter	Specifies the name of the attribute filter to be applied to the home agent Access-Accept. You can use this parameter to specify regular or scripted filters. If no filter is specified, all attributes are returned unchanged. NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide. Default value is no filter.

Parameter	Function
Accept-DHCP-Server-Requests	Specifies whether DHCP server request processing is enabled. If set to 0, any DHCP server request is rejected. If set to 1, DHCP server request processing is enabled. Default value is 0.
DHCP-Server-Accept-Filter	Specifies the name of the attribute filter to be applied to the DHCP server Access-Accept. You can use this parameter to specify regular or scripted filters. If no filter is specified, all attributes are returned unchanged. NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide. Default value is no filter.

Parameter	Function
Pass-On-Other-Requests	Specifies whether Access-Request processing is enabled from a RADIUS client that is not an ASN-GW, home agent, or DHCP server. If set to 0 (disabled) and an Access-Request is received from such a client, then the request is rejected. If set to 1 (enabled), then the WiMAX mobility modules applies the filter (specified in the Other-Accept-Filter parameter) and passes the Access-Request on to the next entry in the [MobileIpMethods] section of the mip.ini file. For more details, see Chapter 27, Mobile IP Request Processing File. Default value is 0.
Other-Accept-Filter	Specifies the name of the filter to be applied to attributes in an Access-Accept in response to all requests of type Other. You can use this parameter to specify regular or scripted filters. If no filter is specified, all attributes are returned unchanged. NOTE: You must define all filters using the SBR Administrator. Do not edit the filter.ini file manually. For more information, see the Steel-Belted Radius Carrier 7.2 Administration and Configuration Guide. Default value is no filter.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]