Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Configuring WiMAX Users and Profiles

To support WiMAX you need to configure a return list for either a user entry or profile entry that includes the attributes in Table 67:

Table 67: Mandatory Return List Attributes for WiMAX

Attribute

Description

WiMAX-hHA-IP-MIP4

Specifies the IP address for the home agent, and is also used as input to the formula for generating the keys associated with the session.

Session-Timeout

The session-timeout attribute is used as the lifetime for the keys.

WiMAX-Capabilities

Specifies the WiMAX capabilities the server supports for the session. You must also specify the associated subattributes for each capability you want to support, see Configuring the WiMAX-Capabilities Negotiation.

You can optionally specify the attribute described in Table 68 in the return list.

Table 68: Optional Return List Attribute for WiMAX

Attribute

Description

WiMAX-hDCHP-Server

Optionally, you can add the WiMAX-hDCHP-Server attribute to specify the IP address for DHCP server in the return list.

If the WiMAX-hDCHP-Server attribute is attached to the Access-Accept, then Steel-Belted Radius Carrier generates and attaches the following additional attributes to the Access-Accept:

  • Wi-MAX-hDHCP-RK
  • Wi-MAX-RK-Key-ID
  • Wi-MAX-RK-Lifetime

For complete details on configuring user and profile entries with return list attributes, see Configuring the WiMAX Mobility Module and Administering Profiles.

Configuring the WiMAX-Capabilities Negotiation

To configure WiMAX capabilities negotiation, you need to add the WiMAX-Capabilities attribute and subattributes to the return list of a user entry or profile entry. You can define the following subattributes (capabilities):

  • WiMAX-Release attribute
  • Accounting-Capabilities attribute
  • Hotlining-Capabilities attribute
  • Idle-Mode-Notification-Capabilities attribute

To enable support for a particular capability, add the subattribute to the return list, and enable the Echo option for the subattribute. When Steel-Belted Radius Carrier receives the subattribute (capability) in the Access-Request, it returns the subattribute in the Access-Accept indicating the capability is supported for the session. If you do not want Steel-Belted Radius Carrier to support a particular capability, do not enable the Echo option for it. If Steel-Belted Radius Carrier receives an Access-Request with the subattribute, it does not return the subattribute in the Access-Accept, indicating the capability is not be supported for the session. If a subattribute (capability) was never sent in the Access-Request, then it cannot be returned in the Access-Accept. Absence of a subattribute in the Access-Request indicates the device (ASN-GW or home agent) does not support the capability.

If you enable Echo on the WiMAX-Capability parent attribute, you cannot add subattributes. The Add Child button is disabled. In this case, Steel-Belted Radius Carrier echoes back whatever WiMAX capabilities it receives in the Access-Request message.

For more details on each of the WiMAX capabilities, see WiMAX-Capability Attribute.

For complete details on adding subattributes to the return list, see Adding Subattributes to a Structured Attribute.

Example Configuration for New Session Hotlining

This section provides an example configuration for new session hotlining. Because this example uses the EAP-TTLS authentication method, you need to create both a request and response filter. Both filters are created using the Web GUI. In this example the subattribute values are retrieved from an LDAP database (ldapauth.aut file).

Configuring the Filters

To configure request and response filters using the Web GUI:

  1. Select RADIUS Configuration > Filters.

    The Filters List page (Figure 231) appears.

    Figure 231: Filters List Page—Session Hotlining Filter Configuration

    Filters
List Page—Session Hotlining Filter Configuration
  2. Click Add.

    The Create Filter pane (Figure 232) appears.

    Figure 232: Adding New Session Hotlining Filter

    Adding New Session Hotlining
Filter
  3. In the Name field, enter the filter name as WiMAXHotlineFilter.
  4. Select the Exclude option button.
  5. Click Add in the Rules area.

    The Add Rule dialog box (Figure 233) appears.

    Figure 233: Adding Attributes and Values to Session Hotlining Filter

    Adding
Attributes and Values to Session Hotlining Filter
  6. Select the Add option button.
  7. Add the following attribute names and values to the filter:
    • WiMAX-Capability.Values.Hotlining-Capabilities.Profile-based attribute with the value set to 01.
    • WiMAX-Capability.Values.Hotlining-Capabilities.Rule-based-ByNAS-Filter attribute with the value set to 01.
  8. Click OK.

    The Rules area in the Create Filter pane (Figure 234) displays the updated lists of selected rules.

    Figure 234: Hotlining Capabilities Filter

    Hotlining
Capabilities Filter
  9. Click Save to save the filter configuration.

    The Filters List page (Figure 231) displays an updated list of filter entries.

  10. Click Add in the Filters List page (Figure 231) to add a TTLS-Accept filter.

    The Create Filter pane (Figure 235) appears.

    Figure 235: Adding TTLS-Accept Filter

    Adding TTLS-Accept
Filter
  11. In the Name field, enter the filter name as ttls_accept.
  12. Select the Allow option button.
  13. Click Add in the Rules area.

    The Add Rule dialog box (Figure 236) appears.

    Figure 236: Add Rule for TTLS-Accept Filter

    Add Rule
for TTLS-Accept Filter
  14. Select the Exclude option button.
  15. Add the following attribute names to the filter:
    1. Class
    2. EAP-Message
    3. MS-MPPE-Recv-Key
    4. MS-MPPE-Send-Key
    5. MS-CHAPV2-Success
  16. Click OK.

    The Rules area in the Create Filter pane (Figure 237) displays the updated lists of selected rules.

    Figure 237: TTLS-Accept Filter

    TTLS-Accept Filter
  17. Click Save to save the filter configuration.

    The Filters List page (Figure 231) displays an updated list of filter entries.

  18. Select RADIUS Configuration > Authentication Policies > EAP Methods.

    The EAP Methods List page (Figure 238) appears.

    Figure 238: EAP Methods List Page—Session Hotlining Filter Configuration

    EAP Methods List Page—Session
Hotlining Filter Configuration
  19. Select EAP-TTLS.
  20. Click the Request Filters tab (Figure 239).

    Figure 239: Request Filters Tab—Session Hotlining Filter Configuration

    Request Filters Tab—Session
Hotlining Filter Configuration
  21. Select the Transfer Outer Attribs to New check box and select WiMAXHotlineFilter from the Transfer Outer Attribs to New list.
  22. Click the Response Filters tab (Figure 240).

    Figure 240: Response Filters Tab—Session Hotlining Filter Configuration

    Response Filters Tab—Session
Hotlining Filter Configuration
  23. Select the Transfer Inner Attribs To Accept check box and select ttls_accept from the Transfer Inner Attribs To Accept list.
  24. Click Save to save the configuration.
  25. In the wimax.ini file, set the ASNGW-Accept-Filter parameter in the [ASN-GW-Requests] section to ttls_accept.

Configuring the LDAP Authentication File

For this example, the ldap.aut file shipped with Steel-Belted Radius Carrier is modified to retrieve the values of the subattributes.

[Bootstrap]LibraryName=ldapauth.soEnable=1InitializationString=WIMAX_HOTLINE [Settings]MaxConcurrent=1Timeout=20ConnectTimeout=25QueryTimeout=10WaitReconnect=2MaxWaitReconnect=360; BindName=uid=<User-Name>, ou=sales, o=bigco.com; BindName = cn=Manager,o=sbrsim, c=USLogLevel = 2UpperCaseName = 0PasswordCase=originalPasswordFormat = 0; Search = DoLdapSearchSSL = 0MaxScriptSteps = 1000ScriptTraceLevel =2;FilterSpecialCharacterHandling = 0 [NDS];Enable = 0;AllowExpiredAccountsForUsers = 0;ProfileForExpiredUsers = profile1;AllowGraceLoginsForUsers = 1;ProfileForGraceLoginUsers = profile2 [Server]s1= [Server/s1]Host=172.28.84.27Port = 21002BindName=cn=Directory ManagerBindPassword=sbrcarrier [Failure];Accept=0;Profile=xyz;FullName=Remote User [Request]%UserName = UserNameJuniper-WiMAX-Client-Type =clientTypeWiMAX-Capability.Values.Hotlining-Capabilities.Rule-based-By-NAS-Filter= hotlineCaps_nasWiMAX-Capability.Values.Hotlining-Capabilities.Profile-based= hotlineCaps_profile [Response]%Password = telephonenumber %Profile = profile @WiMAX-Hotline-Indicator= hotlineIndicator@WiMAX-Hotline-Profile-ID= hotlineProfile@WiMAX-Hotline-Session-Timer= hotlineTimer [Search/SubscriberRecord];Base = o=sbrsim, c=USBase =dc=carrier,dc=spgma,dc=juniper,dc=netScope = 2Filter = uid=<LDAPRecordKey>Attributes = SubscriberAttrTimeout = 20%DN = dn [Attributes/SubscriberAttr]profiletelephonenumberwimax-hotline-profile-idwimax-hotline-session-timerwimax-hotline-indicator

 

Modified: 2017-03-07