- Steel-Belted Radius Carrier 8.3.0 Administration
and Configuration Guide
- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- About This Guide
- Product Overview
- Steel-Belted Radius Carrier Overview
- Introduction to Steel-Belted Radius Carrier
- SBR Carrier Core Features
- Management Interfaces
- Optional SIM Authentication Module
- Optional WiMAX Mobility Module Features
- Optional Session Control Module
- Optional Scripting Module
- Optional Session State Register (High Availability) Module
- Optional Concurrency Module
- Optional 3GPP AAA Module
- Licensing
- Steel-Belted Radius Carrier Overview
- Web GUI Overview
- Using Web GUI
- Running the Web GUI
- Navigating in the Web GUI
- Adding License Keys
- Displaying Version Information
- Closing the Web GUI
- Using Web GUI
- RADIUS Operations
- RADIUS Basics
- RADIUS Overview
- RADIUS Packets
- RADIUS Ports
- RADIUS Configuration
- Multiple RADIUS Servers
- Shared Secrets
- Accounting
- Attributes
- Dictionaries
- Structured Attributes
- User Attribute Lists
- Attribute Values
- Default Values
- Wildcard Support
- Attribute Filtering
- Adding NAS Location Attributes to Access-Requests
- Specifying IPv4 Address Classes
- Centralized Configuration Management
- Proxy RADIUS
- Authentication
- Authentication Methods
- Configuring the Authentication Sequence
- Configuring Authentication Methods
- Advanced Options
- Two-Factor Authentication
- Password Protocols
- Accounting
- Request Routing
- Match Rules
- User-Names with a Single Delimiter
- User-Names with Multiple Suffix Delimiters
- User-Names with Multiple Prefix Delimiters
- Undecorated User-Names
- Request Routing by DNIS
- Request Routing by Any Attribute
- Local Services
- Control over Routing Methods
- Radius Client Groups
- IP Address Assignment
- Resource Management
- Network Address Assignment
- Concurrent Network Connections
- Attribute Value Pooling
- Phantom Records
- IPv6 Support
- RADIUS Overview
- Administering RADIUS Clients and Client Groups
- Administering RADIUS Location Groups
- Administering Users
- Users Overview
- User Files
- Setting Up Native Users
- Setting Up UNIX Users or Groups
- Administering Profiles
- Administering Proxy RADIUS
- Proxy RADIUS Overview
- Adding a Proxy Target
- Editing a Proxy Target
- Deleting a Proxy Target
- Steel-Belted Radius Carrier as a Target
- Administering RADIUS Tunnels
- About RADIUS Tunnels
- Tunnel Authentication Sequence
- Configuring Tunnel Support
- Concurrent Tunnel Connections
- Configuring RADIUS Tunnels
- Configuring Tunnel Name Parsing
- About RADIUS Tunnels
- Administering Address Pools
- Address Pools for Standalone Servers versus Servers in a SSR Cluster
- Address Pool Files
- Adding an IPv4 Address Pool
- Editing an IPv4 Address Pool
- Deleting an IPv4 Address Pool
- Specifying an IP Address Pool for User/Profile Records
- NAD-Specific IP Address Pools
- Service-Level IP Address Pools
- Specifying IP Address Assignment from a DHCP Server
- Setting Up Administrator Accounts
- Configuring Realm Support
- Setting Up Filters
- Setting Up Authentication Policies
- Authentication Policy Overview
- Order of Authentication Methods
- Adding EAP Methods to an Authentication Policy
- Certificates
- Certificate Chains
- Certificate Revocation Lists
- Configuring Server Certificates
- Trusted Root Certificates
- Configuring a CRL Distribution Point Web Proxy
- Configuring Authentication Rejection Messages
- Configuring the Server
- Setting Up EAP Methods
- About the Extensible Authentication Protocol
- EAP-TLS Authentication Protocol
- Configuring EAP-TLS as an EAP Authentication Method
- Configuring EAP-TLS as an Automatic EAP Helper
- EAP-TTLS Authentication Protocol
- Configuring EAP-TTLS as an EAP Authentication Method
- EAP-PEAP Authentication Protocol
- Configuring EAP-PEAP as an EAP Authentication Method
- EAP-MD5-Challenge Authentication Protocol
- EAP-MS-CHAP-V2 Authentication Protocol
- EAP-SIM and EAP-AKA Authentication Protocols
- Configuring Replication
- Overview of Replication
- Replication Requirements
- Adding a Replica Server
- Enabling a Replica Server
- Editing a Replica Server
- Deleting a Replica Server
- Publishing Server Configuration Information
- Notifying Replica RADIUS Servers
- Designating a New Primary Server
- Making a Standalone Server the Primary Server
- Making a Standalone Server a Replica Server
- Verifying the Primary and Replica Servers Are Enabled
- Demote a Primary or Replica Server to a Standalone Server
- Recovering a Replica After a Failed Configuration Package Download
- Changing the Name or IP Address of a Server
- Replication Error Messages
- 3GPP Support
- RADIUS Basics
- Diameter Operations
- Diameter Basics
- Diameter Overview
- Communication between SBR Carrier Server and the Elements in LTE Network
- Diameter Authentication Process
- Diameter Authorization Process
- RADIUS to Diameter Translation
- Administering the Local Network Element
- Local Network Element Overview
- Configuring SBR Carrier Server Identification
- Configuring the Diameter Message Transport
- Administering Diameter Remote Network Elements
- Remote Network Element Overview
- Creating and Configuring a New Diameter Remote Network Element
- Adding Diameter Connections to the Diameter Remote Network Element
- Assigning Functions to the Diameter Remote Network Element
- Configuring Implicit Routing Rules
- Editing a Diameter Remote Network Element
- Deleting a Diameter Remote Network Element
- Administering the Diameter Policy
- Policy Overview
- Configuring a Local Profile
- Creating a Local Profile
- Configuring Authorization Attributes
- Configuring a Non-3GPP Interworking Policy for SWa Reference Point
- Configuring a Non-3GPP Interworking Policy for SWm Reference Point
- Configuring a Non-3GPP Interworking Policy for S6b Reference Point
- Editing a Local Profile
- Deleting a Local Profile
- Creating a Local Profile
- Configuring Local Profile Selection
- Creating a New Profile Selection Rule Set
- Creating New Matching Rules
- Editing Profile Selection Rule Sets
- Deleting Profile Selection Rule Sets
- Creating a New Profile Selection Rule Set
- Administering Request Routing Rules
- Request Routing Rules Overview
- Configuring Request Routing Rules
- Defining Explicit Routing Rules
- Displaying Diameter Statistics
- Diameter Basics
- Back-End Authentication and Accounting Methods
- Configuring SQL Authentication
- Overview of SQL Authentication
- Configuring SQL Authentication
- Connecting to the SQL Database
- SQL Statement Construction
- Overlapped Execution of SQL Statements
- %result Parameter
- SQL Authentication and Password Format
- Working with Stored Procedures in Oracle
- Working with Stored Procedures in MS-SQL
- Example 1
- Example 2
- Tips on Using SQL Stored Procedures
- Calling Stored Procedures
- Using the Insert Function
- Configuring
SQL Accounting
- SQL Accounting Overview
- Configuring SQL Accounting
- Connecting to the SQL Database
- SQL Statement Construction
- SQL Accounting Return Values
- Accounting Stored Procedure Example
- Configuring LDAP Authentication
- LDAP Authentication Overview
- LDAP Variable Table
- Types of LDAP Authentication
- Configuring LDAP Authentication
- Supporting Secure Sockets Layer
- Files
- LDAP Database Schema
- LDAP Authentication and Password Format
- LDAP Authentication Sequence
- LDAP Authentication Examples
- LDAP Authentication Overview
- SS7 and SIGTRAN Gateway Support
- Proxy RADIUS Authentication and Accounting
- HSS-Subscriber Database
- Configuring SQL Authentication
- Management Interfaces
- Simple Network Management Protocol
- SNMP and Steel-Belted Radius Carrier Overview
- Configuring the SNMP Agent
- Running the SNMP Agent
- Logging Behavior of the SNMP Agent
- Verifying SNMP Agent Operation
- Resetting Rate Statistics
- Troubleshooting
- Using the LDAP Configuration Interface
- LDAP Configuration Interface File
- LDAP Configuration Interface Overview
- LDAP Utilities
- LDAP Requests
- Downloading the LDAP Utilities
- LDAP Version Compliance
- Configuring the LDAP TCP Port
- Configuring the LCI Password
- LDAP Virtual Schema
- LDAP Rules and Limitations
- Using the LCI to Define Structured Attributes in Check Lists and Return Lists
- LDAP Command Examples
- LDIF File Examples
- Statistics Variables
- Simple Network Management Protocol
- Optional Authentication Modules
- SIM Authentication Module
- SIM Authentication Module Component Overview
- Operation Overview
- SIM Authentication Module Configuration
- Special Attribute Handling Features
- Assigning IP Addresses Based on Access Point Name (APN)
- Adding Attributes to an Access-Accept
- Configuration Tasks for Adding Attributes to Access-Accept
- Kineto S1 Support
- Summary of Configuration Tasks for the SIM Authentication Module
- SIM Authentication Module Configuration with a SIGHUP (1) Signal
- Overview of the WiMAX Mobility Module
- Supported Features of the WiMAX Mobility Module
- WiMAX Network Reference Model
- AAA-Generated Cryptographic Keys
- Home Agent Root Key (HA-RK)
- DHCP Server Root Key (DHCP-RK)
- EAP Authentication Methods and EAP-Derived Cryptographic Keys
- WiMAX Vendor Specific Attribute (VSA) Format
- WiMAX Capabilities Negotiation
- WiMAX-Capability Attribute
- WiMAX-Capability Structured Attribute
- Enabling WiMAX Capabilities Negotiation
- WiMAX-Capability Attribute
- Home Agent and DHCP Server Assignment
- WiMAX Post-Paid (Offline) Accounting
- WiMAX Prepaid Accounting
- Prepaid Scenarios
- Single-Service Prepaid Solution
- Multi-Service Prepaid Solution
- Data Flow for Prepaid Accounting in SBR Carrier
- Data Flow for Single-Service Prepaid Accounting Model
- Data Flow for Multi-Service Prepaid Accounting Models
- Prepaid Scenarios
- Categorizing Access-Requests from Different Devices
- Configuring the WiMAX Mobility Module
- Before You Begin
- Configuring the radius.ini File for WiMAX
- Configuring the Home Agent and DHCP Server Assignment
- Define the List of Home Agents and DHCP Servers
- Configuring Return List Attributes to Assign the Home Agent
and DHCP Server
- Assignment When Acting as the HAAA Server
- Assignment When Acting as the VAAA Server
- Configuring Statically Weighted Round-Robin Groups to Assign the Home Agent and DHCP Server
- Configuring the Smart Dynamic Home Agent Assignment Feature
- Smart Dynamic Home Agent Assignment Configuration Overview
- Operation of the Smart Dynamic Home Agent Assignment Feature
- Access-Request Processing
- Configuring WiMAX Clients
- Configuring WiMAX Users and Profiles
- Configuring the WiMAX-Capabilities Negotiation
- Example Configuration for New Session Hotlining
- Configuring the WiMAX-Capabilities Negotiation
- Configuring the EAP Methods for WiMAX
- SIM Authentication Module
- Optional Session State Register (High Availability) Module
for a Clustered Environment
- Session State Register Overview
- SSR Cluster Overview
- Data Replication Between Two Different or Remote SSR Clusters
- SSR Cluster Concepts and Terminology
- Supported SBR Carrier SSR Cluster Configurations
- Failover Overview
- Failover Examples
- Failover Overview
- Session State Register Database Tables
- Session State Register Administration
- SSR Administration Overview
- Overview of Starting and Stopping a Session State Register Cluster
- Administration Scripts Overview
- SSR Database Management Scripts
- Steel-Belted Radius Carrier Node Administration Scripts
- Using IP Address and IP Address Pool Scripts
- Using Management Mode
- ClearCache.sh
- ShowCaches.sh
- AddPool.sh
- RenamePool.sh
- DelPool.sh
- ShowPools.sh
- AddRange.sh
- DelRange.sh
- ShowRanges.sh
- KillZombieAddrs.sh
- ShowAddrs.sh
- BackupIP.sh
- RestoreIP.sh
- Using IP Address and IP Address Pool Scripts
- SSR Session Management
- Administration Script Control Files
- Session State Register Overview
- Optional Concurrency Module
- Managing User Concurrency with Session State Register
- Overview
- How User Concurrency Works
- UserConcurrencyID Construction
- Retrospective Dynamicity
- Managing
Concurrency with Attributes in Session State Register
- Overview
- How Attribute-Based Concurrency Works
- Configuring Attribute-Based Concurrency
- Managing User Concurrency with Session State Register
- Managing and Controlling Sessions
- Introduction to Managing and Controlling Sessions in SBR Carrier
- Overview of Managing and Controlling Sessions in SBR Carrier
- Introduction
- Storing Sessions in the CST in a Standalone Server versus the
SSR Cluster
- Storing Sessions in the CST of a Standalone Server
- Storing Sessions in the CST of the SSR Cluster
- Session Management and Control Capabilities
- Available User Interfaces for Managing and Controlling Sessions
- Overview of Managing and Controlling Sessions in SBR Carrier
- Hosting CST As a Separate Executable Process
- Separate Session Database Process Overview
- Starting the RADIUS Process and Separate Session Database Process
- Stopping the RADIUS Process and Separate Session Database Process
- High Availability Functionality of the RADIUS and Separate Session Database Processes
- Overview of the Optional Session Control Module
- Change of Authorization/Disconnect Messages Overview
- How Steel-Belted Radius Carrier Processes CoA/DM Messages
- Current Sessions Table
- Formatting and Sending CoA/DM Requests with the Correct Attributes
- Controlled Devices and Actions
- Sequence and Flow of CoA/DM Requests Through Steel-Belted Radius Carrier
- Implementing CoA/DM Support
- Processing Dynamic Authorization (CoA/DM) Messages as a Proxy Server
- Processing Dynamic Authorization (CoA/DM) Messages as a Proxy Target
- Settings to Support the Proxy CoA/DM Functionality
- Using Web GUI to Manage and Control Sessions
- Current Sessions Overview
- Searching for Sessions Using Web GUI
- Setting Session Limits with Web GUI
- Executing CoA and Disconnect Requests Using Web GUI
- Using the Command Line Utility to Manage and Control Sessions
- Command Line Utility Overview
- Starting the Command Line Utility
- Using Command Line Arguments
- Access Control Arguments
- Action Arguments
- Setting Session Limits Using the Command Line Utility
- Examples of Issuing CoA/DM Requests Using the Command Line Utility
- Shortcut Arguments
- Finding All Sessions Using the Command Line Utility
- Command Line Utility Overview
- Configuring the deviceModels.xml File
- Summary of Allowed Elements in the deviceModels.xml File
- Element: action
- Element: actions
- Element: attributes
- Element: controlledDeviceModel
- Element: controlledDeviceModels
- Element: defaultAttribute
- Element: localSessionQuery
- Element: onFailure
- Element: onSuccess
- Element: onTimeout
- Element: overrideAttribute
- Element: radiusPort
- Element: radiusPorts
- Element: radiusRequest
- Element: requiredAttribute
- Element: sessionStop
- XML over HTTPS Interface
- XML over HTTPS Interface Overview
- XML Statement Construction
- Client Request Schema Example
- Client Request Elements
- Element: attribute
- Element: attributes
- Element: body
- Element: envelope
- Element: header
- Element: request
- Client Request Examples
- Client Response Schema Example
- Client Response Elements
- Element: attribute
- Element: attributes
- Element: body
- Element: clientRequest
- Element: clientResponse
- Element: clientResult
- Element: clientResults
- Element: defaultAttribute
- Element: deviceRequest
- Element: deviceRequestSpec
- Element: deviceResponse
- Element: deviceResult
- Element: deviceResults
- Element: envelope
- Element: header
- Element: optionalAttribute
- Element: overrideAttribute
- Element: requiredAttribute
- Element: sessionData
- Element: sessionRequest
- Element: sessionResponse
- Element: sessionResult
- Element: sessionResults
- Client Response Examples
- Example: Client Response to Query for Username ‘bob’
- Example: Client Response to Query for Any Username Using Wildcard
- Example: Client Response to Request for Action Called “foo” on Username TestUser9
- Example: Client Response to Request for Action Called “foo” on Username TestUser99
- Example: Client Response to RADIUS Disconnect
- Example: Client Response to Action Intercept
- Example: Client Response to Action Intercept
- Example: Client Response to Action Intercept
- Example CoA/DM Configuration
- Requirements of the CoA/DM Requests
- Requirements for Supporting the Attributes in CoA/DM Requests
- Configuring the Attribute Handling Parameters
- Example Result
- Configuring Lawful-Intercept between SBR Carrier and ERX Device
- Introduction to Managing and Controlling Sessions in SBR Carrier
- Statistics and Reporting
- Displaying Statistics
- Logging and Reporting
- Logging Files
- Displaying Authentication Log Files
- Using the Locked Accounts List
- Configuring the Log Retention Period
- Using the Server Log File
- Using the Authentication Log File
- Using the Accounting Log File
- Optional Scripting Module
- Introduction to Scripting
- Creating
Scripts
- Script Development Steps
- JavaScript Initialization Files
- Writing Steel-Belted Radius Carrier Scripts in JavaScript
- Saving the Script File
- Sample Script
- Debugging Scripts
- Creating LDAP Scripts
- LDAP Basics
- LDAP Request Life Cycle
- Unscripted LDAP Searches
- LDAP Script Basics
- Choosing the Return Code
- LDAP Script Return Codes
- LDAP Script Examples
- Creating Realm Selection Scripts
- Realm Selection Script Functions
- Enabling Built-In Realm Selection Methods
- Choosing the Return Code
- Configuring Realm Selection Scripts
- Core Realm Selection Scripts
- Tunneled Authentication Plug-in Realm Selection Scripts
- Realm Selection Script Examples
- Creating Attribute Filter Scripts
- Using Attribute Filter Scripts
- Attribute Filter Script Functions
- Choosing the Return Code
- Configuring Attribute Filter Scripts
- Attribute Filter Script Examples
- Working with Data Accessors
- Data Accessor Overview
- Variable Containers
- Internal Variable Table (LDAP Only)
- Data Accessor Configuration
- SQL Data Accessor Configuration
- LDAP Data Accessor Configuration
- Data Conversion Rules
- Data Accessor Configuration File Examples
- Script Reference
- JavaScript Types
- API Method Support by Script Type
- Local and Global Variable Declarations
- Global Object
- Logging and Diagnostic Methods
- SbrWriteToLog()
- SbrWriteToLogEx()
- SbrTrace()
- Logging and Diagnostic Methods
- Ldap Object
- Ldap Methods
- Ldap.Search()
- Ldap Methods
- LdapVariables Object
- LdapVariables Methods
- LdapVariables.Get()
- LdapVariables.Add()
- LdapVariables.Reset()
- LdapVariables Methods
- RealmSelector Object
- Constructor
- new RealmSelector()
- new CSTAccessor()
- new SessionControl()
- RealmSelector Methods
- Execute()
- SetAuthUserName()
- SetAuthProfile()
- SetLocationGroupProfile()
- CSTAccessor Methods
- Get()
- SetAuthUserName()
- SetAuthProfile()
- SetLocationGroupProfile()
- Constructor
- SessionControl Object
- AttributeFilter Object
- Constructor
- new AttributeFilter()
- AttributeFilter Methods
- AttributeFilter API
- Constructor
- DataAccessor Object
- Properties
- Constructor
- new DataAccessor()
- Methods
- SetInputVariable()
- GetOutputVariable()
- Execute()
- Clear()
- Appendixes
- When and How to Stop and Restart Steel-Belted Radius Carrier
- Authentication Protocols
- Importing and Exporting Data
- Technical Bulletins
- Service Type Mapping
- Configuration
- servtype.ini File
- Ascend Filter Translation
- Changing IP Addresses in an SSR Cluster Without Redefining the Cluster
- Service Type Mapping
- SIR.sh Script
- Thread and Flood Control Mechanism
- Glossary
WiMAX Capabilities Negotiation
The ASN-GW and home agent each send a WiMAX-Capability attribute listing the capabilities they want to use in the session. The HAAA server selects from those received capabilities and responds with a WiMAX-Capability attribute listing the capabilities it can support for the session. The HAAA capabilities configuration (policy) may differ for the ASN-GW and home agent.
WiMAX-Capability Attribute
The WiMAX-Capability attribute is a structured VSA that contains subattributes that specify different capabilities that can be used in the session. If a subattribute (capability) was sent in the Access-Request, and the HAAA (Steel-Belted Radius Carrier) can support the capability, then the subattribute is returned in the Access-Accept message. If a subattribute (capability) is not sent in the Access-Request, it is not returned in the Access-Accept. Absence of a subattribute in the Access-Request, indicates the device (ASN-GW or home agent) does not support the capability.
WiMAX-Capability Structured Attribute
The WiMAX-Capability structured attribute may contain the following subattributes, each representing a specific WiMAX capability:
- WiMAX-Release attribute
- Accounting-Capabilities attribute
- Hotlining-Capabilities attribute
- Idle-Mode-Notification-Capabilities attribute
WiMAX-Release Attribute
The WiMAX-Release subattribute indicates the release of the WiMAX Forum Networking Group (NWG) specification supported by the device. Steel-Belted Radius Carrier supports releases 1.0, 1.1, 1.1.1, 1.1.2, and 1.2. The WiMAX-Release subattribute is sent in the Access-Request by both the ASN-GW and home agent. If Steel-Belted Radius Carrier supports the requested release number, it returns that same release number with the Access-Accept. If Steel-Belted Radius Carrier does not support the requested release number it rejects the request.
WiMAX-Accounting-Capabilities Attribute
The WiMAX-Accounting-Capabilities subattribute specifies the type of accounting to be used for the session. It must be sent in the Access-Request by both ASN-GW and home agent, and it must be returned to both the ASN-GW and home agent by the HAAA server in the Access-Accept.
Steel-Belted Radius Carrier supports flow-based and IP-session-based accounting. A value of None is allowed only at the home agent. If the ASN-GW indicates a value of None, the request is rejected.
For more details about accounting, see WiMAX Post-Paid (Offline) Accounting.
Hotlining-Capabilities Attribute
Hotlining is the practice of diverting a subscriber from their desired destination to a destination controlled by the service provider, in order to rectify specific circumstances related to the subscriber account. Hotlining is typically used to reconcile issues such as prepayment of services, delinquent account issues, account updates, and administrative functions (for example IP address renewal). The subscriber is typically redirected to a webpage to reconcile the issue. After the issue is resolved, they are redirected to their desired destination.
There are two types of hotlining:
- New session hotlining
- Active session hotlining
New session hotlining is the process of returning hotlining parameters attached to the Access-Accept. The hotlining parameters are returned in the Access-Accept message based on the value of the Hotlining-Capabilities subattribute in the WiMAX-Capability attribute. The hotlining parameters are returned as WiMAX hotlining attributes. The values of these attributes can be stored in either an SQL or LDAP database, and are retrieved using the SQL or LDAP authentication files (sqlauth.aut or ldapauth.aut).
Active session hotlining is the process of returning hotlining parameters through Change of Authorization (CoA) messages. For more information about SBR Carrier’s support for CoA messages, see Managing and Controlling Sessions.
For more information about configuring new session hotlining, see Example Configuration for New Session Hotlining.
Idle-Mode-Notification-Capabilities Attribute
Idle mode notification can be negotiated at the time of network access. During network access, if the ASN-GW sends the WiMAX-Capabilities attribute using the Idle-Mode-Notification-Capability sub-attribute, it indicates the ASN-GW supports idle mode notification. Absence in the Access-Request means that idle mode notification is not supported by the ASN-GW.
The HAAA server indicates it requires idle mode notification by returning this subattribute to the ASN-GW in the Access-Accept. Absence of this subattribute in the WiMAX-Capabilities attribute in the Access-Accept indicates the HAAA server does not require idle mode notification.
The Idle-Mode-Notification-Capabilities subattribute is never sent to the home agent.
Idle mode notification is negotiated at network access and occurs when the mobile station (for example, cell phone) enters or exits the idle mode. The accounting server at the CSN (connectivity service network) is notified about the idle mode transition through accounting messages.
Enabling WiMAX Capabilities Negotiation
WiMAX capabilities negotiation may be performed by adding capabilities subattributes to the user or profile return list and enabling the Echo option for each capability you want Steel-Belted Radius Carrier to support. When using the SQL or LDAP authentication plug-ins (for EAP-AKA), this is done by defining the attributes in the return list of a profile.
If you want Steel-Belted Radius Carrier to support all requested WiMAX capabilities defined in an Access-Request message, enable the Echo option on the parent WiMAX-Capability attribute. If you want to selectively choose what capabilities Steel-Belted Radius Carrier supports, enable the Echo at the subattribute level only.
For example, if you do not want to support idle mode notification, do not enable Echo for the Idle-Mode-Notification-Capability subattribute.
