Navigation
Back up to About Overview
[+] Expand All
[-] Collapse All
- Steel-Belted Radius Carrier 8.3.0 Administration
and Configuration Guide
- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- About This Guide
- Product Overview
- Steel-Belted Radius Carrier Overview
- Introduction to Steel-Belted Radius Carrier
- SBR Carrier Core Features
- Management Interfaces
- Optional SIM Authentication Module
- Optional WiMAX Mobility Module Features
- Optional Session Control Module
- Optional Scripting Module
- Optional Session State Register (High Availability) Module
- Optional Concurrency Module
- Optional 3GPP AAA Module
- Licensing
- Steel-Belted Radius Carrier Overview
- Web GUI Overview
- Using Web GUI
- Running the Web GUI
- Navigating in the Web GUI
- Adding License Keys
- Displaying Version Information
- Closing the Web GUI
- Using Web GUI
- RADIUS Operations
- RADIUS Basics
- RADIUS Overview
- RADIUS Packets
- RADIUS Ports
- RADIUS Configuration
- Multiple RADIUS Servers
- Shared Secrets
- Accounting
- Attributes
- Dictionaries
- Structured Attributes
- User Attribute Lists
- Attribute Values
- Default Values
- Wildcard Support
- Attribute Filtering
- Adding NAS Location Attributes to Access-Requests
- Specifying IPv4 Address Classes
- Centralized Configuration Management
- Proxy RADIUS
- Authentication
- Authentication Methods
- Configuring the Authentication Sequence
- Configuring Authentication Methods
- Advanced Options
- Two-Factor Authentication
- Password Protocols
- Accounting
- Request Routing
- Match Rules
- User-Names with a Single Delimiter
- User-Names with Multiple Suffix Delimiters
- User-Names with Multiple Prefix Delimiters
- Undecorated User-Names
- Request Routing by DNIS
- Request Routing by Any Attribute
- Local Services
- Control over Routing Methods
- Radius Client Groups
- IP Address Assignment
- Resource Management
- Network Address Assignment
- Concurrent Network Connections
- Attribute Value Pooling
- Phantom Records
- IPv6 Support
- RADIUS Overview
- Administering RADIUS Clients and Client Groups
- Administering RADIUS Location Groups
- Administering Users
- Users Overview
- User Files
- Setting Up Native Users
- Setting Up UNIX Users or Groups
- Administering Profiles
- Administering Proxy RADIUS
- Proxy RADIUS Overview
- Adding a Proxy Target
- Editing a Proxy Target
- Deleting a Proxy Target
- Steel-Belted Radius Carrier as a Target
- Administering RADIUS Tunnels
- About RADIUS Tunnels
- Tunnel Authentication Sequence
- Configuring Tunnel Support
- Concurrent Tunnel Connections
- Configuring RADIUS Tunnels
- Configuring Tunnel Name Parsing
- About RADIUS Tunnels
- Administering Address Pools
- Address Pools for Standalone Servers versus Servers in a SSR Cluster
- Address Pool Files
- Adding an IPv4 Address Pool
- Editing an IPv4 Address Pool
- Deleting an IPv4 Address Pool
- Specifying an IP Address Pool for User/Profile Records
- NAD-Specific IP Address Pools
- Service-Level IP Address Pools
- Specifying IP Address Assignment from a DHCP Server
- Setting Up Administrator Accounts
- Configuring Realm Support
- Setting Up Filters
- Setting Up Authentication Policies
- Authentication Policy Overview
- Order of Authentication Methods
- Adding EAP Methods to an Authentication Policy
- Certificates
- Certificate Chains
- Certificate Revocation Lists
- Configuring Server Certificates
- Trusted Root Certificates
- Configuring a CRL Distribution Point Web Proxy
- Configuring Authentication Rejection Messages
- Configuring the Server
- Setting Up EAP Methods
- About the Extensible Authentication Protocol
- EAP-TLS Authentication Protocol
- Configuring EAP-TLS as an EAP Authentication Method
- Configuring EAP-TLS as an Automatic EAP Helper
- EAP-TTLS Authentication Protocol
- Configuring EAP-TTLS as an EAP Authentication Method
- EAP-PEAP Authentication Protocol
- Configuring EAP-PEAP as an EAP Authentication Method
- EAP-MD5-Challenge Authentication Protocol
- EAP-MS-CHAP-V2 Authentication Protocol
- EAP-SIM and EAP-AKA Authentication Protocols
- Configuring Replication
- Overview of Replication
- Replication Requirements
- Adding a Replica Server
- Enabling a Replica Server
- Editing a Replica Server
- Deleting a Replica Server
- Publishing Server Configuration Information
- Notifying Replica RADIUS Servers
- Designating a New Primary Server
- Making a Standalone Server the Primary Server
- Making a Standalone Server a Replica Server
- Verifying the Primary and Replica Servers Are Enabled
- Demote a Primary or Replica Server to a Standalone Server
- Recovering a Replica After a Failed Configuration Package Download
- Changing the Name or IP Address of a Server
- Replication Error Messages
- 3GPP Support
- RADIUS Basics
- Diameter Operations
- Diameter Basics
- Diameter Overview
- Communication between SBR Carrier Server and the Elements in LTE Network
- Diameter Authentication Process
- Diameter Authorization Process
- RADIUS to Diameter Translation
- Administering the Local Network Element
- Local Network Element Overview
- Configuring SBR Carrier Server Identification
- Configuring the Diameter Message Transport
- Administering Diameter Remote Network Elements
- Remote Network Element Overview
- Creating and Configuring a New Diameter Remote Network Element
- Adding Diameter Connections to the Diameter Remote Network Element
- Assigning Functions to the Diameter Remote Network Element
- Configuring Implicit Routing Rules
- Editing a Diameter Remote Network Element
- Deleting a Diameter Remote Network Element
- Administering the Diameter Policy
- Policy Overview
- Configuring a Local Profile
- Creating a Local Profile
- Configuring Authorization Attributes
- Configuring a Non-3GPP Interworking Policy for SWa Reference Point
- Configuring a Non-3GPP Interworking Policy for SWm Reference Point
- Configuring a Non-3GPP Interworking Policy for S6b Reference Point
- Editing a Local Profile
- Deleting a Local Profile
- Creating a Local Profile
- Configuring Local Profile Selection
- Creating a New Profile Selection Rule Set
- Creating New Matching Rules
- Editing Profile Selection Rule Sets
- Deleting Profile Selection Rule Sets
- Creating a New Profile Selection Rule Set
- Administering Request Routing Rules
- Request Routing Rules Overview
- Configuring Request Routing Rules
- Defining Explicit Routing Rules
- Displaying Diameter Statistics
- Diameter Basics
- Back-End Authentication and Accounting Methods
- Configuring SQL Authentication
- Overview of SQL Authentication
- Configuring SQL Authentication
- Connecting to the SQL Database
- SQL Statement Construction
- Overlapped Execution of SQL Statements
- %result Parameter
- SQL Authentication and Password Format
- Working with Stored Procedures in Oracle
- Working with Stored Procedures in MS-SQL
- Example 1
- Example 2
- Tips on Using SQL Stored Procedures
- Calling Stored Procedures
- Using the Insert Function
- Configuring
SQL Accounting
- SQL Accounting Overview
- Configuring SQL Accounting
- Connecting to the SQL Database
- SQL Statement Construction
- SQL Accounting Return Values
- Accounting Stored Procedure Example
- Configuring LDAP Authentication
- LDAP Authentication Overview
- LDAP Variable Table
- Types of LDAP Authentication
- Configuring LDAP Authentication
- Supporting Secure Sockets Layer
- Files
- LDAP Database Schema
- LDAP Authentication and Password Format
- LDAP Authentication Sequence
- LDAP Authentication Examples
- LDAP Authentication Overview
- SS7 and SIGTRAN Gateway Support
- Proxy RADIUS Authentication and Accounting
- HSS-Subscriber Database
- Configuring SQL Authentication
- Management Interfaces
- Simple Network Management Protocol
- SNMP and Steel-Belted Radius Carrier Overview
- Configuring the SNMP Agent
- Running the SNMP Agent
- Logging Behavior of the SNMP Agent
- Verifying SNMP Agent Operation
- Resetting Rate Statistics
- Troubleshooting
- Using the LDAP Configuration Interface
- LDAP Configuration Interface File
- LDAP Configuration Interface Overview
- LDAP Utilities
- LDAP Requests
- Downloading the LDAP Utilities
- LDAP Version Compliance
- Configuring the LDAP TCP Port
- Configuring the LCI Password
- LDAP Virtual Schema
- LDAP Rules and Limitations
- Using the LCI to Define Structured Attributes in Check Lists and Return Lists
- LDAP Command Examples
- LDIF File Examples
- Statistics Variables
- Simple Network Management Protocol
- Optional Authentication Modules
- SIM Authentication Module
- SIM Authentication Module Component Overview
- Operation Overview
- SIM Authentication Module Configuration
- Special Attribute Handling Features
- Assigning IP Addresses Based on Access Point Name (APN)
- Adding Attributes to an Access-Accept
- Configuration Tasks for Adding Attributes to Access-Accept
- Kineto S1 Support
- Summary of Configuration Tasks for the SIM Authentication Module
- SIM Authentication Module Configuration with a SIGHUP (1) Signal
- Overview of the WiMAX Mobility Module
- Supported Features of the WiMAX Mobility Module
- WiMAX Network Reference Model
- AAA-Generated Cryptographic Keys
- Home Agent Root Key (HA-RK)
- DHCP Server Root Key (DHCP-RK)
- EAP Authentication Methods and EAP-Derived Cryptographic Keys
- WiMAX Vendor Specific Attribute (VSA) Format
- WiMAX Capabilities Negotiation
- WiMAX-Capability Attribute
- WiMAX-Capability Structured Attribute
- Enabling WiMAX Capabilities Negotiation
- WiMAX-Capability Attribute
- Home Agent and DHCP Server Assignment
- WiMAX Post-Paid (Offline) Accounting
- WiMAX Prepaid Accounting
- Prepaid Scenarios
- Single-Service Prepaid Solution
- Multi-Service Prepaid Solution
- Data Flow for Prepaid Accounting in SBR Carrier
- Data Flow for Single-Service Prepaid Accounting Model
- Data Flow for Multi-Service Prepaid Accounting Models
- Prepaid Scenarios
- Categorizing Access-Requests from Different Devices
- Configuring the WiMAX Mobility Module
- Before You Begin
- Configuring the radius.ini File for WiMAX
- Configuring the Home Agent and DHCP Server Assignment
- Define the List of Home Agents and DHCP Servers
- Configuring Return List Attributes to Assign the Home Agent
and DHCP Server
- Assignment When Acting as the HAAA Server
- Assignment When Acting as the VAAA Server
- Configuring Statically Weighted Round-Robin Groups to Assign the Home Agent and DHCP Server
- Configuring the Smart Dynamic Home Agent Assignment Feature
- Smart Dynamic Home Agent Assignment Configuration Overview
- Operation of the Smart Dynamic Home Agent Assignment Feature
- Access-Request Processing
- Configuring WiMAX Clients
- Configuring WiMAX Users and Profiles
- Configuring the WiMAX-Capabilities Negotiation
- Example Configuration for New Session Hotlining
- Configuring the WiMAX-Capabilities Negotiation
- Configuring the EAP Methods for WiMAX
- SIM Authentication Module
- Optional Session State Register (High Availability) Module
for a Clustered Environment
- Session State Register Overview
- SSR Cluster Overview
- Data Replication Between Two Different or Remote SSR Clusters
- SSR Cluster Concepts and Terminology
- Supported SBR Carrier SSR Cluster Configurations
- Failover Overview
- Failover Examples
- Failover Overview
- Session State Register Database Tables
- Session State Register Administration
- SSR Administration Overview
- Overview of Starting and Stopping a Session State Register Cluster
- Administration Scripts Overview
- SSR Database Management Scripts
- Steel-Belted Radius Carrier Node Administration Scripts
- Using IP Address and IP Address Pool Scripts
- Using Management Mode
- ClearCache.sh
- ShowCaches.sh
- AddPool.sh
- RenamePool.sh
- DelPool.sh
- ShowPools.sh
- AddRange.sh
- DelRange.sh
- ShowRanges.sh
- KillZombieAddrs.sh
- ShowAddrs.sh
- BackupIP.sh
- RestoreIP.sh
- Using IP Address and IP Address Pool Scripts
- SSR Session Management
- Administration Script Control Files
- Session State Register Overview
- Optional Concurrency Module
- Managing User Concurrency with Session State Register
- Overview
- How User Concurrency Works
- UserConcurrencyID Construction
- Retrospective Dynamicity
- Managing
Concurrency with Attributes in Session State Register
- Overview
- How Attribute-Based Concurrency Works
- Configuring Attribute-Based Concurrency
- Managing User Concurrency with Session State Register
- Managing and Controlling Sessions
- Introduction to Managing and Controlling Sessions in SBR Carrier
- Overview of Managing and Controlling Sessions in SBR Carrier
- Introduction
- Storing Sessions in the CST in a Standalone Server versus the
SSR Cluster
- Storing Sessions in the CST of a Standalone Server
- Storing Sessions in the CST of the SSR Cluster
- Session Management and Control Capabilities
- Available User Interfaces for Managing and Controlling Sessions
- Overview of Managing and Controlling Sessions in SBR Carrier
- Hosting CST As a Separate Executable Process
- Separate Session Database Process Overview
- Starting the RADIUS Process and Separate Session Database Process
- Stopping the RADIUS Process and Separate Session Database Process
- High Availability Functionality of the RADIUS and Separate Session Database Processes
- Overview of the Optional Session Control Module
- Change of Authorization/Disconnect Messages Overview
- How Steel-Belted Radius Carrier Processes CoA/DM Messages
- Current Sessions Table
- Formatting and Sending CoA/DM Requests with the Correct Attributes
- Controlled Devices and Actions
- Sequence and Flow of CoA/DM Requests Through Steel-Belted Radius Carrier
- Implementing CoA/DM Support
- Processing Dynamic Authorization (CoA/DM) Messages as a Proxy Server
- Processing Dynamic Authorization (CoA/DM) Messages as a Proxy Target
- Settings to Support the Proxy CoA/DM Functionality
- Using Web GUI to Manage and Control Sessions
- Current Sessions Overview
- Searching for Sessions Using Web GUI
- Setting Session Limits with Web GUI
- Executing CoA and Disconnect Requests Using Web GUI
- Using the Command Line Utility to Manage and Control Sessions
- Command Line Utility Overview
- Starting the Command Line Utility
- Using Command Line Arguments
- Access Control Arguments
- Action Arguments
- Setting Session Limits Using the Command Line Utility
- Examples of Issuing CoA/DM Requests Using the Command Line Utility
- Shortcut Arguments
- Finding All Sessions Using the Command Line Utility
- Command Line Utility Overview
- Configuring the deviceModels.xml File
- Summary of Allowed Elements in the deviceModels.xml File
- Element: action
- Element: actions
- Element: attributes
- Element: controlledDeviceModel
- Element: controlledDeviceModels
- Element: defaultAttribute
- Element: localSessionQuery
- Element: onFailure
- Element: onSuccess
- Element: onTimeout
- Element: overrideAttribute
- Element: radiusPort
- Element: radiusPorts
- Element: radiusRequest
- Element: requiredAttribute
- Element: sessionStop
- XML over HTTPS Interface
- XML over HTTPS Interface Overview
- XML Statement Construction
- Client Request Schema Example
- Client Request Elements
- Element: attribute
- Element: attributes
- Element: body
- Element: envelope
- Element: header
- Element: request
- Client Request Examples
- Client Response Schema Example
- Client Response Elements
- Element: attribute
- Element: attributes
- Element: body
- Element: clientRequest
- Element: clientResponse
- Element: clientResult
- Element: clientResults
- Element: defaultAttribute
- Element: deviceRequest
- Element: deviceRequestSpec
- Element: deviceResponse
- Element: deviceResult
- Element: deviceResults
- Element: envelope
- Element: header
- Element: optionalAttribute
- Element: overrideAttribute
- Element: requiredAttribute
- Element: sessionData
- Element: sessionRequest
- Element: sessionResponse
- Element: sessionResult
- Element: sessionResults
- Client Response Examples
- Example: Client Response to Query for Username ‘bob’
- Example: Client Response to Query for Any Username Using Wildcard
- Example: Client Response to Request for Action Called “foo” on Username TestUser9
- Example: Client Response to Request for Action Called “foo” on Username TestUser99
- Example: Client Response to RADIUS Disconnect
- Example: Client Response to Action Intercept
- Example: Client Response to Action Intercept
- Example: Client Response to Action Intercept
- Example CoA/DM Configuration
- Requirements of the CoA/DM Requests
- Requirements for Supporting the Attributes in CoA/DM Requests
- Configuring the Attribute Handling Parameters
- Example Result
- Configuring Lawful-Intercept between SBR Carrier and ERX Device
- Introduction to Managing and Controlling Sessions in SBR Carrier
- Statistics and Reporting
- Displaying Statistics
- Logging and Reporting
- Logging Files
- Displaying Authentication Log Files
- Using the Locked Accounts List
- Configuring the Log Retention Period
- Using the Server Log File
- Using the Authentication Log File
- Using the Accounting Log File
- Optional Scripting Module
- Introduction to Scripting
- Creating
Scripts
- Script Development Steps
- JavaScript Initialization Files
- Writing Steel-Belted Radius Carrier Scripts in JavaScript
- Saving the Script File
- Sample Script
- Debugging Scripts
- Creating LDAP Scripts
- LDAP Basics
- LDAP Request Life Cycle
- Unscripted LDAP Searches
- LDAP Script Basics
- Choosing the Return Code
- LDAP Script Return Codes
- LDAP Script Examples
- Creating Realm Selection Scripts
- Realm Selection Script Functions
- Enabling Built-In Realm Selection Methods
- Choosing the Return Code
- Configuring Realm Selection Scripts
- Core Realm Selection Scripts
- Tunneled Authentication Plug-in Realm Selection Scripts
- Realm Selection Script Examples
- Creating Attribute Filter Scripts
- Using Attribute Filter Scripts
- Attribute Filter Script Functions
- Choosing the Return Code
- Configuring Attribute Filter Scripts
- Attribute Filter Script Examples
- Working with Data Accessors
- Data Accessor Overview
- Variable Containers
- Internal Variable Table (LDAP Only)
- Data Accessor Configuration
- SQL Data Accessor Configuration
- LDAP Data Accessor Configuration
- Data Conversion Rules
- Data Accessor Configuration File Examples
- Script Reference
- JavaScript Types
- API Method Support by Script Type
- Local and Global Variable Declarations
- Global Object
- Logging and Diagnostic Methods
- SbrWriteToLog()
- SbrWriteToLogEx()
- SbrTrace()
- Logging and Diagnostic Methods
- Ldap Object
- Ldap Methods
- Ldap.Search()
- Ldap Methods
- LdapVariables Object
- LdapVariables Methods
- LdapVariables.Get()
- LdapVariables.Add()
- LdapVariables.Reset()
- LdapVariables Methods
- RealmSelector Object
- Constructor
- new RealmSelector()
- new CSTAccessor()
- new SessionControl()
- RealmSelector Methods
- Execute()
- SetAuthUserName()
- SetAuthProfile()
- SetLocationGroupProfile()
- CSTAccessor Methods
- Get()
- SetAuthUserName()
- SetAuthProfile()
- SetLocationGroupProfile()
- Constructor
- SessionControl Object
- AttributeFilter Object
- Constructor
- new AttributeFilter()
- AttributeFilter Methods
- AttributeFilter API
- Constructor
- DataAccessor Object
- Properties
- Constructor
- new DataAccessor()
- Methods
- SetInputVariable()
- GetOutputVariable()
- Execute()
- Clear()
- Appendixes
- When and How to Stop and Restart Steel-Belted Radius Carrier
- Authentication Protocols
- Importing and Exporting Data
- Technical Bulletins
- Service Type Mapping
- Configuration
- servtype.ini File
- Ascend Filter Translation
- Changing IP Addresses in an SSR Cluster Without Redefining the Cluster
- Service Type Mapping
- SIR.sh Script
- Thread and Flood Control Mechanism
- Glossary
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.
Technical Bulletins
This appendix contains the following technical bulletins:
- Service Type Mapping
- Ascend Filter Translation
- Changing IP Addresses in an SSR Cluster Without Redefining the Cluster
