Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

wimax.ini File

The wimax.ini configuration file contains parameters that control basic behavior of the WiMAX mobility module. You must configure the wimax.ini file for the WiMAX features you want Steel-Belted Radius Carrier to support. The features described in the wimax.ini file require a WiMAX mobility module license key, which is entered during installation. For details about installing Steel-Belted Radius Carrier, see the SBR Carrier Installation Guide.

Note: The wimax.ini file is read whenever Steel-Belted Radius Carrier restarts or receives a SIGHUP (1) signal. All other parameters in the [Settings] section can be updated by a SIGHUP (1) signal. See the UpdateWiMAX parameter in the update.ini File.

The wimax.dct file shipped with Steel-Belted Radius Carrier has been configured with the attributes necessary for supporting WiMAX in compliance with the WiMAX Forum Network Working Group standards.

[Settings] Section

The [Settings] section (Table 197) contains the settings that control the basic operation of the WiMAX mobility module.

Table 197: wimax.ini [Settings] Syntax

Parameter

Function

Add-Diagnostic- Reply-Message- To-Access-Reject

When an Access-Reject is rejected, a programmatically-generated Reply-Message attribute can be added to the Access-Reject. The Reply-Message contents may be used for diagnostic purposes.

  • If set to 0, do not add a Reply-Message to the Access-Reject.
  • If set to 1, add a Reply-Message to the Access-Reject.

Default value is 0.

Add-Funk- WiMAX-Client- Type-To-Request

The Funk-WiMAX-Client-Type attribute contains an integer value that specifies the type of RADIUS client sending the Access-Request or Accounting-Request. This information may be of use with scripts or stored procedures.

  • If set to 0, do not attach Funk-WiMAX-Client-Type attribute
  • If set to 1, attach Funk-WiMAX-Client-Type attribute.

Default value is 0.

Allow-Zero-WiMAX-MN-
hHA-MIP4-SPI

Specifies whether SBR Carrier should honor a request for an MIP4 key if the request contains a WiMAX-MN-hHA-MIP4-SPI attribute with a value of 0.

  • If set to 1, SBR Carrier returns the corresponding key, if present in the session database, in Access-Accept.
  • If set to 0, SBR Carrier does not return the key, even if it is present in the session database.

Default value is 0.

Chargeable-User-Identity-Type

Specifies the value of the Chargeable-User-Identity (CUI) attribute to attach to the Access-Accept. This value can be programmatically-generated or configured. Possible values are:

  • Session-Id
  • Return-List-Attr
  • True-Identity

Default value is Return-List-Attr.

The same CUI value is sent to both the ASN-GW and home agent. Because the CUI is attached to all Accounting-Requests, it can be used to match the accounting records associated with the ASN-GW and home agent, and for a single Mobile IP (MIP) session.

If you want to return a specific value for the CUI, you need to set this parameter to Return-List-Attr, and configure the attribute in a return list in either the User or Profile entry. The CUI attribute is attached to the Access-Accept message.

If you want the true identity of the user to be sent in the CUI, select True-Identity. For EAP-TTLS, the true identity is the inner identity. For EAP-AKA, the true identity is the Permanent Identity. These identify the actual username used for authentication by Steel-Belted Radius Carrier not a pseudo-identity or alternate identity.

If you want each MIP session to be uniquely identified, select Session-Id. The AAA-Session-Id sent to the ASN-GW is used as a unique identifier of the MIP session.

Note: This setting is applicable only for SBR acting as HAAA.

Check-CN-In-TTLS-Client-
Certificate

Enables and disables checking of the Common Name (CN) field of a client certificate in TTLS authentication.

If enabled, the MAC Address field of the client certificate is verified against the Calling-Station-Id in the outer Access-Request; if they do not match, the request is rejected.

  • If set to 0, checking of the CN field is disabled.
  • If set to 1, the CN is required to start with the 12 character hex representation of the MAC address, which must match the Calling-Station-Id request attribute (according to WiMAX specifications). Non-hex characters in the Calling-Station-Id are skipped in the check.

DHCPRK-Lifetime-Secs

Specifies the DHCP-RK (root key) lifetime for all DHCP servers in seconds. The DHCP-RK key is cryptographic key and is a random number generated by the AAA server.

Default value is 86400 seconds (24 hours).

DisableHaPhantom

Enables or disables the creation of phantom records for authentication messages from the home agent.

If this parameter is enabled, Steel-Belted Radius Carrier does not create phantom sessions for authentication requests from the home agent.

  • If set to 0, phantom session records are enabled for authentication messages from the home agent.
  • If set to 1, phantom session records are disabled for authentication messages from the home agent.

Default value is 0.

Enable

Specifies whether the WiMAX mobility module is enabled.

  • If set to 0, WiMAX is disabled.
  • If set to 1, WiMAX is enabled.

Default value is 0.

Encrypt-Chargeable-User-Identity

Specifies whether to salt-encrypt the value of the Chargeable-User-Identity attribute attached to the Access-Accept.

  • If set to 0, do not salt-encrypt the Chargeable-User-Identity attribute.
  • If set to 1, salt-encrypt the Chargeable-User-Identity attribute.

Default value is 1.

Setting this value to 1 ensures the user identity is uniquely encrypted for each session. In WiMAX, even when an identity is encrypted, if it is encrypted in the same way each time (encryption of the identity results in the same cipher text each time), then the user's network traffic can be identified and tracked, even if the true identity of the user is not known. When Steel-Belted Radius Carrier salt-encrypts the CUI, the cipher text value is different for each encryption. Encryption is especially important when the CUI contains the true identity of the user.

Note: This setting is applicable only for SBR acting as HAAA.

HA-Dynamic -Addr-Weight -File = <path/filename>

Specifies the path and filename of the dynamically updated file used by the smart dynamic home agent assignment feature. This file contains pairs of IP addresses and weights, and is read by SBR Carrier upon the receipt of a signal (either SIGHUP (1) or SIGUSR2 (17), as defined in update.ini file. For more information about the smart dynamic home agent assignment feature, see the SBR Carrier Administration and Configuration Guide.

HARK-Lifetime-Secs

Specifies the HA-RK (root key) lifetime for all home agents in seconds. The HA-RK key is cryptographic key and is a random number generated by the AAA server.

Default value is 86400 seconds (24 hours).

  

[ASNGW-Requests] Section

The [ASNGW-Requests] section (Table 198) contains the settings that control the processing of ASN-GW (Access Server Network-Gateway) requests.

Table 198: wimax.ini [ASNGW-Requests] Syntax

Parameter

Function

Accept-ASNGW-Requests

Specifies whether ASN-GW request processing is enabled.

  • If set to 0, ASN-GW request processing is disabled. If an Access-Request is received from an ASN-GW, the request is rejected.
  • If set to 1, ASN-GW request processing is enabled. If an Access-Request is received from an ASN-GW, the request is processed.

Default value is 0.

Add-Funk-WiMAX-Auth-Mode-To-
Access-Request

Specifies whether to attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request. The Funk-WiMAX-Auth-
Mode attribute contains the numeric value to the right of the equal sign in any {am=} decoration prepended to the User-Name. For example, if the User-Name contains {am=2} joe@bigco.com, then the Funk-WiMAX-Auth-Mode attribute value is 2. This information is useful for scripts and stored procedures.

  • If set to 0, do not attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request.
  • If set to 1, attach the Funk-WiMAX-Auth-Mode attribute to the Access-Request.

Default value is 0.

Note: For authentication methods with both inner and outer authentication such as EAP-PEAP and EAP TTLS, the Funk-WiMAX-Auth-Mode attribute is set in the outer authentication method. To transfer it to the inner authentication method, the EAP method must be configured to pass the outer attributes to the inner request by setting the Transfer_Outer_Attribs_to_New parameter. This is set either in the .aut configuration file, or on the Request Filters tab in the EAP Methods List page in Web GUI.

Note: For more details about the Funk-WiMAX-Auth- Mode attribute, see the radius.dct dictionary that is shipped with Steel-Belted Radius Carrier.

Add-Generated-PMIP-Auth-Id-To-
Access-Accept

Steel-Belted Radius Carrier can optionally generate the PMIP-Authenticated-Identity. This parameter specifies whether to add the value for the PMIP-Authenticated-Identity to the Access-Accept.

  • If set to 0, do not attach the PMIP-Authenticated-Identity to the Access-Accept.
  • If set to 1, attach the PMIP-Authenticated-Identity to the Access-Accept.

Default value is 0.

Add-MSK-To-Access-Accept

Specifies whether to add the WiMAX-MSK to the Access-Accept.

MPPE keys will go out if configured in EAP-TLS, EAP-TTLS, EAP-SIM or EAP-AKA plug-in.

  • If set to 1, WiMAX-MSK is added to the Access-Accept.
  • If set to 0, WiMAX-MSK is not added to the Access-Accept.

The default value is 0.

Allow-VAAA-To -Assign-Home-Agent-And- DHCP-Server

Specifies whether or not to allow the VAAA server to assign the home agent and DHCP server IP addresses. If the VAAA server can assign the home agent and DHCP server IP addresses, it attaches the vHA-IP-MIP4 attribute to the Access-Request it proxies to the Home Authentication, Authorization, and Accounting (HAAA) server. If the HAAA server is configured to allow the VAAA server to assign the home agent and DHCP server IP addresses, then the HAAA server attaches that same vHA-IP-MIP4 attribute to the Access-Accept returned to the VAAA server. For more information about configuring the home agent and DHCP server when using WiMAX, see the SBR Carrier Administration and Configuration Guide.

  • If set to 0, do not allow the VAAA server to assign the home agent and DHCP server IP addresses.
  • If set to 1, allow the VAAA server to assign the home agent and DHCP server IP addresses. If this parameter is set to 1 and the VAAA server attaches the vHA-IP-MIP4 attribute to the Access-Request, then the HAAA server attaches the following additional attributes to the Access-Accept: vHA-IP-MIP4, MN-vHA-MIP4-KEY, and MN-vHA-MIP4-SPI.

Default value is 0.

ASNGW-Accept-Filter

Specifies the name of the attribute filter to be applied to the ASN-GW Access-Accept parameter before the session is recorded. You can use this parameter to specify regular or scripted filters. If no filter is specified, all attributes are returned unchanged.

If no filter is specified, all attributes are returned unchanged.

Note: You must define all filters using the Web GUI. Do not edit the filter.ini file manually. For more information, see the SBR Carrier Administration and Configuration Guide.

Default value is no filter.

ASNGW-PostSession-Filter

Specifies the name of the attribute filter to be applied to the ASN-GW Access-Accept parameter after the session is recorded. You can use this parameter to specify regular or scripted filters. If no filter is specified, all attributes are returned unchanged.

Note: You must define all filters using the Web GUI. Do not edit the filter.ini file manually. For more information, see the SBR Carrier Administration and Configuration Guide.

Default value is no filter.

[ASNGW-Requests/<name>] Section

Multiple sections with names of the style [ASNGW-Requests/< name >] can also exist in the wimax.ini file. These sections are only referenced when a proxy realm’s configuration file (.pro) contains an ASNGW-Requests-Section setting in its [WiMAX] section.

Specifying this option in a realm’s configuration file puts the options in the matching ASNGW user authentication request processing section of the wimax.ini file in effect for all ASNGW user authentication request transactions that are processed by the proxy realm. As a result, the settings in this section are used instead of the settings in the [ASNGW-Requests] section for transactions processed against the proxy realm.

The options in these sections are identical to those documented for the [ASNGW-Requests] section, which is described on [ASNGW-Requests] Section.

Note: This section only applies to the WiMAX VAAA configuration.

[Home-Agent-Requests] Section

The [Home-Agent-Requests] section (Table 199) contains the settings that control the processing of the home agent requests.

Table 199: wimax.ini [Home-Agent-Requests] Syntax

Parameter

Function

Accept-Home-Agent-Requests

Specifies whether home agent Access-Request processing is enabled.

  • If set to 0, home agent request processing is disabled. If an Access-Request is received from a home agent, the request is rejected.
  • If set to 1, home agent request processing is enabled. If an Access-Request is received from a home agent, the request is processed.

Default value is 0.

Add-Funk-Full-User-Name-To-Access-
Request

Specifies whether to attach the Funk-Full-User-Name attribute to the Access-Request. The Funk-Full-User-Name attribute contains the true identity of the user. For the EAP-TTLS method, this is the inner identity, for the EAP-TLS method, this is the identity obtained from the certificate, for the EAP-AKA method, this is the permanent identity.

  • If set to 0, do not attach the Funk-Full-User-Name attribute to the Access-Request.
  • If set to 1, attach the Funk-Full-User-Name attribute to the Access-Request.

Default value is 0.

Note: For more details about the Funk-Full-User- Name attribute, see the radius.dct dictionary that is shipped with Steel-Belted Radius Carrier.

Check-Rcvd-HA-IP-MIP-Same-As-
Assigned-By-HAAA

Specifies whether to check if the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW specifies the IP address of the assigned home agent in the home network. The home HA-IP-MIP4 attribute received from a home agent identifies that particular home agent.

  • If set to 0, do not check the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW.
  • If set to 1, check the home HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If the received home HA-IP-MIP4 attribute is not the assigned home HA-IP-MIP4 attribute, then the home agent request is rejected.

Default value is 0.

Note: For this parameter to work, you need to uncomment the Sbr_HaType column in the WimaxTables.sql script and re-create the database. For the standalone version of SBR, the Sbr_HaType column is available and this parameter works by default. The Sbr_HaType column in the WiMAX table is optional.

Check-Rcvd-HA-IP-MIP-Same-As-
Assigned-By-VAAA

Specifies whether to check if the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW specifies the IP address of the assigned home agent in the visited network. The visited HA-IP-MIP4 attribute received from a home agent identifies that particular home agent.

  • If set to 0, do not check the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW.
  • If set to 1, check the visited HA-IP-MIP4 attribute sent from the home AAA server to the ASN-GW. If the received visited HA-IP-MIP4 attribute is not the assigned visited HA-IP-MIP4 attribute, then the home agent request is rejected.

Default value is 0.

Home-Agent-Accept-Filter

Specifies the name of the attribute filter to be applied to the home agent Access-Accept. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

Note: You must define all filters using the Web GUI. Do not edit the filter.ini file manually. For more information, see the SBR Carrier Administration and Configuration Guide.

Default value is no filter.

[DHCP-Server-Requests] Section

The [DHCP-Server-Requests] section (Table 200) contains the settings that control the processing of the DHCP server requests.

Table 200: wimax.ini [DHCP-Server-Requests] Syntax

Parameter

Function

Accept-DHCP-Server-Requests

Specifies whether DHCP server request processing is enabled.

  • If set to 0, any DHCP server request is rejected.
  • If set to 1, DHCP server request processing is enabled.

Default value is 0.

DHCP-Server-Accept-Filter

Specifies the name of the attribute filter to be applied to the DHCP server Access-Accept. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

Note: You must define all filters using the Web GUI. Do not edit the filter.ini file manually. For more information, see the SBR Carrier Administration and Configuration Guide.

Default value is no filter.

[Other-Requests] Section

The [Other-Requests] section (Table 201) specifies how other Accept-Requests (ones that do not fit in any of the other categories of ASN-GW, home agent, or DHCP server) from a client are handled.

Table 201: wimax.ini [Other-Requests] Syntax

Parameter

Function

Other-Accept-Filter

Specifies the name of the filter to be applied to attributes in an Access-Accept in response to all requests of type Other. You can use this parameter to specify regular or scripted filters.

If no filter is specified, all attributes are returned unchanged.

Note: You must define all filters using the Web GUI. Do not edit the filter.ini file manually. For more information, see the SBR Carrier Administration and Configuration Guide.

Default value is no filter.

Pass-On-Other-Requests

Specifies whether Access-Request processing is enabled from a RADIUS client that is not an ASN-GW, home agent, or DHCP server.

  • If set to 0 (disabled) and an Access-Request is received from such a client, then the request is rejected.
  • If set to 1 (enabled), then the WiMAX mobility modules apply the filter (specified in the Other-Accept-Filter parameter).

Default value is 0.

[HAs] Section

The [HAs] section lists the NAS-Identifier (for example, homeAgent.bigco.com) of each home agent from which an Access-Request is processed.

  • If the list is not empty and the received NAS-Identifier is not in the list, then the Access-Request is rejected.
  • If the list is empty, then Access-Requests from all home agents are processed.

[DHCPServers] Section

The [DHCPServers] section lists the NAS-Identifier (for example, dhcpServer.bigco.com) of each DHCP server from which an Access-Request is processed.

  • If the list is not empty and the received NAS-Identifier is not in the list, then the Access-Request is rejected.
  • If the list is empty, then Access-Requests from all DHCP servers are processed.

[RADIUS client-Access-Request-Required-Attributes] Sections

These sections list the attributes that must be present in an Access-Request to classify the RADIUS client as a WiMAX ASN-GW, home agent, DHCP server, or something else (Other).

  • [ASNGW-Access-Request-Categorization-Attributes] section
    If all attributes in the [ASNGW-Access-Request-Categorization-Attributes] section are present on the Access-Request, then the client is classified as ASN-GW; if not, check the attributes in the [Home-Agent-Access-Request-Categorization-Attributes] section.
    [ASNGW-Access-Request-Categorization-Attributes]
    User-Name
    Service-Type
    EAP-Message
    WiMAX-Capability
    NAS-Identifier
    NAS-Port-Type
    Calling-Station-Id
    GMT-Time-Zone-Offset
  • [Home-Agent-Access-Request-Categorization-Attributes] section
    If all attributes in the [Home-Agent-Access-Request-Categorization-Attributes] section are present on the Access-Request, then the client is classified as a home agent; if not, check the attributes in the [DHCP-Server-Access-Request-
    Required-Attributes] section.
    [Home-Agent-Access-Request-Categorization-Attributes]
    User-Name
    NAS-Identifier
    WiMAX-Capability
    MN-HA-MIP4-SPI
  • [DHCP-Server-Access-Request-Categorization-Attributes] section
    If all attributes in the [DHCP-Server-Access-Request-Categorization-Attributes] section are present on the Access-Request, then the client is classified as a DHCP server; if not, then the client is classified as other.
    [DHCP-Server-Access-Request-Categorization-Attributes]
    NAS-Identifier
    DHCP-RK-Key-ID

For more information about how Steel-Belted Radius Carrier categorizes Access-Request messages when using WiMAX, see the SBR Carrier Administration and Configuration Guide.

Example wimax.ini File

[Settings]
;Enable = 0
;HARK-Lifetime-Secs=86400
;DHCPRK-Lifetime-Secs=86400
;Add-Diagnostic-Reply-Message-To-Access-Reject = 0
;Chargeable-User-Identity-Type = Return-List-Attr
;Encrypt-Chargeable-User-Identity = 1
;Add-Funk-WiMAX-Client-Type-To-Request = 0
;DisableHaPhantom=0

[ASNGW-Requests]
;Accept-ASNGW-Requests = 0
;Allow-VAAA-To-Assign-Home-Agent-And-DHCP-Server = 0
;Add-Generated-PMIP-Auth-Id-To-Access-Accept= 0
;Add-Funk-WiMAX-Auth-Mode-To-Access-Request = 0
;ASNGW-Accept-Filter =

[Home-Agent-Requests]
;Accept-Home-Agent-Requests = 0
;Add-Funk-Full-User-Name-To-Access-Request = 0 ;Contains true identity
;Check-Rcvd-HA-IP-MIP-Same-As-Assigned-By-HAAA = 0
;Check-Rcvd-HA-IP-MIP-Same-As-Assigned-By-VAAA = 0
;Home-Agent-Accept-Filter =

[DHCP-Server-Requests]
;Accept-DHCP-Server-Requests = 0
;DHCP-Server-Accept-Filter =

[Other-Requests]
;Pass-On-Other-Requests = 0
;Other-Accept-Filter =

[HAs]
;homeAgent.bigco.com

[DHCPServers]
;dhcpServer.bigco.com

[ASNGW-Access-Request-Categorization-Attributes]
User-Name
Service-Type
EAP-Message
WiMAX-Capability
NAS-Identifier
NAS-Port-Type
Calling-Station-Id
WiMAX-GMT-Time-Zone-Offset

[Home-Agent-Access-Request-Categorization-Attributes]
User-Name
NAS-Identifier
WiMAX-Capability
WiMAX-MN-HA-MIP4-SPI

[DHCP-Server-Access-Request-Categorization-Attributes]
NAS-Identifier
WiMAX-DHCP-RK-Key-ID

Modified: 2018-01-11