Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring WiMAX Users and Profiles

 

To support WiMAX you need to configure a return list for either a user entry or profile entry that includes the attributes in Table 68:

Table 68: Mandatory Return List Attributes for WiMAX

Attribute

Description

WiMAX-hHA-IP-MIP4

Specifies the IP address for the home agent, and is also used as input to the formula for generating the keys associated with the session.

Session-Timeout

The session-timeout attribute is used as the lifetime for the keys.

WiMAX-Capabilities

Specifies the WiMAX capabilities the server supports for the session. You must also specify the associated subattributes for each capability you want to support, see Configuring the WiMAX-Capabilities Negotiation.

You can optionally specify the attribute described in Table 69 in the return list.

Table 69: Optional Return List Attribute for WiMAX

Attribute

Description

WiMAX-hDCHP-Server

Optionally, you can add the WiMAX-hDCHP-Server attribute to specify the IP address for DHCP server in the return list.

If the WiMAX-hDCHP-Server attribute is attached to the Access-Accept, then Steel-Belted Radius Carrier generates and attaches the following additional attributes to the Access-Accept:

  • Wi-MAX-hDHCP-RK

  • Wi-MAX-RK-Key-ID

  • Wi-MAX-RK-Lifetime

For complete details on configuring user and profile entries with return list attributes, see Configuring the WiMAX Mobility Module and Administering Profiles.

Configuring the WiMAX-Capabilities Negotiation

Configuring the WiMAX-Capabilities Negotiation

To configure WiMAX capabilities negotiation, you need to add the WiMAX-Capabilities attribute and subattributes to the return list of a user entry or profile entry. You can define the following subattributes (capabilities):

  • WiMAX-Release attribute

  • Accounting-Capabilities attribute

  • Hotlining-Capabilities attribute

  • Idle-Mode-Notification-Capabilities attribute

To enable support for a particular capability, add the subattribute to the return list, and enable the Echo option for the subattribute. When Steel-Belted Radius Carrier receives the subattribute (capability) in the Access-Request, it returns the subattribute in the Access-Accept indicating the capability is supported for the session. If you do not want Steel-Belted Radius Carrier to support a particular capability, do not enable the Echo option for it. If Steel-Belted Radius Carrier receives an Access-Request with the subattribute, it does not return the subattribute in the Access-Accept, indicating the capability is not be supported for the session. If a subattribute (capability) was never sent in the Access-Request, then it cannot be returned in the Access-Accept. Absence of a subattribute in the Access-Request indicates the device (ASN-GW or home agent) does not support the capability.

If you enable Echo on the WiMAX-Capability parent attribute, you cannot add subattributes. The Add Child button is disabled. In this case, Steel-Belted Radius Carrier echoes back whatever WiMAX capabilities it receives in the Access-Request message.

For more details on each of the WiMAX capabilities, see WiMAX-Capability Attribute.

For complete details on adding subattributes to the return list, see Adding Subattributes to a Structured Attribute.

Example Configuration for New Session Hotlining

Example Configuration for New Session Hotlining

This section provides an example configuration for new session hotlining. Because this example uses the EAP-TTLS authentication method, you need to create both a request and response filter. Both filters are created using the Web GUI. In this example the subattribute values are retrieved from an LDAP database (ldapauth.aut file).

Configuring the Filters

To configure request and response filters using the Web GUI:

  1. Select RADIUS Configuration > Filters.

    The Filters List page (Figure 232) appears.

    Figure 232: Filters List Page—Session Hotlining Filter Configuration
    Filters
List Page—Session Hotlining Filter Configuration
  2. Click Add.

    The Create Filter pane (Figure 233) appears.

    Figure 233: Adding New Session Hotlining Filter
    Adding New Session Hotlining
Filter
  3. In the Name field, enter the filter name as WiMAXHotlineFilter.

  4. Select the Exclude option button.

  5. Click Add in the Rules area.

    The Add Rule dialog box (Figure 234) appears.

    Figure 234: Adding Attributes and Values to Session Hotlining Filter
    Adding
Attributes and Values to Session Hotlining Filter
  6. Select the Add option button.

  7. Add the following attribute names and values to the filter:

    • WiMAX-Capability.Values.Hotlining-Capabilities.Profile-based attribute with the value set to 01.

    • WiMAX-Capability.Values.Hotlining-Capabilities.Rule-based-ByNAS-Filter attribute with the value set to 01.

  8. Click OK.

    The Rules area in the Create Filter pane (Figure 235) displays the updated lists of selected rules.

    Figure 235: Hotlining Capabilities Filter
    Hotlining
Capabilities Filter
  9. Click Save to save the filter configuration.

    The Filters List page (Figure 232) displays an updated list of filter entries.

  10. Click Add in the Filters List page (Figure 232) to add a TTLS-Accept filter.

    The Create Filter pane (Figure 236) appears.

    Figure 236: Adding TTLS-Accept Filter
    Adding TTLS-Accept
Filter
  11. In the Name field, enter the filter name as ttls_accept.

  12. Select the Allow option button.

  13. Click Add in the Rules area.

    The Add Rule dialog box (Figure 237) appears.

    Figure 237: Add Rule for TTLS-Accept Filter
    Add Rule
for TTLS-Accept Filter
  14. Select the Exclude option button.

  15. Add the following attribute names to the filter:

    1. Class

    2. EAP-Message

    3. MS-MPPE-Recv-Key

    4. MS-MPPE-Send-Key

    5. MS-CHAPV2-Success

  16. Click OK.

    The Rules area in the Create Filter pane (Figure 238) displays the updated lists of selected rules.

    Figure 238: TTLS-Accept Filter
    TTLS-Accept Filter
  17. Click Save to save the filter configuration.

    The Filters List page (Figure 232) displays an updated list of filter entries.

  18. Select RADIUS Configuration > Authentication Policies > EAP Methods.

    The EAP Methods List page (Figure 239) appears.

    Figure 239: EAP Methods List Page—Session Hotlining Filter Configuration
    EAP Methods List Page—Session
Hotlining Filter Configuration
  19. Select EAP-TTLS.

  20. Click the Request Filters tab (Figure 240).

    Figure 240: Request Filters Tab—Session Hotlining Filter Configuration
    Request Filters Tab—Session
Hotlining Filter Configuration
  21. Select the Transfer Outer Attribs to New check box and select WiMAXHotlineFilter from the Transfer Outer Attribs to New list.

  22. Click the Response Filters tab (Figure 241).

    Figure 241: Response Filters Tab—Session Hotlining Filter Configuration
    Response Filters Tab—Session
Hotlining Filter Configuration
  23. Select the Transfer Inner Attribs To Accept check box and select ttls_accept from the Transfer Inner Attribs To Accept list.

  24. Click Save to save the configuration.

  25. In the wimax.ini file, set the ASNGW-Accept-Filter parameter in the [ASN-GW-Requests] section to ttls_accept.

Configuring the LDAP Authentication File

For this example, the ldap.aut file shipped with Steel-Belted Radius Carrier is modified to retrieve the values of the subattributes.