Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Setting Up Native Users

 

This section describes how to add, edit, or delete a native user.

Adding a Native User

Adding a Native User

To add a native user to the SBR Carrier database using the Web GUI:

  1. Select RADIUS Configuration > Users > Native Users.

    The Native Users List page (Figure 29) appears.

    Figure 29: Native Users List Page
    Native Users List Page
  2. Click Add.

    The Create Native User pane (Figure 30) appears with the Basic Configuration tab selected.

    Figure 30: Create Native User Pane—Basic Configuration
    Create Native User Pane—Basic Configuration
  3. Enter a login name for the native user in the Name field.

    Native user entries in the SBR Carrier database have all uppercase names. No matter how the native username is typed when the account is created, it is converted to all uppercase letters. For example, a native username entered as realLife1 is stored as REALLIFE1 in the SBR Carrier database.

    Note

    The entered native username is not converted to uppercase letters during authentication request processing.

  4. Enter a login password in the Password field.

    Passwords are case-sensitive. If you want the characters in the password to display as you type, click Show. After viewing the characters, you can click Hide to hide the characters.

  5. Specify whether you want the login password to be encrypted before it is stored.

    • If the native user requires PAP authentication and you want to store the hash of the password in the SBR Carrier database, select the Store Hash of Password check box. This option allows the native user to authenticate using only PAP.

    • If the native user requires CHAP authentication, clear the Store Hash of Password check box.

  6. Optionally, enter a description for the native user in the Description field.

    The description you associate with a native user is not used during processing.

  7. If you want to use a profile to assign check list and return list attributes to the native user, use the Profile list to select the profile.

    For more information about profiles, see Administering Profiles.

    Note

    Attributes inherited from a profile are overridden by attributes assigned to a specific user.

  8. If you want to specify the maximum number of concurrent connections the native user can maintain, select the Concurrency check box and enter a number in the Max Connections field.

    When the user requests access, the user can be authenticated using the given authentication method only if fewer than the number of connections are currently open for the user.

  9. To add check list or return list attributes for the native user, click the Attributes tab (Figure 31).
    Figure 31: Create Native User Pane—Attributes
    Create Native User Pane—Attributes
  10. Click Add under the CheckList area or the ReturnList area.

    The Add CheckList Attribute or Add ReturnList Attribute dialog box Figure 32 appears.

    Figure 32: Add CheckList Attribute and Add ReturnList Attribute Dialogs
    Add CheckList Attribute and Add ReturnList Attribute Dialogs
  11. Select the attribute you want to add to the check list or return list from the attributes list.

    You can search the attributes by entering the attribute name in the text box.

  12. Select or enter a value for the selected attribute.

    The dialog changes according to the attribute you choose. Some attributes require that you enter a value, string, or IP address. Other attributes require that you choose from a fixed list of values.

    The Multivalued check box always appears dimmed, so you cannot select or clear this check box. If the Multivalued check box appears cleared, an attribute can have only one value. If the Multivalued check box appears selected, you can add multiple values for the attribute.

    The Orderable check box always appears dimmed, so you cannot select or clear this check box. If the Orderable check box appears selected, you can define the order of the multi-valued attributes. If the Orderable check box appears cleared, the attribute is neither a multi-valued attribute nor an orderable attribute.

    (Check list attributes only) To set the attributes value to the default value (which is useful in situations where the attribute is not included in the RADIUS request), select the Default check box.

    (Return list single-valued attributes only) If you do not want to specify a particular value, but want to make sure that whatever value of the attribute appears in the RADIUS request is echoed to the client in the RADIUS response, select the Echo check box.

    Note

    The echo property is disabled for multi-valued return list attributes. The echo property is also disabled for the Framed-IPv6-Address attribute regardless of its multi-value setting.

    Note

    You cannot define multiple instances of Framed-IPv6-Address attributes in a return list or check list. The Framed-IPv6-Address attribute can appear only once in a return list or check list.

  13. Click Add Attribute to add this AVP to the list.
  14. Repeat steps 11 through 13 to add more return list or check list attributes for the user.
  15. When you are finished adding AVPs, click Close.

    The CheckList area or the ReturnList area in the Create Native User pane (Figure 31) displays the updated list of selected attributes.

    You can modify the return or check list by using the Edit and Delete buttons. You can reorder the attributes by selecting each attribute and using the Up or Down arrow.

    Note

    The Up arrow is disabled, if the selected attribute is not orderable or if the selected attribute is already the first value. The Down arrow is disabled, if the selected attribute is not orderable or if the selected attribute is already the last value.

  16. Optionally, if you have added a structured or parent attribute to the native user, add its subattributes to the structured or parent attribute. For more information about how to add subattributes to a structured or parent attribute, see Adding Subattributes to a Structured Attribute.
  17. If you have added both Framed-IP-Address and Framed-IPv6-Prefix attributes to the return list, specify whether to return only the Framed-IPv6-Prefix attribute or both Framed-IP-Address and Framed-IPv6-Prefix attributes in the RADIUS response. In the When Both Framed-IP-Address and Framed-IPv6-Prefix Attributes Configured area, you can:

    • Select the Return Only Framed-IPv6-Prefix Attribute option to return only the Framed-IPv6-Prefix attribute in the RADIUS response.

    • Select the Return Both Attributes option to return both Framed-IP-Address and Framed-IPv6-Prefix attributes in the RADIUS response.

    Note

    The When Both Framed-IP-Address and Framed-IPv6-Prefix Attributes Configured area is enabled only if you have added both Framed-IP-Address and Framed-IPv6-Prefix attributes to the return list.

  18. Click Save to save the native user configuration.

    The Native Users List page (Figure 29) displays an updated list of native user entries.

Adding Subattributes to a Structured Attribute

Adding Subattributes to a Structured Attribute

The following terminologies are used in this section:

  • Attribute—used to represent a standard RADIUS attribute in the packet.

  • Parent or structured Attribute—used to describe an attribute that contains subattributes, rather than a conventional simple data type such as an integer. This may be a parent attribute, or it may itself be a subattribute.

  • Subattribute— refers to the data items within a structured or parent attribute. While the subattributes are frequently in TLV format, occasionally they are missing Type, Length, or both.

    Note

    Structured attributes (VSAs with subattributes) defined in return lists are added to the reply message as a whole unit, rather than their subattributes being added individually to any existing response VSAs. In this way they are treated just as unstructured VSAs.

    For example:

    • Attribute "ParentAttr" is defined as being a multivalue return list attribute, with possible subattributes "ChildAttrA" and "ChildAttrB".

    • A response already has a copy of "ParentAttr" with subattribute "ChildAttrA", for example from an authentication process.

    • A profile specifies that "ParentAttr" must be added with subattribute "ChildAttrB".

    The result is a response with two ParentAttr structured attributes:

      ParentAttr

        ChildAttrA

      ParentAttr

        ChildAttrB

    The result is not a response with a single ParentAttr:

      ParentAttr

        ChildAttrA

        ChildAttrB

To add subattributes to a structured attribute using the Web GUI:

  1. Select the parent attribute to which you want to add subattributes.

    In the example shown in Figure 33, WiMAX-Packet-Flow-Descriptor is the structured attribute to which you add subattributes.

    Note

    If you enable the Echo check box at the parent attribute level, you cannot add subattributes.

    Figure 33: Adding Subattributes
    Adding Subattributes
  2. Click Add Child.

    The Add CheckList Attribute or Add ReturnList Attribute dialog box appears. As an example, Figure 34 shows the Add ReturnList Attribute dialog box.

    Figure 34: Add ReturnList Attribute Dialog
    Add ReturnList Attribute Dialog
  3. Select Values and click Add Attribute.Note

    In most cases, the attributes list displays the subattributes appropriate for the selected parent attribute, and you simply select the desired subattribute and click Add Attribute. However, because WiMAX structured (parent) attributes are quite long, a continuation flag attribute is required. This is denoted by the Values attribute.

  4. Click Close.

    Values now appears under the parent attribute, indicating that you can add a subattribute (Figure 35).

    Figure 35: Parent Attribute
    Parent Attribute
  5. Select Values from the list and click Add Child.
  6. Select or enter a value for the subattribute.

    The dialog changes according to the subattribute. Some subattributes require that you enter a value, string, or IP address. Other subattributes require that you choose from a fixed list of values. Figure 36 shows an example in which TransportType is the subattribute and IPv4-CS has been selected as the value.

    Figure 36: Example Subattribute
    Example Subattribute
  7. Click Add Attribute to add this subattribute to the list.
  8. Repeat steps 6 and 7 to add more subattributes to the parent attribute.
  9. When you are finished adding subattributes, click Close.

    The CheckList area or the ReturnList area (Figure 37) displays the updated list of subattributes.

    You can modify the subattributes by using the Edit and Delete buttons.

    Figure 37: Structured Attributes Added
    Structured Attributes Added

Editing a Native User

Editing a Native User

To edit a native user entry in the SBR Carrier database using the Web GUI:

  1. Select RADIUS Configuration > Users > Native Users.

    The Native Users List page (Figure 29) appears.

  2. Select the native user entry that you want to edit.

    The Selected Native User pane (Figure 38) displays the settings configured for the native user entry.

    Figure 38: Selected Native User Pane
    Selected Native User Pane
  3. Edit the settings for the native user entry as appropriate.

    For information about the fields in the Selected User pane, see Adding a Native User.

    Note

    You cannot edit the name of the native user.

  4. Click Save to save the changes.

    The Native Users List page (Figure 29) displays an updated list of native user entries.

Deleting a Native User

Deleting a Native User

To delete a native user using the Web GUI:

  1. Select RADIUS Configuration > Users > Native Users.

    The Native Users List page (Figure 29) appears.

  2. Select the native user entry that you want to delete.
  3. Click Delete.

    A confirmation dialog box is displayed.

  4. Click Yes to confirm the delete request.

    The Native Users List page (Figure 29) displays an updated list of native user entries.