Cisco Cisco Packet Data Gateway (PDG) Wartungshandbuch
New Feature Summary
Generally Available 06-30-2010
1-40
IPMS Support
IPMS is a licensed feature for PDIF. It provides access to more saved reporting and analysis
information. It supports MIBs as they are developed and bulkstats. It must be configured in
its own context.
information. It supports MIBs as they are developed and bulkstats. It must be configured in
its own context.
IPMS is described in detail in its own documentation suite, including online help files.
Multiple Authentication
Multiple Authentication is used when setting up a Proxy-Mobile-IP call with PDIF. In Stage
One the device is authenticated with an HSS server. In Stage Two, the subscriber is
authenticated with a AAA server over a RADIUS interface.
One the device is authenticated with an HSS server. In Stage Two, the subscriber is
authenticated with a AAA server over a RADIUS interface.
In Stage One, the authentication method must be EAP-AKA. In Stage Two, the
authentication must be either MD5 or GTC. If neither MD5 nor GTC is supported, the PDIF
can convert these authentication messages and use standard PAP/CHAP authentication
instead.
authentication must be either MD5 or GTC. If neither MD5 nor GTC is supported, the PDIF
can convert these authentication messages and use standard PAP/CHAP authentication
instead.
This is fully described in the “PDIF Overview” chapter in the PDIF Administration Guide.
Online Upgrade
PDIF is now using an online upgrade model called Active-Standby. This requires a license
to activate. Two chassis are connected by a redundancy link and Service Redundancy
Protocol (SRP) is used over the link to monitor and control chassis state. Both active and
standby chassis have SRP-Activated resources defined. Loopback interfaces are used in the
example in the Admin Guide.
to activate. Two chassis are connected by a redundancy link and Service Redundancy
Protocol (SRP) is used over the link to monitor and control chassis state. Both active and
standby chassis have SRP-Activated resources defined. Loopback interfaces are used in the
example in the Admin Guide.
"SRP-Activated" means that the resource is configured with
srp-activate
to make the
protocol work between the two chassis. These resources are the same between the Active
and Standby PDIF. Loop-back IP addresses in Ingress and Egress contexts and IP pools in
egress contexts are usually SRP-Activated resources. Only the active chassis enables the
SRP-Activated resources.
and Standby PDIF. Loop-back IP addresses in Ingress and Egress contexts and IP pools in
egress contexts are usually SRP-Activated resources. Only the active chassis enables the
SRP-Activated resources.
Online upgrade is discussed in the PDIF Administration Guide.
SRP and other required commands are documented in the Command Line Interface
Reference.
Reference.
Public and Private Key Mismatch Check
PDIF supports x.509 certificates. Every certificate has a public key of its own and
configuration on a PDIF is done with the public key and a private key. A mechanism has
now been added to verify the AUTH payload from PDIF using PDIF’s public key. If there is
a mis-match in the keys, you now see the following warning:
configuration on a PDIF is done with the public key and a private key. A mechanism has
now been added to verify the AUTH payload from PDIF using PDIF’s public key. If there is
a mis-match in the keys, you now see the following warning:
Failure: Public and Private key given for certificate does not match!