Cisco Cisco Packet Data Gateway (PDG)
StarOS Operation and Configuration
Terminology ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
29
Services
You configure services within a context to enable certain functionality. The Security Gateway is configured as a WSG
(Wireless Security Gateway) service in a dedicated context to enable SecGW service with a StarOS VM.
(Wireless Security Gateway) service in a dedicated context to enable SecGW service with a StarOS VM.
AAA Servers
Authentication, Authorization and Accounting (AAA) servers store profiles, perform authentication, and maintain
accounting records for each mobile data subscriber. The AAA servers communicate with StarOS over an AAA
interface. StarOS supports the configuration of up to 128 interfaces to AAA servers.
accounting records for each mobile data subscriber. The AAA servers communicate with StarOS over an AAA
interface. StarOS supports the configuration of up to 128 interfaces to AAA servers.
It is important to note that for Mobile IP, there can be Foreign AAA (FAAA) and Home AAA (HAAA) servers. FAAA
servers typically reside in the carrier’s network. HAAA servers could be owned and controlled by either the carrier or
the home network. If the HAAA server is owned and controlled by the home network, accounting data is transferred to
the carrier via an AAA proxy server.
servers typically reside in the carrier’s network. HAAA servers could be owned and controlled by either the carrier or
the home network. If the HAAA server is owned and controlled by the home network, accounting data is transferred to
the carrier via an AAA proxy server.
Important:
Mobile IP support depends on the availability and purchase of a standalone license or a license
bundle that includes Home Agent (HA).
Subscribers
Subscribers are the end-users of the service; they gain access to the Internet, their home network, or a public network
through StarOS.
through StarOS.
There are three primary types of subscribers:
RADIUS-based Subscribers: The most common type of subscriber, these users are identified by their
International Mobile Subscriber Identity (IMSI) number, an Electronic Serial Number (ESN), or by their
domain name or user name. They are configured on and authenticated by a RADIUS AAA server.
domain name or user name. They are configured on and authenticated by a RADIUS AAA server.
Upon successful authentication, various attributes that are contained in the subscriber profile are returned. The
attributes dictate such things as session parameter settings (for example, protocol settings and IP address
assignment method), and what privileges the subscriber has.
attributes dictate such things as session parameter settings (for example, protocol settings and IP address
assignment method), and what privileges the subscriber has.
Important:
Attribute settings received by StarOS from a RADIUS AAA server take
precedence over local-subscriber attributes and parameters configured on StarOS.
Local Subscribers: These are subscribers, primarily used for testing purposes, that are configured and
authenticated within a specific context. Unlike RADIUS-based subscribers, the local subscriber’s user profile
(containing attributes like those used by RADIUS-based subscribers) is configured within the context where
they are created.
(containing attributes like those used by RADIUS-based subscribers) is configured within the context where
they are created.
When local subscriber profiles are first created, attributes for that subscriber are set to StarOS’s default
settings. The same default settings are applied to all subscriber profiles, including the subscriber named default
which is created automatically by StarOS for each system context. When configuring local profile attributes,
the changes are made on a subscriber-by-subscriber basis.
settings. The same default settings are applied to all subscriber profiles, including the subscriber named default
which is created automatically by StarOS for each system context. When configuring local profile attributes,
the changes are made on a subscriber-by-subscriber basis.
Important:
Attributes configured for local subscribers take precedence over context-level
parameters. However, they could be over-ridden by attributes returned from a RADIUS AAA server.