Cisco Cisco Packet Data Gateway (PDG)
For simple IP sessions facilitated by PDSN services in which the authentication allow-noauth and aaa
constructed-nai commands are configured, this command provides a password used for the duration of the
session.
constructed-nai commands are configured, this command provides a password used for the duration of the
session.
For PDP contexts using an APN in which the outbound user name is configured with no password, this
command is used to provide the password.Additionally, this command is also used to provide a password for
situations in which an outbound username and password are configured and the authentication imsi-auth
command has been specified.
command is used to provide the password.Additionally, this command is also used to provide a password for
situations in which an outbound username and password are configured and the authentication imsi-auth
command has been specified.
The encrypted keyword is intended only for use by the system while saving configuration scripts. The system
displays the encrypted keyword in the configuration file as a flag that the variable following the password
keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of
the configuration file.
displays the encrypted keyword in the configuration file as a flag that the variable following the password
keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of
the configuration file.
If a password is configured with this keyword, then the specified password is used. Otherwise, an empty
user-password attribute is sent.
user-password attribute is sent.
Note that this configuration works in a different way for GGSN services. If a password is configured with
this keyword for GGSN service, the specified password is used.Otherwise, if an outbound password is
configured, that password is used. If no outbound password is configured, the RADIUS server secret is used
as the user-password string to compute the user-password RADIUS attribute.
this keyword for GGSN service, the specified password is used.Otherwise, if an outbound password is
configured, that password is used. If no outbound password is configured, the RADIUS server secret is used
as the user-password string to compute the user-password RADIUS attribute.
The NAI-construction consists of the subscriber's MSID, a separator character, and a domain. The domain
that is used is either the domain name supplied as part of the subscriber's user name or a domain alias.
that is used is either the domain name supplied as part of the subscriber's user name or a domain alias.
The domain alias can be set with the nai-construction domain command in the PDSN Service
Configuration mode, or the aaa default-domain subscriber command in the Global Configuration mode
for other core network services.
Configuration mode, or the aaa default-domain subscriber command in the Global Configuration mode
for other core network services.
Important
The domain alias is determined according to the following rules:
• If the domain alias is set by nai-construction domain, that value is always used and the aaa
default-domain subscriber value is disregarded, if set. The NAI is of the form
<msid><symbol><nai-construction domain>.
<msid><symbol><nai-construction domain>.
• If the domain alias is not set by nai-construction domain, and the domain alias is set by aaa
default-domain subscriber, the aaa default-domain subscriber value is used. The NAI is of the form
<msid><symbol><aaa default-domain subscriber>.
<msid><symbol><aaa default-domain subscriber>.
• If the domain alias is not set by nai-construction domain or aaa default-domain subscriber, the
domain name alias is the name of the source context for the PDSN service. The NAI is of the form
<msid><symbol><source context of PDSN Service>.
<msid><symbol><source context of PDSN Service>.
The special separator character can be one of the following six: @, -, %, \,-, /
The subscriber's MSID is constructed in one of the formats displayed in the following figure.
Examples
The following command configures the authentication password for the NAI-constructed user.
aaa constructed-nai authentication
aaa constructed-nai authentication
Command Line Interface Reference, Modes C - D, StarOS Release 19
477
Context Configuration Mode Commands A-D
aaa constructed-nai