Cisco Cisco Packet Data Gateway (PDG)
PDSN Service Configuration Mode Commands
spi ▀
Command Line Interface Reference, StarOS Release 17 ▄
7899
secret
keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved
as part of the configuration file.
description
string
This is a description for the SPI.
string
must be an alpha and or numeric string of from 1 through 31
characters.
hash-algorithm
{
md5
|
rfc2002-md5
}
Default: md5
Specifies the hash-algorithm used between the PDSN service and the PCF.
Specifies the hash-algorithm used between the PDSN service and the PCF.
md5
: Configures the hash-algorithm to implement MD5 per RFC 1321.
rfc2002-md5
: Configures the hash-algorithm to implement keyed-MD5 per RFC 2002.
replay-protection
{
nonce
|
timestamp
}
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the PDSN service.
Specifies the replay-protection scheme that should be implemented by the PDSN service.
nonce
: Configures replay protection to be implemented using NONCE per RFC 2002.
timestamp
: Configures replay protection to be implemented using timestamps per RFC 2002.
timestamp-tolerance
tolerance
Default: 60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
zone
zone_id
Specifies the different PCF zones to configure in PDSN service. Mapping of a zone-number to a set of
PDSNs can be done per PDSN service basis.
zone_id must be an integer value between 1 and 32. A maximum of 32 PCF zones can be configured for a
PDSN service.
PDSNs can be done per PDSN service basis.
zone_id must be an integer value between 1 and 32. A maximum of 32 PCF zones can be configured for a
PDSN service.
Usage
An SPI is a security mechanism configured and shared by the PCF and the PDSN service. Please refer to IOS
4.1 and RFC 2002 for additional information.
Multiple SPIs can be configured if the PDSN service is communicating with multiple PCFs.
4.1 and RFC 2002 for additional information.
Multiple SPIs can be configured if the PDSN service is communicating with multiple PCFs.
Important:
The SPI configuration on the PCF must match the SPI configuration for the PDSN service on the
system in order for the two devices to communicate properly.
Use the
no
version of this command to delete a previously configured SPI.
This command used with
zone
zone_id
redirects all calls on the basis of PCF zone to the specific PDSN on
the basis of parameters configured at policy pcf-zone-match command.
Example
The following command configures the PDSN service to use an SPI of 256 when communicating with a PCF
with the IP address 192.168.0.2. The key that would be shared between the PCF and the PDSN service is
q397F65.
with the IP address 192.168.0.2. The key that would be shared between the PCF and the PDSN service is
q397F65.