Cisco Cisco Tunnel Terminating Gateway (TTG)
encrypted secret enc_secret: Specifies the encrypted shared key (enc_secret) between the PCF and the PDSN
service. enc_secret must be between 1 and 254 alpha and/or numeric characters and is case sensitive.
service. enc_secret must be between 1 and 254 alpha and/or numeric characters and is case sensitive.
secret secret: Specifies the shared key (secret) between the PCF and the PDSN services. secret must be
between 1 and 127 alpha and/or numeric characters and is case sensitive.
between 1 and 127 alpha and/or numeric characters and is case sensitive.
The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system
displays the encrypted keyword in the configuration file as a flag that the variable following the secret
keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved as part
of the configuration file.
displays the encrypted keyword in the configuration file as a flag that the variable following the secret
keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved as part
of the configuration file.
description string
This is a description for the SPI. string must be an alpha and or numeric string of from 1 through 31 characters.
hash-algorithm
{ md5 | rfc2002-md5 }
Default: md5
Specifies the hash-algorithm used between the PDSN service and the PCF.
md5: Configures the hash-algorithm to implement MD5 per RFC 1321.
rfc2002-md5: Configures the hash-algorithm to implement keyed-MD5 per RFC 2002.
replay-protection
{ nonce | timestamp }
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the PDSN service.
nonce: Configures replay protection to be implemented using NONCE per RFC 2002.
timestamp: Configures replay protection to be implemented using timestamps per RFC 2002.
timestamp-tolerance tolerance
Default: 60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
zone zone_id
Specifies the different PCF zones to configure in PDSN service. Mapping of a zone-number to a set of PDSNs
can be done per PDSN service basis.
can be done per PDSN service basis.
zone_id must be an integer value between 1 and 32. A maximum of 32 PCF zones can be configured for a
PDSN service.
PDSN service.
Usage Guidelines
An SPI is a security mechanism configured and shared by the PCF and the PDSN service. Please refer to IOS
4.1 and RFC 2002 for additional information.
4.1 and RFC 2002 for additional information.
Multiple SPIs can be configured if the PDSN service is communicating with multiple PCFs.
Command Line Interface Reference, Modes I - Q, StarOS Release 19
1612
PDSN Service Configuration Mode Commands
spi