Cisco Cisco Packet Data Gateway (PDG) Manual De Manutenção
Configuration Management
Generally Available 06-30-2010
3-130
PDIF Commands - Modified in Release 8.1
The PDIF commands documented in this section are only available in Release 8.1.
aaa attribute
PDIF decides the radius attributes values and inclusion/exclusion criteria normally through
configured radius dictionaries. However, generation of each new dictionary requires a new
ST40 PDIF image. The above command is an exception for specifying the required values
for the attribute without building a new software image. 3gpp2-serving-pcf is an addition to
the existing aaa attribute CLI under PDIF-service config mode.
configured radius dictionaries. However, generation of each new dictionary requires a new
ST40 PDIF image. The above command is an exception for specifying the required values
for the attribute without building a new software image. 3gpp2-serving-pcf is an addition to
the existing aaa attribute CLI under PDIF-service config mode.
CLI (Config PDIF Service Config Mode)
[ no ] aaa attribute 3gpp2-serving-pcf <ip-address>
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.
aaa authentication
Sets the aaa authentication for first and second phase authentication when multiple
authentication is configured on the system. Two phase-authentication happens in IKEv2
setup for setting up the IPSec session. The first authentication uses Diameter AAA EAP
method and second authentication uses RADIUS AAA authentication. The same AAA
context may be used for both authentications. PDIF service allows you to specify only a
single AAA group, which could normally be used for the first authentication method.
authentication is configured on the system. Two phase-authentication happens in IKEv2
setup for setting up the IPSec session. The first authentication uses Diameter AAA EAP
method and second authentication uses RADIUS AAA authentication. The same AAA
context may be used for both authentications. PDIF service allows you to specify only a
single AAA group, which could normally be used for the first authentication method.
A given AAA group only supports either Diameter or RADIUS authentication. If the NAI
in the first authentication is different from NAI in the second authentication each NAI can
point to a different domain profile in the PDIF. Each domain profile may be configured with
each AAA group, one for Diameter and the other for RADIUS.
in the first authentication is different from NAI in the second authentication each NAI can
point to a different domain profile in the PDIF. Each domain profile may be configured with
each AAA group, one for Diameter and the other for RADIUS.
CLI (PDIF Service Config Mode)
aaa authentication { { first-phase | second-phase } |
{ context-name name aaa-group name } }
no aaa authentication [ first-phase | second-phase ]
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.
authentication
The authentication command has a new keyword
gateway
to configure the pre-shared
gateway key. The key is either encrypted or clear.
There is also a new keyword
second-phase eap-profile
for installations using multiple
authentication and need to configure a second EAP profile
CLI (Crypto Template Config Mode
gateway { encrypted key value | key value }
authentication eap-profile name [ second-phase eap-profile name ]