для Cisco Cisco Packet Data Gateway (PDG)
ECS Changes in Release 17
▀ ECS Enhancements for 17.0
▄ Release Change Reference, StarOS Release 17
146
Installs Succeeded
Installs Failed
Total Override Control
show active-charging subscribers callid
<call_id>
override-control
This is a new show CLI command for displaying the override being applied for the subscriber:
show active-charging service all
The following fields are newly added to the output of this show command:
Override Control
Supported parameters
Charging Parameters
Policy Parameters
CSCum52736 - Dual Factor Authentication – Radius Based (MPN)
Applicable Products: GGSN, P-GW, PDSN
Feature Changes
RADIUS Based Dual Factor Authentication For Mobile Private Network
Dual Factor Authentication has been implemented for Mobile Private Network’s (MPN’s) mobile devices, most
typically for terminals like lottery machine devices, ATMs, and so on. For security reasons, this DFA procedure is
followed before traffic can flow normally. The first level authentication happens as part of call setup using RADIUS.
While the call is established, the pre-DFA-rulebase that has the configuration to allow only RADIUS and ICMP traffic
is used; rest of the traffic is dropped. Until then all the normal traffic is denied and is resumed only after the additional
RADIUS based authentication is successful.
typically for terminals like lottery machine devices, ATMs, and so on. For security reasons, this DFA procedure is
followed before traffic can flow normally. The first level authentication happens as part of call setup using RADIUS.
While the call is established, the pre-DFA-rulebase that has the configuration to allow only RADIUS and ICMP traffic
is used; rest of the traffic is dropped. Until then all the normal traffic is denied and is resumed only after the additional
RADIUS based authentication is successful.
The success of RADIUS authentication is determined by a RADIUS analyzer. This analyzer understands the
authentication requests and responses especially ‘Access-Request’ and ‘Access-Accept’. Whenever the RADIUS
‘Access-Request’ message is matched with ‘Access-Accept’ message, the rulebase is changed to new rulebase called
Post-DFA-rulebase and the existing dedicated bearers are deleted and the same is informed to PCRF. The RADIUS
analyzer does not analyze any other message but only the ‘Access-Request’, ‘Access-Accept’, and the ‘Access-Reject’.
authentication requests and responses especially ‘Access-Request’ and ‘Access-Accept’. Whenever the RADIUS
‘Access-Request’ message is matched with ‘Access-Accept’ message, the rulebase is changed to new rulebase called
Post-DFA-rulebase and the existing dedicated bearers are deleted and the same is informed to PCRF. The RADIUS
analyzer does not analyze any other message but only the ‘Access-Request’, ‘Access-Accept’, and the ‘Access-Reject’.
Command Changes
radius
This is a new command to configure the RADIUS analyzer. This command is available at the charging ruledef level.
configure
require active-charging