для Cisco Cisco Packet Data Gateway (PDG)
ADC Changes in Release 17
ADC Enhancements for 17.5 ▀
Release Change Reference, StarOS Release 17 ▄
89
Command Changes
tls
The new
tls
CLI command is added in the ACS Ruledef Configuration mode to configure TLS/SSL Server Name
Indication (SNI) and the corresponding custom defined protocol (CDP).
configure
active-charging service service_name
ruledef ruledef_name
[ no ] tls { set-app-proto cdp_name_string | sni operator server_name_string }
end
Notes:
set-app-proto cdp_name_string
: Specifies the name of the custom defined protocol for TLS/SSL flows
matching the ruledef.
cdp_name_string
must be an alphanumeric string of 1 through 19 characters.
sni operator server_name_string
: Specifies the TLS/SSL Server Name Indication (SNI) field value in
the SSL Client Hello packet.
operator
: Specifies how to match and must be one of the following:
!=
: Does not equal
The
!=
operator in the TLS SNI rule results in non-optimized rule.
=
: Equals
contains
: Contains
ends-with
: Ends with
starts-with
: Starts with
server_name_string
: Specifies the server name and must be an alphanumeric string of 1 through 127
characters.
The following commands must be configured for SNI rules to work:
Enable SSL protocol in the Active Charging Service configuration:
[local]P2P_SSl(config-acs)# p2p-detection protocol ssl
If the
p2p-detection protocol all
CLI command is enabled in the Active Charging Service
configuration, then the
ssl
keyword need not be enabled again as it will be already enabled with the
all
keyword.
The
ssl
protocol is available only in Plugin releases 1.142.526 and later.
Enable P2P in the ACS Rulebase configuration:
[local]P2P_SSl(config-rule-base)# p2p dynamic-flow-detection
The action priority for SNI ruledef must be configured in the rulebase similar to other ruledefs.