Cisco Cisco Packet Data Gateway (PDG)
HA Service Configuration Mode Commands
▀ authentication
▄ Command Line Interface Reference, StarOS Release 16
6066
imsi-auth
Enable uses the International Subscriber Mobile identity (IMSI) to determine if MN-AAA or MN-FAC
extensions are not present in the RRQ.
Default is disabled.
extensions are not present in the RRQ.
Default is disabled.
mn-aaa
{
allow-noauth
|
always
|
dereg-noauth | noauth
|
renew-reg-noauth |
renew-and-dereg-noauth }
Specifies how mobile node-to-AAA authentication extension in registration requests from the mobile node
should be handled by the HA service.
Default is always.
should be handled by the HA service.
Default is always.
allow-noauth
: Specifies that the HA service does not require authentication for every mobile node
registration request. However, if the mn-aaa extension is received, the HA service will authenticate it.
always
: Specifies that the HA service will perform authentication each time a mobile node registers.
dereg-noauth
: Disables authentication request upon de-registration.
noauth
: Specifies that the HA service will not look for mn-aaa extension and will not authenticate it.
renew-reg-noauth
: Specifies that the HA service will not perform authentication for mobile node re-
registrations. Initial registration and de-registration will be handled normally.
renew-and-dereg-noauth
: Disables authentication request upon re-registration and de-registration.
mn-ha
{
allow-noauth
|
always
}
Specifies whether the HA service looks for an MN-HA authentication extension in the RRQ.
Default is always.
Default is always.
allow-noauth
: Allows a request that does not contain the auth extension.
always
: A request should always contain the auth extension to be accepted.
pmip-auth
Specifies whether the HA service looks for an MN-HA authentication extension in the RRQ.
Default is always.
Default is always.
allow-noauth
: Allows a request that does not contain the auth extension.
always
: A request should always contain the auth extension to be accepted.
stale-key-disconnect
If MN-HA auth fails for MIP renew and dereg, disconnects the call immediately.
Disabled by default.
Disabled by default.
Usage
The
authentication
command, combined with a keyword, can be used to specify how the system will
perform authentication of registration request messages.
Example
The following command configures the HA service to always perform mobile node authentication for every
registration request.
registration request.
authentication mn-aaa always
The following command configures the HA service to always look for an MN-HA authentication extension in
the RRQ.
the RRQ.
authentication mn-ha always