Adc-avpair = usereds-enc-key=EDS encryption key | ADC SG-1 specification

Appendix A: SG-1Vendor-Specific Attributes

June 30, 2006

user:eds-enc-key sub-attribute

The user:eds-enc-key sub-attribute contains an encryption key for EDS operation. The encryption key should be exactly 16 characters long, comprised solely of characters from the set (“0 - 9”, “a - f”, “A - F”). Every two characters in the key represent a hexadecimal byte. The bytes should be DES key legal, i.e. each containing an odd number of '1' bits. This key is being used in DES encryption and decryption of the EDS USERPASS field, and overwrites the configured EDS encryption key. The encryption key maximum length is 64 characters. This key is being used in the EDS encryption and decryption and overwrites the configured EDS encryption key. The user:eds-enc-key sub- attribute is operated in hierarchy mode and supports both user and service levels.

General:

Operation Mode: Access-Accept message

Service-Accept message

Vendor-type: 22

Vendor-length = 2 + (1-64) + attribute-name length

Format:

adc-avpair = "user:eds-enc-key=<EDS encryption key>",

Example:

adc-avpair = "user:eds-enc-key=02f804fea90102f8",

user:eds-cookie sub-attribute

The user:eds-cookie sub-attribute contains a user eds cookie data information, a string of maximum size of 64haracters. It is available to be sent by the Radius server to the system in an Access-Accept or Service-Accept messages. The system SHOULD send it unmodified to the Radius server as part of the Authentication and Accounting-Requests packets. This sub-attribute is operated in hierarchy mode and supports both user and service levels. This attribute can also be updated by the SSC (see EDS architecture document).

Operation Mode: Access-Accept message

Service-Request message

Vendor-type: 23

Vendor-length = 2 + (1-64) + attribute-name length

Format:

adc-avpair = "user:eds-cookie=<user eds cookie>",

Example:

adc-avpair = "user:eds-cookie=rt123456",

A-14	SG1-UM-8500-03

Image 172

ADC SG-1 user manual Adc-avpair = usereds-enc-key=EDS encryption key, Adc-avpair = usereds-enc-key=02f804fea90102f8

Contents

SG-1 Service Gateway System Revision History Table of Contents Table of ContentsJune 30 SG1-UM-8500-03 June 30, 2006Table of Contents Appendix B Redirection Server Table of Contents June 30 SG1-UM-8500-03 List of Figures SG1-UM-8500-03 Vii List of Figures June 30 Viii SG1-UM-8500-03 List of Tables List of Tables June 30 SG1-UM-8500-03 Introduction OrganizationIntended Audience Chapter Description Conventions EU ComplianceInspecting Your Shipment Element Meaning Features Chapter Method of Procedure Before YOU BeginSite Preparations Overview June 30 Unpacking and Checking the Contents of Your Shipment Packing List System Installation NotesNumber Required Tools and Equipment Specific SG-1 Chassis Installation RequirementsLocation Requirements Power Requirements Blank Faceplate RequirementEnvironmental Requirements System Cabling Requirements Configuration Port Cabling Chassis Ground and Power CablingNetwork Cabling Overview June 30 SG1-UM-8500-03 Connecting the Power Source Connecting the SG-1 Chassis GroundMounting the SG-1 Chassis Installing Interface Cables Installation June 30Connecting AC Power to an SG-1 AC Chassis Connecting Network Cards June 30 Installation Straight-Through and Cross-Over Cable Pin-Outs Connecting the Craft Port Interface Powering UP the SG-1Installing Cards and Blank Faceplates Connecting to an Ethernet Port Installing Blank Faceplates Serial Cable Installation June 30 SG1-UM-8500-03 Overview SG-1 Sub-Menus and Associated Commands Types of CommandsUnderstanding the Interface Structure Commands and Navigation Menu Types of CommandsGeneral Commands Enter the following command Command Path Navigation June 30 Command-Line Interface CLI COMMAND-LINE EditingNavigation Commands Use This Feature Command-Line Interface CLI June 30 SG1-UM-8500-03 Default Username/Password Authority Connecting to the Craft PortLogging on to the Craft Port Setting the IP Address Accessing the Command Line Interface June 30Host configure terminal Hostconfig# interface ethernet Write memory Ethernet Mode ParametersInterface Identification Card/Type Slot/Port Value Explanation Host show configuration Displaying the IP Address Configuring the SG-1 \users\defaulttelnetLogging on Logging OFF Using the Command Line Interface June 30 What to do Next FIRST-LEVEL Commands Using the Grep command System-command grep stringUsing the ? command Showing a List of Available Parameters Using the show ? command June 30 First-Level Commands ExamplesHost show ? Using the show version command Host show versionShow version softwarehardwarepack Show version software SCC Show version hardware Host show version Software Module Num Application 650003 8200935 Host Displaying the configuration in Nvram Show configuration June 30, 2006Chapter 6 First-Level Commands Examples Ip local-pool pool1 162.10.1.1 162.10.1.254 internal Ip domain-name POPmaestro Displaying Ethernet port configurations Host show terminalDisplaying Ethernet Port Statistics Host show ethernet 0 \ First-Level Commands June 30 Examples Displaying Sonet port status Host show port sonetShow port sonet Host show port sonet Host show atm pvc Displaying ATM Port StatusShow atm pvc Displaying User Status Host show userShow crnumber Number First-Level Commands June 30 Displaying System Administrators Displaying Routing TablesHost show ip-route Show ip-route Displaying System Parameters Host show systemShow system Show system load Load June 30 First-Level Commands Host show license Displaying License AttributesShow license DATE=December 22 2005 160357 Version SN1=6046838 First-Level Commands June 30 Host show vrrp interface Displaying Vrrp attributesEthernetvlan Displaying active GRE and IP-in-IP tunnels Host show ip-tunnel 10.10.1.20 Displaying show mpls-labels commands Host show mpls-labels Host show labels vc VC Type Group ID Label Tunnel Endpoint Upper stack FEC ID0xc2010000 123876 192.0.1.8 0xc2010001 1034 212.1.3.4 Displaying show mpls l2transport vc commands Displaying a list of available write commandsHost show mpls l2transport vc Host write ? June 30 First-Level Commands Examples Using the ping command to test network connectivity Using the copy-TFTP commandHost copy-TFTP flash Atm Atm slot numberAtm atm port number Atm sub-interface number Using the reload command to restart the system Host reload non-graceful Resetting the system in 10 secondsHost reload non-graceful Reload non-graceful Clearing Users Host clear userClear user line number Line number Using the Traceroute Command Host tracerouteTraceroute ip address -h number -i seconds Seconds Using the exit command Exit Switching to Debug Mode Using Debug ModeHost debug Using the show command in debug mode Hostdebug# showShow memory system log-modules statistics arp System First-Level Commands June 30 Examples Group Error Event Trace Name Min Max Module Group Error Event Event Trace Name Min Max Show arp command Clear arp command Clear arp arp-specific ifindexNetAddress Parameters Show memory Defining port-ethernet redundancy-mode command Hostdebug# port-ethernet redundancy-modeDefining the Sonet port source clock Hostdebug# port sonet source-clock Radius-server check user-name password auth-type PAP Checking the system Radius interfaceHostdebug# radius-server check User-name First-Level Commands June 30 SG1-UM-8500-03 Second Level Commands Using the configure command Second Level Commands June 30 Examples Ethernet Commands Banner CommandHostconfig# banner command Ethernet mode Second Level Commands June 30Configure Ethernet Ports Card Type Slot\Port Ethernet Operating Mode Hostconfig# no interface EthernetHostconfig# no interface Ethernet 0\1 No interface Ethernet slot number\port number Using the port-ethernet redundancy-enable command Configuring Ethernet RedundancyHostconfig# port-ethernet redundancy-enable June 30 Second Level Commands Examples Using the no port-ethernet redundancy-enable commandHostconfig# no port-ethernet redundancy-enable Hostconfig# no port-ethernet redundancy-enable 1\1 1\2 Loopback Commands Configuring interface loopbackHostconfig# interface loopback Interface loopback interface number IP address mask Vlan Commands Hostconfig# no interface loopbackConfiguring the Vlan Hostconfig# interface vlan Vlan id Second Level Commands June 30 UsageVlan name Authentication Commands Hostconfig# no interface vlanUsing the password pre-authentication command Hostconfig# password pre-authentication Setting the default-service authentication mode Hostconfig# def-service-authDef-service-auth command parameters Hostconfig# def-service-auth ppp-auto Changing domain authentication settings Hostconfig# domain-authenticationDomain-authentication separator @# then press Enter No domain-authentication then press Enter ATM Commands Second Level Commands June 30 ExampleHostconfig# no authentication web-auth-method Using the port sonet command Configuring SONET/SDH port redundancy Hostconfig# port sonet redundancy-enable Hostconfig# interface Using the pppoa enable command Hostconfig# pppoa enable interface Using the interface atm command HostConfig# no pppoa enable interfaceHostconfig# interface atm Hostconfig# no interface atm Interface atm command parametersParameter Description Legal values/range Configuring a single PVC Hostconfig# atm pvcVpi Vci Configuring a range of PVC’s Hostconfig# atm pvc range Configuring the Radius server in the SG-1 configuration Hostconfig# radius-serverConfiguring the Radius server host Hostconfig# radius-server host Hostconfig# radius-proxy client Configuring the Radius proxy for native IPRadius-proxy client parameters Parameter Description Values Using the service cache command Hostconfig# service cacheService cache offon aging-time minutes Using the ip radius source-interface command Access List Commands Hostconfig# no ip radius source-interfaceHostconfig# access list No ip radius source-interface Hostconfig# access-list SNMP-permit 25.3.2.251 Using the access-list native-ip commandHostcongfig# access-list native-ip Access-listnative-ipsource ip address source mask Hostcongfig# no access-list native-ip No access-list native-ip source ip addressUsing the access-list native-ip-pass-through command Hostcongfig# access-list native-ip-pass-through Snmp Commands Hostcongfig# no access-list native-ip-pass-throughNo access-list native-ip-pass-through source ip address Using the SNMP-server community Using the SNMP-server trap-source-int Hostconfig# SNMP-server trap-source-int Tunnel Commands Hostconfig# interface tunnel Hostconfig# no interface tunnel Setting the no interface tunnel commandNo interface tunnel interface number Using the ip tunnel echo command Hostconfig# ip tunnel echoIp tunnel echo echo source IP address Echo source ip address Timeouts Commands Setting the Session-TimeoutSetting the Idle-Timeout Idle-timeout command Native IP Commands Hostconfig# native-ip dhcp pre-auth-modeHostconfig# native-ip def-service-auth Native-ip def-service-auth service name Using the native-ip enable command Hostconfig# native-ip enable interface Hostconfig# no native-ip enable interface Using the no native-ip enable commandHostconfig# no native-ip enable Vlan 1\1\9 Hostconfig# native-ip realm Hostconfig# no native-ip realmHostconfig# native-ip raoming Native-ip realm realm string Hostconfig# no native-ip roaming No native-ip roaming Using the ip tcp adjust-mss command Hostconfig# ip tcp adjust-mssIp tcp adjust-mss on off Hostconfig# ip tcp adjust-mss on L2TP and PPP Commands Hostconfig# ip primary-name-server Hostconfig# ip secondary-name-serverHostconfig# tunnel-server Ip primary-name-server IP address Setting multi-link mode Hostconfig# multilink-modeHostconfig# ip local-pool Defining an address pool Hostconfig# lcp renegotiate Using the lcp renegotiate commandLcp renegotiate or no lcp renegotiate Using the lcp echo command Hostconfig# lcp echo Using the service internal command Hostconfig# service internal Usage Scenarios SG-1 as xDSL aggregator using ATM network PPPoE support Using the pppoe enable command Hostconfig# pppoe enable interfaceUsing the no pppoe enable command Hostconfig# no pppoe enable interface Dhcp Commands Using the ip dhcp relay server commandHostconfig# ip dhcp relay server Using the no ip dhcp relay server command Using the no ip dhcp relay information option command Hostconfig# ip dhcp relay information optionHostconfig# no ip dhcp relay information option Hostconfig# ip dhcp relay advertise-protocol Hostconfig# ip dhcp relay agent-id-overwrite interfaceIp dhcp relay advertise-protocol rip ospf Igmp Commands Using the ip igmp proxy commandHostconfig# ip igmp proxy upstream-interface Using the no ip igmp proxy command Routing Command Hostconfig# ip forwardIp forward Hostconfig# no ip forward Hostconfig# ip route Tunnel interface ip Route network 192.168.4.0 to Loopback interface Hostconfig# no ip route Using the ip default-gateway commandHostconfig# ip default-gateway Hostconfig# no ip default-gateway No ip default-gateway Using the router commandHostconfig# router Using the router id command Hostconfig# no router Hostconfig# ip rip authentication keyIp rip authentication key key name Hostconfig# ip ospf interface ... area Hostconfig# no ip ospf interface Using the ip ospf interface hello-interval commandHostconfig# ip ospf interface ... hello-interval Hostconfig# no ip ospf interface ... hello-interval Using the ip ospf interface dead-interval command Hostconfig# ip ospf interface ... dead-intervalHostconfig# no ip ospf interface ... dead-interval Using the ip ospf interface authentication command Using the ip ospf interface authentication-key command Hostconfig# ip ospf interface ... authentication-keyHostconfig# no ip ospf interface ... authentication-key Simple-pass message-digest null Using the ip ospf interface message-digest-key command Hostconfig# no ip ospf interface ... message-digest-keyUsing the no ip ospf interface message-digest-key command Keyid Hostconfig# ip ospf area Hostconfig# no ip ospf area ... stubHostconfig# ip ospf advertise network No ip ospf area area-idstub Hostconfig# no ip ospf advertise network Using the mpls ip interface commandHostconfig# mpls ip interface Hostconfig# no mpls ip interface Using the mpls l2transport interface command Hostconfig# no mpls ip Ethernet 0\1Hostconfig# mpls l2transport interface Hostconfig# no mpls l2transport interface Hostconfig# no mpls l2transport interface 194.90.1.4Using mpls l2transport route command Hostconfig# mpls l2transport route interface Using the no mpls l2transport route command Hostconfig# no mpls l2transport route interface Hostconfig# mpls ip default-route Mpls ip default-routeHostconfig# no mpls ip default-route No mpls ip default-route 17. vrrp command parameters Ethernet VlanPriority value On off June 30 Second Level Commands Example 1 SCC1 configuration Second Level Commands June 30 Using the no vrrp command Hostconfig# no vrrp interfaceHostconfig# no vrrp interface Ethernet 0\1 Using the vrrp preempt command Debug Commands Hostconfig# vrrp preempt interface Vlan 1\2 7 enableConfigure watchdog Config-debug# watchdog-TimeValue Configure time server Config-debug# time-server-ipConfigure error level commands Config-debug# error-level June 30 Second Level Commands Example Set-all Debug modules Vrrp Mpls Debug groups Trace commands Config-debug# trace Configure Config-debug# sysLog-server-ipConfig-debug# exit Example Config-debug# exit cr Host Example Config-debug# end cr config# SG1-UM-8500-03 Vendor-Specific Attributes Table Table A-1. Vendor-Specific Attribute ListAttribute First Num Attribute Name Group Introduced Description Appendix a SG-1Vendor-Specific Attributes June 30 June 30 Appendix a SG-1Vendor-Specific Attributes Radius Appendix a SG-1Vendor-Specific Attributes June 30 June 30 Appendix a SG-1Vendor-Specific Attributes Hierarchical Attribute Mode Authentication Response Type Accounting BehaviorUser Group Useraccounting sub-attribute Useraccounting=disable Useraccounting=enableScenario Action Radius definition Accounting Behavior General Userorig-name sub-attribute Adc-avpair = userorig-name=original user nameAdc-avpair = userorig-name=test Userauth-type sub-attribute Adc-avpair = userauth-type=pre-auth June 30 Appendix a SG-1Vendor-Specific Attributes GeneralUseraction sub-attribute User service-name sub-attribute Adc-avpair = useraction=RejectUser SSC-host sub-attribute Adc-avpair = userSSC-host=SSC host IP address Adc-avpair = userservice-name=SRV1 Adc-avpair = userservice-name=service nameUserpersonal-site sub-attribute Adc-avpair = userpersonal-site=site URL Adc-avpair = usermac-address=User MAC addressAdc-avpair = usermac-address=00022d386dbe Adc-avpair = usergroup=group number Usermax-allowed-sessions sub-attribute Adc-avpair = usermax-allowed-sessions=1Userclass sub-attribute Adc-avpair = userclass=user class data Adc-avpair = usereds-enc-key=EDS encryption key Adc-avpair = usereds-enc-key=02f804fea90102f8Adc-avpair = usereds-cookie=user eds cookie Adc-avpair = usereds-cookie=rt123456 Adc-avpair = useroriginal-url-prefix=prefixed string Useroriginal-url-prefix sub-attributeAdc-avpair = useroriginal-url-prefix=?url= Dhcp Group Dhcpdhcp-server sub-attributeAdc-avpair = dhcpdhcp-server=DHCP Server IP Adc-avpair = dhcpdhcp-server=194.90.1.5 Adc-avpair = dhcpdiscover-action=normal update Adc-avpair = dhcpdiscover-action=updateDhcpopt82-relay-remote-id sub-attribute Adc-avpair = dhcpopt82-relay-remote-id=01844400660300 Service Group Adc-avpair = serviceservice-timeout=timeout in secondsAdc-avpair = serviceservice-timeout=500 Protocol Group Adc-avpair = servicenext-service-name=service name Adc-avpair = servicenext-service-name=SRV12Adc-avpair = serviceauto-service-name=service name Adc-avpair = serviceauto-service-name=SRV12 Serviceauth-source Adc-avpair = serviceauth-source=service user CLIAdc-avpair = serviceauth-source=CLI Servicedata-quota Adc-avpair = servicedata-quota=5000000 Servicedata-quota-usedAdc-avpair = servicedata-quota-used=5000000 Serviceacl-data-quota Adc-avpair = serviceacl-data-quota=1015000000 Serviceservice-cacheAdc-avpair = serviceservice-cache=off Serviceacl-data-quota-used Adc-avpair = serviceacl-data-quota-used=video5000000 Serviceacl-packet-quota ADC-avpair = serviceacl-packet-quota=mail100300 Serviceacl-packet-quota-used Serviceroaming Adc-avpair = serviceacl-packet-quota-used=mail100245Adc-avpair = serviceroaming=disable Adc-avpair = routenext-hop=Next-hopIP address Route GroupAdc-avpair = routenext-hop=192.168.1.23 Adc-avpair = routenip-pipe-next-hop=Next-hop IP address Adc-avpair = routenip-pipe-next-hop=192.168.1.23Adc-avpair = routeadvertise-protocol=ripv2 ospf Adc-avpair = routeadvertise-protocol=ospf Adc-avpair = routeforward-addr=IP address Adc-avpair = routeforward-addr=192.168.1.4 Adc-avpair = vpdntunnel-id=username Vpdn GroupAdc-avpair = vpdntunnel-id=test Adc-avpair = vpdnl2tp-tunnel-password=password Adc-avpair = vpdnl2tp-tunnel-password=testAdc-avpair = vpdnip-address=x.x.x.x Adc-avpair = vpdnip-address=192.168.4.3 Vpdntunnel-client-ip-address Vpdnnativeip sub-attribute Gcon-avpair = vpdnnativeip=pppVpdnip-tunnel sub attribute Adc-avpair = vpdnip-tunnel=gre192.168.1.34 Gcon-avpair = qosup-mean-rate=up mean rate in Kbits QOS GroupGcon-avpair = qosup-mean-rate=128 Adc-avpair = qoscos=access-list nameCOS value Adc-avpair = qosacl-up-mean-rate=acl1128Qosacl-down-mean-rate sub attribute Adc-avpair = qosacl-down-mean-rate=acl1256 Qosacl-priority sub attribute Adc-avpair = qosacl-priority=acl11 DNS Group Dnsip-primaryAdc-avpair = dnsip-primary=Primary DNS IP Adc-avpair = dnsip-primary=194.90.1.5 Using password command Appendix B Password user type password Using default-redirection-site commandDefault-redirection-site URL name RDSHost configure terminal cr Orup Commands Using Orup Original Requested URL PrefixUsing orup-active command Using no orup-active command Service Name Commands Using service-name commandService-name service name No service-name Tftp Commands Using copy-TFTP commandJune 30 Appendix B Redirection Server Usage Event-level NUM output-device Logging media Example 2 Unsuccessful software download Using copy-TFTP flash def-redirection-page commandCopy-TFTP flash def-redirection-page IP address File name Parameter sysLog server IP Using sysLog-server-ip commandRDSHost sysLog-server-ip 192.168.1.8 cr Show Commands Using show version command Using show configuration command Show configurationUsing show system command June 30 Appendix B Redirection Server Example Using interface Ethernet command Appendix B Redirection Server June 30 Example Hostconfig# no interface Ethernet 1 cr No interface Ethernet Interface number Default Gateway Commands Using ip default-gateway commandUsing no ip default-gateway command No ip default-gateway Using Reload Command FormatParameter non-graceful RDSHost RDSHost reload non-graceful Using write terminal command Write CommandsWrite terminal Using Poweroff Command Using write memory commandPoweroff Using access-list SNMP-permit command Using no access-list SNMP-permit command No access-list SNMP-permit IP addressUsing SNMP-server community command Appendix B Redirection Server June 30 Parameters IP address Using Reset Configuration Command Http CommandsReset configuration Using http-proxy-server port command Using no http-proxy-server port command Http-proxy-server port port numberParameter port number No http-proxy-server port port number Using ip primary-name-server command Name ServerIp primary-name-server IP address RDSHost write terminal cr Ip dns server Using ip remote-proxy command RDSHostconfig ip remote-proxy192.168.1.4 8080 crUsing no ip remote-proxy command RDSHost write terminal cr Ip remote-proxy 192.168.1.4 Using Hostname Command RDSHostconfig hostname rdstest cr RDSHost write terminal crHostname rdstest Eds-url-identity eds url name No eds-url-identity Using remote-ip-in-ip commandRemote-ip-in-ip IP address Using no remote-ip-in-ip command No remote-ip-in-ip IP address Show User Commands Using show users commandUsing show proc command Using show memory command Using Debug Protocol Command Using Rest WEB CommandReset web Show cpu Using Date Command RDSHostADC date 180730 10/02/2002 cr Sales Assistance Systems IntegrationADC Technical Assistance Center 800.366.3891 Appendix C Product Support June 30 SG1-UM-8500-03 Glossary SG1-UM-8500-03 GL-1 Glossary June 30 GL-2 SG1-UM-8500-03 Certification and Warranty World Headquarters For Technical Assistance