Vpdn Group, Adc-avpair = vpdntunnel-id=username | ADC SG-1 specification

June 30, 2006

Appendix A: SG-1Vendor-Specific Attributes

route:acl-tcp-nat-redirect attribute

The route:acl-tcp-nat-redirect attribute defines a destination IP address to which the system should TCP redirect all session packets. In this case the system should perform NAT redirection for all TCP packets that meet the access- list definition (replacing the destination IP for upstream traffic and replacing it back for the downstream traffic). The network address translation is performed on the last destination of an upstream packet belonging to this access list flow. This sub-attribute is operated in hierarchy mode and supports both user and service levels.

General:

Operation Mode:	Access-Accept message
	Service-Accept message
Vendor-type:	75
Vendor-length =	2 + 7-15 + attribute length

Format:

adc-avpair = "route:acl-tcp-nat-redirect=<access list name>;<IP address>",

Example:

adc-avpair = "route:acl-tcp-nat-redirect=SMTP;192.168.1.4”

VPDN GROUP

vpdn:tunnel-id attribute

This attribute defines the tunnel ID, used for LAC purpose. This attribute is mandatory for opening a tunnel session.

General:

Operation Mode:

Access- Accept message

Vendor-type: 80

Vendor-length = 2 + name length + (1 - 64)

Format:

adc-avpair = "vpdn:tunnel-id=<username>",

Example:

adc-avpair = "vpdn:tunnel-id=test",

vpdn:l2tp-tunnel-password attribute

This Attribute contains a password to be used to authenticate to a remote server. This attribute is mandatory for opening a tunnel session.

SG1-UM-8500-03

A-29

Image 187

ADC SG-1 user manual Vpdn Group, Adc-avpair = vpdntunnel-id=username, Adc-avpair = vpdntunnel-id=test

Contents

SG-1 Service Gateway System Revision History Table of Contents SG1-UM-8500-03 Table of ContentsJune 30 Appendix B Redirection Server June 30, 2006Table of Contents Table of Contents June 30 SG1-UM-8500-03 SG1-UM-8500-03 Vii List of Figures List of Figures June 30 Viii SG1-UM-8500-03 List of Tables List of Tables June 30 SG1-UM-8500-03 Chapter Description IntroductionOrganization Intended Audience Element Meaning ConventionsEU Compliance Inspecting Your Shipment Chapter Features Overview June 30 Method of ProcedureBefore YOU Begin Site Preparations Unpacking and Checking the Contents of Your Shipment Packing List System Installation NotesNumber Required Tools and Equipment Specific SG-1 Chassis Installation RequirementsLocation Requirements System Cabling Requirements Power RequirementsBlank Faceplate Requirement Environmental Requirements Configuration Port Cabling Chassis Ground and Power CablingNetwork Cabling Overview June 30 SG1-UM-8500-03 Connecting the Power Source Connecting the SG-1 Chassis GroundMounting the SG-1 Chassis Connecting Network Cards Installing Interface CablesInstallation June 30 Connecting AC Power to an SG-1 AC Chassis Straight-Through and Cross-Over Cable Pin-Outs June 30 Installation Connecting to an Ethernet Port Connecting the Craft Port InterfacePowering UP the SG-1 Installing Cards and Blank Faceplates Serial Cable Installing Blank Faceplates Installation June 30 SG1-UM-8500-03 Overview SG-1 Sub-Menus and Associated Commands Types of CommandsUnderstanding the Interface Structure Command Path Navigation Commands and NavigationMenu Types of Commands General Commands Enter the following command June 30 Command-Line Interface CLI COMMAND-LINE EditingNavigation Commands Use This Feature Command-Line Interface CLI June 30 SG1-UM-8500-03 Default Username/Password Authority Connecting to the Craft PortLogging on to the Craft Port Write memory Setting the IP AddressAccessing the Command Line Interface June 30 Host configure terminal Hostconfig# interface ethernet Value Explanation Ethernet ModeParameters Interface Identification Card/Type Slot/Port Displaying the IP Address Host show configuration Logging OFF Configuring the SG-1\users\defaulttelnet Logging on What to do Next Using the Command Line Interface June 30 FIRST-LEVEL Commands Showing a List of Available Parameters Using the Grep commandSystem-command grep string Using the ? command Using the show ? command June 30 First-Level Commands ExamplesHost show ? Show version software SCC Show version hardware Using the show version commandHost show version Show version softwarehardwarepack 650003 8200935 Host Host show version Software Module Num Application Show configuration Displaying the configuration in Nvram June 30, 2006Chapter 6 First-Level Commands Examples Ip domain-name POPmaestro Ip local-pool pool1 162.10.1.1 162.10.1.254 internal Host show ethernet 0 \ Displaying Ethernet port configurationsHost show terminal Displaying Ethernet Port Statistics First-Level Commands June 30 Examples Host show port sonet Displaying Sonet port statusHost show port sonet Show port sonet Host show atm pvc Displaying ATM Port StatusShow atm pvc Number Displaying User StatusHost show user Show crnumber First-Level Commands June 30 Show ip-route Displaying System AdministratorsDisplaying Routing Tables Host show ip-route Load Displaying System ParametersHost show system Show system Show system load June 30 First-Level Commands Host show license Displaying License AttributesShow license SN1=6046838 DATE=December 22 2005 160357 Version First-Level Commands June 30 Host show vrrp interface Displaying Vrrp attributesEthernetvlan Host show ip-tunnel Displaying active GRE and IP-in-IP tunnels 10.10.1.20 Host show mpls-labels Displaying show mpls-labels commands 0xc2010001 1034 212.1.3.4 Host show labels vcVC Type Group ID Label Tunnel Endpoint Upper stack FEC ID 0xc2010000 123876 192.0.1.8 Host write ? Displaying show mpls l2transport vc commandsDisplaying a list of available write commands Host show mpls l2transport vc June 30 First-Level Commands Examples Using the ping command to test network connectivity Using the copy-TFTP commandHost copy-TFTP flash Atm sub-interface number AtmAtm slot number Atm atm port number Reload non-graceful Using the reload command to restart the systemHost reload non-graceful Resetting the system in 10 seconds Host reload non-graceful Line number Clearing UsersHost clear user Clear user line number Seconds Using the Traceroute CommandHost traceroute Traceroute ip address -h number -i seconds Exit Using the exit command Switching to Debug Mode Using Debug ModeHost debug System Using the show command in debug modeHostdebug# show Show memory system log-modules statistics arp First-Level Commands June 30 Examples Group Error Event Trace Name Min Max Module Group Error Event Event Trace Name Min Max Show arp command Clear arp arp-specific ifindexNetAddress Parameters Clear arp command Show memory Hostdebug# port sonet source-clock Defining port-ethernet redundancy-mode commandHostdebug# port-ethernet redundancy-mode Defining the Sonet port source clock User-name Radius-server check user-name password auth-type PAPChecking the system Radius interface Hostdebug# radius-server check First-Level Commands June 30 SG1-UM-8500-03 Using the configure command Second Level Commands Second Level Commands June 30 Examples Ethernet Commands Banner CommandHostconfig# banner command Ethernet mode Second Level Commands June 30Configure Ethernet Ports Card Type Slot\Port No interface Ethernet slot number\port number Ethernet Operating ModeHostconfig# no interface Ethernet Hostconfig# no interface Ethernet 0\1 Using the port-ethernet redundancy-enable command Configuring Ethernet RedundancyHostconfig# port-ethernet redundancy-enable Hostconfig# no port-ethernet redundancy-enable 1\1 1\2 June 30 Second Level Commands ExamplesUsing the no port-ethernet redundancy-enable command Hostconfig# no port-ethernet redundancy-enable Interface loopback interface number IP address mask Loopback CommandsConfiguring interface loopback Hostconfig# interface loopback Hostconfig# interface vlan Vlan CommandsHostconfig# no interface loopback Configuring the Vlan Vlan id Second Level Commands June 30 UsageVlan name Hostconfig# password pre-authentication Authentication CommandsHostconfig# no interface vlan Using the password pre-authentication command Hostconfig# def-service-auth ppp-auto Setting the default-service authentication modeHostconfig# def-service-auth Def-service-auth command parameters No domain-authentication then press Enter Changing domain authentication settingsHostconfig# domain-authentication Domain-authentication separator @# then press Enter Using the port sonet command ATM CommandsSecond Level Commands June 30 Example Hostconfig# no authentication web-auth-method Hostconfig# port sonet redundancy-enable Configuring SONET/SDH port redundancy Hostconfig# interface Hostconfig# pppoa enable interface Using the pppoa enable command Using the interface atm command HostConfig# no pppoa enable interfaceHostconfig# interface atm Hostconfig# no interface atm Interface atm command parametersParameter Description Legal values/range Vci Configuring a single PVCHostconfig# atm pvc Vpi Hostconfig# atm pvc range Configuring a range of PVC’s Hostconfig# radius-server host Configuring the Radius server in the SG-1 configurationHostconfig# radius-server Configuring the Radius server host Hostconfig# radius-proxy client Configuring the Radius proxy for native IPRadius-proxy client parameters Parameter Description Values Using the ip radius source-interface command Using the service cache commandHostconfig# service cache Service cache offon aging-time minutes No ip radius source-interface Access List CommandsHostconfig# no ip radius source-interface Hostconfig# access list Access-listnative-ipsource ip address source mask Hostconfig# access-list SNMP-permit 25.3.2.251Using the access-list native-ip command Hostcongfig# access-list native-ip Hostcongfig# access-list native-ip-pass-through Hostcongfig# no access-list native-ipNo access-list native-ip source ip address Using the access-list native-ip-pass-through command Using the SNMP-server community Snmp CommandsHostcongfig# no access-list native-ip-pass-through No access-list native-ip-pass-through source ip address Hostconfig# SNMP-server trap-source-int Using the SNMP-server trap-source-int Hostconfig# interface tunnel Tunnel Commands Hostconfig# no interface tunnel Setting the no interface tunnel commandNo interface tunnel interface number Echo source ip address Using the ip tunnel echo commandHostconfig# ip tunnel echo Ip tunnel echo echo source IP address Idle-timeout command Timeouts CommandsSetting the Session-Timeout Setting the Idle-Timeout Native-ip def-service-auth service name Native IP CommandsHostconfig# native-ip dhcp pre-auth-mode Hostconfig# native-ip def-service-auth Hostconfig# native-ip enable interface Using the native-ip enable command Hostconfig# no native-ip enable interface Using the no native-ip enable commandHostconfig# no native-ip enable Vlan 1\1\9 Native-ip realm realm string Hostconfig# native-ip realmHostconfig# no native-ip realm Hostconfig# native-ip raoming No native-ip roaming Hostconfig# no native-ip roaming Hostconfig# ip tcp adjust-mss on Using the ip tcp adjust-mss commandHostconfig# ip tcp adjust-mss Ip tcp adjust-mss on off L2TP and PPP Commands Ip primary-name-server IP address Hostconfig# ip primary-name-serverHostconfig# ip secondary-name-server Hostconfig# tunnel-server Defining an address pool Setting multi-link modeHostconfig# multilink-mode Hostconfig# ip local-pool Hostconfig# lcp renegotiate Using the lcp renegotiate commandLcp renegotiate or no lcp renegotiate Hostconfig# lcp echo Using the lcp echo command Hostconfig# service internal Using the service internal command PPPoE support Usage Scenarios SG-1 as xDSL aggregator using ATM network Hostconfig# no pppoe enable interface Using the pppoe enable commandHostconfig# pppoe enable interface Using the no pppoe enable command Using the no ip dhcp relay server command Dhcp CommandsUsing the ip dhcp relay server command Hostconfig# ip dhcp relay server Using the no ip dhcp relay information option command Hostconfig# ip dhcp relay information optionHostconfig# no ip dhcp relay information option Hostconfig# ip dhcp relay advertise-protocol Hostconfig# ip dhcp relay agent-id-overwrite interfaceIp dhcp relay advertise-protocol rip ospf Using the no ip igmp proxy command Igmp CommandsUsing the ip igmp proxy command Hostconfig# ip igmp proxy upstream-interface Hostconfig# ip route Routing CommandHostconfig# ip forward Ip forward Hostconfig# no ip forward Tunnel interface ip Route network 192.168.4.0 to Loopback interface Hostconfig# no ip default-gateway Hostconfig# no ip routeUsing the ip default-gateway command Hostconfig# ip default-gateway Using the router id command No ip default-gatewayUsing the router command Hostconfig# router Hostconfig# ip ospf interface ... area Hostconfig# no routerHostconfig# ip rip authentication key Ip rip authentication key key name Hostconfig# no ip ospf interface ... hello-interval Hostconfig# no ip ospf interfaceUsing the ip ospf interface hello-interval command Hostconfig# ip ospf interface ... hello-interval Using the ip ospf interface authentication command Using the ip ospf interface dead-interval commandHostconfig# ip ospf interface ... dead-interval Hostconfig# no ip ospf interface ... dead-interval Simple-pass message-digest null Using the ip ospf interface authentication-key commandHostconfig# ip ospf interface ... authentication-key Hostconfig# no ip ospf interface ... authentication-key Keyid Using the ip ospf interface message-digest-key commandHostconfig# no ip ospf interface ... message-digest-key Using the no ip ospf interface message-digest-key command No ip ospf area area-idstub Hostconfig# ip ospf areaHostconfig# no ip ospf area ... stub Hostconfig# ip ospf advertise network Hostconfig# no mpls ip interface Hostconfig# no ip ospf advertise networkUsing the mpls ip interface command Hostconfig# mpls ip interface Using the mpls l2transport interface command Hostconfig# no mpls ip Ethernet 0\1Hostconfig# mpls l2transport interface Hostconfig# mpls l2transport route interface Hostconfig# no mpls l2transport interfaceHostconfig# no mpls l2transport interface 194.90.1.4 Using mpls l2transport route command Hostconfig# no mpls l2transport route interface Using the no mpls l2transport route command No mpls ip default-route Hostconfig# mpls ip default-routeMpls ip default-route Hostconfig# no mpls ip default-route On off 17. vrrp command parametersEthernet Vlan Priority value June 30 Second Level Commands Example 1 SCC1 configuration Using the vrrp preempt command Second Level Commands June 30 Using the no vrrp commandHostconfig# no vrrp interface Hostconfig# no vrrp interface Ethernet 0\1 Config-debug# watchdog-TimeValue Debug CommandsHostconfig# vrrp preempt interface Vlan 1\2 7 enable Configure watchdog Config-debug# error-level Configure time serverConfig-debug# time-server-ip Configure error level commands Set-all June 30 Second Level Commands Example Vrrp Mpls Debug modules Debug groups Config-debug# trace Trace commands Example Config-debug# exit cr Host ConfigureConfig-debug# sysLog-server-ip Config-debug# exit Example Config-debug# end cr config# SG1-UM-8500-03 First Num Attribute Name Group Introduced Description Vendor-Specific Attributes TableTable A-1. Vendor-Specific Attribute List Attribute Appendix a SG-1Vendor-Specific Attributes June 30 Radius June 30 Appendix a SG-1Vendor-Specific Attributes Appendix a SG-1Vendor-Specific Attributes June 30 June 30 Appendix a SG-1Vendor-Specific Attributes Useraccounting sub-attribute Hierarchical Attribute ModeAuthentication Response Type Accounting Behavior User Group General Useraccounting=disableUseraccounting=enable Scenario Action Radius definition Accounting Behavior Userauth-type sub-attribute Userorig-name sub-attributeAdc-avpair = userorig-name=original user name Adc-avpair = userorig-name=test Adc-avpair = userauth-type=pre-auth June 30 Appendix a SG-1Vendor-Specific Attributes GeneralUseraction sub-attribute Adc-avpair = userSSC-host=SSC host IP address User service-name sub-attributeAdc-avpair = useraction=Reject User SSC-host sub-attribute Adc-avpair = userservice-name=SRV1 Adc-avpair = userservice-name=service nameUserpersonal-site sub-attribute Adc-avpair = usergroup=group number Adc-avpair = userpersonal-site=site URLAdc-avpair = usermac-address=User MAC address Adc-avpair = usermac-address=00022d386dbe Adc-avpair = userclass=user class data Usermax-allowed-sessions sub-attributeAdc-avpair = usermax-allowed-sessions=1 Userclass sub-attribute Adc-avpair = usereds-cookie=rt123456 Adc-avpair = usereds-enc-key=EDS encryption keyAdc-avpair = usereds-enc-key=02f804fea90102f8 Adc-avpair = usereds-cookie=user eds cookie Adc-avpair = useroriginal-url-prefix=prefixed string Useroriginal-url-prefix sub-attributeAdc-avpair = useroriginal-url-prefix=?url= Adc-avpair = dhcpdhcp-server=194.90.1.5 Dhcp GroupDhcpdhcp-server sub-attribute Adc-avpair = dhcpdhcp-server=DHCP Server IP Adc-avpair = dhcpopt82-relay-remote-id=01844400660300 Adc-avpair = dhcpdiscover-action=normal updateAdc-avpair = dhcpdiscover-action=update Dhcpopt82-relay-remote-id sub-attribute Protocol Group Service GroupAdc-avpair = serviceservice-timeout=timeout in seconds Adc-avpair = serviceservice-timeout=500 Adc-avpair = serviceauto-service-name=SRV12 Adc-avpair = servicenext-service-name=service nameAdc-avpair = servicenext-service-name=SRV12 Adc-avpair = serviceauto-service-name=service name Servicedata-quota Serviceauth-sourceAdc-avpair = serviceauth-source=service user CLI Adc-avpair = serviceauth-source=CLI Serviceacl-data-quota Adc-avpair = servicedata-quota=5000000Servicedata-quota-used Adc-avpair = servicedata-quota-used=5000000 Serviceacl-data-quota-used Adc-avpair = serviceacl-data-quota=1015000000Serviceservice-cache Adc-avpair = serviceservice-cache=off Serviceacl-packet-quota Adc-avpair = serviceacl-data-quota-used=video5000000 Serviceacl-packet-quota-used ADC-avpair = serviceacl-packet-quota=mail100300 Serviceroaming Adc-avpair = serviceacl-packet-quota-used=mail100245Adc-avpair = serviceroaming=disable Adc-avpair = routenext-hop=Next-hopIP address Route GroupAdc-avpair = routenext-hop=192.168.1.23 Adc-avpair = routeadvertise-protocol=ospf Adc-avpair = routenip-pipe-next-hop=Next-hop IP addressAdc-avpair = routenip-pipe-next-hop=192.168.1.23 Adc-avpair = routeadvertise-protocol=ripv2 ospf Adc-avpair = routeforward-addr=192.168.1.4 Adc-avpair = routeforward-addr=IP address Adc-avpair = vpdntunnel-id=username Vpdn GroupAdc-avpair = vpdntunnel-id=test Adc-avpair = vpdnip-address=192.168.4.3 Adc-avpair = vpdnl2tp-tunnel-password=passwordAdc-avpair = vpdnl2tp-tunnel-password=test Adc-avpair = vpdnip-address=x.x.x.x Vpdntunnel-client-ip-address Adc-avpair = vpdnip-tunnel=gre192.168.1.34 Vpdnnativeip sub-attributeGcon-avpair = vpdnnativeip=ppp Vpdnip-tunnel sub attribute Gcon-avpair = qosup-mean-rate=up mean rate in Kbits QOS GroupGcon-avpair = qosup-mean-rate=128 Adc-avpair = qosacl-down-mean-rate=acl1256 Adc-avpair = qoscos=access-list nameCOS valueAdc-avpair = qosacl-up-mean-rate=acl1128 Qosacl-down-mean-rate sub attribute Adc-avpair = qosacl-priority=acl11 Qosacl-priority sub attribute Adc-avpair = dnsip-primary=194.90.1.5 DNS GroupDnsip-primary Adc-avpair = dnsip-primary=Primary DNS IP Appendix B Using password command RDSHost configure terminal cr Password user type passwordUsing default-redirection-site command Default-redirection-site URL name Using no orup-active command Orup CommandsUsing Orup Original Requested URL Prefix Using orup-active command No service-name Service Name CommandsUsing service-name command Service-name service name Event-level NUM output-device Logging media Tftp CommandsUsing copy-TFTP command June 30 Appendix B Redirection Server Usage Example 2 Unsuccessful software download Using copy-TFTP flash def-redirection-page commandCopy-TFTP flash def-redirection-page IP address File name Parameter sysLog server IP Using sysLog-server-ip commandRDSHost sysLog-server-ip 192.168.1.8 cr Using show version command Show Commands June 30 Appendix B Redirection Server Example Using show configuration commandShow configuration Using show system command Appendix B Redirection Server June 30 Example Using interface Ethernet command No interface Ethernet Interface number Hostconfig# no interface Ethernet 1 cr No ip default-gateway Default Gateway CommandsUsing ip default-gateway command Using no ip default-gateway command RDSHost RDSHost reload non-graceful Using Reload CommandFormat Parameter non-graceful Using write terminal command Write CommandsWrite terminal Using access-list SNMP-permit command Using Poweroff CommandUsing write memory command Poweroff Appendix B Redirection Server June 30 Parameters IP address Using no access-list SNMP-permit commandNo access-list SNMP-permit IP address Using SNMP-server community command Using http-proxy-server port command Using Reset Configuration CommandHttp Commands Reset configuration No http-proxy-server port port number Using no http-proxy-server port commandHttp-proxy-server port port number Parameter port number RDSHost write terminal cr Ip dns server Using ip primary-name-server commandName Server Ip primary-name-server IP address RDSHost write terminal cr Ip remote-proxy 192.168.1.4 Using ip remote-proxy commandRDSHostconfig ip remote-proxy192.168.1.4 8080 cr Using no ip remote-proxy command Eds-url-identity eds url name Using Hostname CommandRDSHostconfig hostname rdstest cr RDSHost write terminal cr Hostname rdstest No eds-url-identity Using remote-ip-in-ip commandRemote-ip-in-ip IP address No remote-ip-in-ip IP address Using no remote-ip-in-ip command Using show memory command Show User CommandsUsing show users command Using show proc command Show cpu Using Debug Protocol CommandUsing Rest WEB Command Reset web RDSHostADC date 180730 10/02/2002 cr Using Date Command 800.366.3891 Sales AssistanceSystems Integration ADC Technical Assistance Center Appendix C Product Support June 30 SG1-UM-8500-03 SG1-UM-8500-03 GL-1 Glossary Glossary June 30 GL-2 SG1-UM-8500-03 Certification and Warranty For Technical Assistance World Headquarters