Cisco Systems OL-15491-01

A-133

Cisco Content Services Gateway - 2nd Generation Release 2.0 Installation and Configuration Guide

OL-15491-01

AppendixA CSG2 Command Reference

ip csg radius proxy

Command Modes Global configuration

Command History

Usage Guidelines A message sent to the specified csg-address (and any port) is parsed and then forwarded to the specified

RADIUS server. When forwarded to the RADIUS server, the source IP address is the

csg-source-address.

The source port is arbitrarily chosen by the CSG2, and the destination port remains unchanged. When a

message is received from the network and forwarded to the subscriber, the source IP address is the

csg-address, and the source port remains unchanged. The source IP address and port are taken from the

destination IP address and port in the original message from the subscriber.

You can configure an optional RADIUS key. If you configure a key, the CSG2 parses and acts on the

message only if the RADIUS authenticator is correct. If the key is not configured, the CSG2 always

parses the message. Whether you configure a key or not, and whether it is correct or not, the CSG2

always forwards the message.

You can specify up to 64 ip csg radius proxy commands.

You can also configure an optional RADIUS key.

•If you configure a RADIUS key, the CSG2 parses and acts on a message only if the RADIUS

Authenticator is correct.

•If you do not configure a RADIUS key, the CSG2 always parses and forwards every message.

You can specify more than one RADIUS key by specifying more than one ip csg radius proxy

command, but each command must specify a unique CSG2 IP address (or IP address-VRF name

combination, if VRF is configured).

All RADIUS messages are forwarded, unless the IP or User Datagram Protocol (UDP) headers specify

a length larger than the physical packet size.

CSG2 User Table entries created as a result of RADIUS messaging through the ip csg radius endpoint

definition with a VRF configured are indexed by the configured sub-vrf-name. This enables the CSG2

to segment the subscriber space and removes ambiguity if multiple subscribers share the same IP

address, provided that their entries were instantiated by RADIUS flows to CSG2 radius definitions

bound to different VRFs. If the sub-vrf-name is not configured, the User Table entries are indexed via

the global routing table.

Release Modification

12.4(11)MD This command was migrated from CSG1.

Changes from CSG1:

•The name of this command changed from radius proxy to ip csg radius proxy.

•The configuration mode for this command changed from module CSG

configuration to global configuration.

•The vrf csg-vrf-name, vrf server-vrf-name, and vrf sub-vrf-name keywords and

arguments were added.

•The table table-name keyword and argument were removed.