Table of Contents Table of contents: Radiator® AAA Server Testing Radiator 3GPP AAA Server 3 - Testing Radiator 3GPP AAA Server Abbreviations 5 - Abbreviations

4. Configuring Radiator 3GPP AAA Server

This section describes the configurable parameters of Radiator 3GPP AAA Server.

4.1. <3GPPAuthHSS>

This section describes the configuring parameters of <3GPPAuthHSS>.

4.1.1. AAAServerSWx

This object list defines the AAA (Authentication, Authorisation, Accounting) Server SWx clause to be used.

4.1.2. HSSRealm

This string defines the Diameter realm that is used as Destination-Realm for SWx messages. If HSSRealm is not defined, DiaPeerDef entries need to be configured and DestinationRealm from Diameter Peer's DiaPeerDef configuration is used as the Destination-Realm. If no HSSRealm or Destination-Realm for the chosen DiaPeerDef is configured, Destination-Realm in the outgoing SWx request is empty.
Starting with Radiator 4.24, the recommended configuration is to define HSSRealm and leave DiaPeerDef parameters undefined. This allows Radiator to use Diameter routing to resolve the peer to send SWx requests to.
# Always use this as SWx Destination-Realm in requests
HSSRealm aaa.mnc001.mcc001.3gppnetwork.org

4.1.3. DiaPeerDef

DiaPeerDef defines how to select the peer to use when sending SWx requests to HSS. The HSS may be a directly connected peer, or reachable with Diameter Routing Agent or some other type of agent that routes the messages towards the HSS. DiaPeerDef parameter value can be a configuration file Identifier value or Diameter Auth-Application-Id or Vendor-Specific-Application-Id/Auth-Application-Id that the peer has advertised.
Multiple instances of DiaPeerDef are allowed. The first entry is the primary peer to use. Entries will be tried in the order they appear in the configuration file.
Starting with Radiator 4.24, the recommended configuration is to define HSSRealm and leave DiaPeerDef parameters undefined. This allows Radiator to use Diameter routing to resolve the peer to send SWx requests to. 
# We peer directly with HSS
<DiaPeerDef ...>
    Identifier diapeer-hss
</DiaPeerDef>

# The configuration file Identifier to locate DiaPeerDef to use with HSS requests
DiaPeerDef DiaPeerDef-Identifier=diapeer-hss
#DiaPeerDef DiaPeerDef-Identifier=diapeer-hss-secondary

# An alternative is to use a peer that has advertised SWx
#DiaPeerDef Peer-Auth-Application-Id=3GPP:3GPP SWx

4.2. <DiaPeerDef>

This section describes the configuration parameters for <DiaPeerDef>. <DiaPeerDef> defines the Diameter peer this Radiator instance connects to. Both Radiator instance and the Diameter peer can initiate the connection.
A minimal Radiator 3GPP AAA Server configuration requires one <DiaPeerDef> clause for all used Diameter-based AuthBys. If there is no <ServerDIAMETERTelco> clause defined, <DiaPeerDef> clauses must have the Initiator flag set to connect to the Diameter peers.
A <ServerDIAMETERTelco> clause allows accepting incoming Diameter connections. When the <ServerDIAMETERTelco> is configured, Radiator acts as a Diameter responser. The settings for the connecting peers are fetched from the <DiaPeerDef> clauses.The clauses are matched against the incoming CER (Capabilities Exchange Request) from the peer.
Note
At least one <DiaPeerDef> clause is always required.
If the <ServerDIAMETERTelco> clause is configured but there are no <DiaPeerDef> clauses, the incoming CER messages are rejected by Radiator. A <DiaPeerDef> is required to form a successful CEA (Capabilities Exchange Answer) back to the peer.
Note
A <DiaPeerDef> with an empty parameter list matches to any Diameter peer. This is useful when defining default settings for incoming connections from any Diameter peer.

4.2.1. Identifier

This is an optional parameter, which defines the name of the specific <DiaPeerDef> clause and its configuration. When defined, this allows you to choose the correct Diameter peer when configuring Diameter-relaying support.

4.2.2. AddToRequestFromDia

This parameter defines the Diameter attributes, which are added to a request object in addition with OriginHost and OriginRealm. The request object is created when a Diameter request message is received. The request object is then sent to the handler with the correct application AuthBy for this request.
The request object contains reference to the incoming Diameter request. The chosen Diameter application adds the reference to the Diameter answer. <AuthBy DiaRelay> relays the request to the correct peer and processes the answer, which is returned from the relay peer.

4.2.3. PreHandlerHook

This is an optional parameter, which defines the Perl function that is called before the request object is sent to the handlers. The only passed argument is the reference to the current request object.

4.2.4. NoReplyHook

This is an optional parameter, which defines the Perl function that is called if no reply is received from any Diameter peer.

4.2.5. NoreplyTimeout

This integer defines how soon, in seconds, NoReplyHook is called if the request stored in proxy does not receive a reply. The default value is 5.

4.2.6. ProductName

This is an optional parameter, which defines the name of the specific Diameter peer. If defined, it is sent to the other Diameter peers within the CER and CEA messages. The default value is Radiator.

4.2.7. OriginHost

This string defines the name that <ServerDIAMETERTelco> uses to identify itself to the Diameter peers. It is sent to the Diameter peers in the Diameter CER and CEA messages. The Diameter peers use OriginHost to determine whether they have connected to the correct peer. OriginHost must be specified.

4.2.8. OriginRealm

This string defines the name of the Realm the <ServerDIAMETERTelco> uses. It is sent to the Diameter peers in the CER and CEA messages. The peer uses it to determine which requests are routed to this Radiator instance. OriginRealm must be specified.

4.2.9. DestinationHost

This string defines the value for Destination-Host for Diameter requests. The usage of this parameter depends on the Diameter application that uses this <DiaPeerDef>. This is an optional parameter.

4.2.10. DestinationRealm

This string defines the value for Destination-Realm for Diameter requests. The usage of this parameter depends on the Diameter application that uses this <DiaPeerDef>. This is an optional parameter.

4.2.11. SupportedVendorIds

This is an optional parameter, which defines the supported vendor IDs announced in CER and CEA messages. This has no default value and the supported vendor ID is not announced by default. The default dictionary or the configured dictionary file consist an alias group DictVendors for all supported vendors.

Example

# Advertise Open System Consultants and 3GPP
SupportedVendorIds 9048, 3GPP

4.2.12. AuthApplicationIds

This is an optional parameter, which defines the Auth-Application-Id attributes announced in the CER and CEA messages. The Auth-Application-Id is not announced by default.

Example

# Advertise Diameter Credit Control and EAP applications
AuthApplicationIds 4, Diameter-EAP

4.2.13. AcctApplicationIds

This is an optional parameter, which defines the Acct-Application-Id attributes announced in the CER and CEA messages. The Acct-Application-Id is not announced by default.

Example

AcctApplicationIds Base Accounting

4.2.14. VendorAuthApplicationIds

This is an optional parameter, which defines the authentication Vendor-Specific-Application-Id attributes announced in the CER and CEA messages. The Vendor-Specific-Application-Id is not announced by default. The parameter value is a comma-separated list of vendor:application values. Both names and direct numeric values are accepted.

Example

VendorAuthApplicationIds 3GPP:3GPP-Rx, 3GPP:3GPP-Gx

4.2.15. VendorAcctApplicationIds

This is an optional parameter, which defines the accounting Vendor-Specific-Application-Id attributes announced in the CER and CEA messages. The Vendor-Specific-Application-Id is not announced by default. The parameter value is a comma-separated list of vendor:application values. Both names and direct numeric values are accepted.

Example

VendorAcctApplicationIds OSC:Example accounting app

4.2.16. Initiator

This is an optional flag, which defines if the Radiator instance can act as a connection initiator. It is not set by default.
Initiator must be set if Radiator instance has to act as an initiator and create a connection to the Diameter peer defined by this <DiaPeerDef>. If Initiator is not set, the Radiator instance does not initiate connections but other instances, such as ePDG, must act as a initiator.

4.2.17. Peer

This parameter defines the name or IP address of the Diameter peer. Both IPv4 and IPv6 addresses are supported. This parameter is required when <DiaPeerDef> is configured to act as an initiator.

4.2.18. Port

This is an optional parameter, which defines the network port <ServerDIAMETERTelco> listens to for connections from Diameter peers. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.2.19. SCTPPeer

This parameter specifies one host name or address of an SCTP peer to connect to. An address can be an IPv4 or IPv6 address. Multiple SCTPPeer parameters are supported. When SCTPPeer is defined, it is used instead of Host or Peer parameters. Special formatting characters are supported. If SCTP multihoming is not supported, connection is attempted to each peer at a time.
When SCTP multihoming is supported, connection is attempted to all peers at once. In this case, all addresses defined with SCTPPeer must be either IPv4 or IPv6 addresses
Here is an example of using SCTPPeer:
# Peer has multiple IPv6 addresses
SCTPPeer 2001:db8:1500:1::a100
SCTPPeer 2001:db8:1500:2::a100

4.2.20. LocalAddress and LocalPort

These parameters control the address and optionally the port number used for the client source port, although this is usually not necessary. LocalPort is a string, it can be a port number or name. It binds the local port if LocalAddress is defined. If LocalPort is not specified or if it is set to 0, a port number is allocated in the usual way.
When SCTP multihoming is supported, multiple comma separated addresses can be configured. All addresses defined with LocalAddress must be either IPv4 or IPv6 addresses.
LocalAddress 203.63.154.29
LocalPort 12345

4.2.21. Protocol

This is an optional parameter, which allows choosing transport layer protocol, TCP or SCTP, for carrying Diameter messages. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.2.22. DisconnectTraceLevel

This optional parameter specifies log trace level for peer initiated disconnects. The default value is error level 0. When connections are known to be short-lived, a non-default value may be useful. This parameter is available for all Stream based modules, such as <ServerDIAMETER> and <AuthBy RADSEC>.
# Debug logging is enough for peer disconnects
DisconnectTraceLevel 4

4.2.23. TLS_*

These parameters enable and configure of TLS (Transport Layer Security) authentication and encryption. For more information, see Radiator reference manual Opens in new window under section "TLS configuration". To enable TLS, you need to define TLS_Protocols configuration parameter with the other TLS related parameters, such as certificates, that depend on your operating environment.
Note
Old configuration parameters UseTLS and UseSSL are obsolete and should not be used. Use TLS_Protocols instead.

4.3. <3GPPAuthMAP>

This section describes the configuring parameters of <3GPPAuthMAP>.

4.3.1. MAP

This string identifies the MAP (Mobile Application Part) used by a certain AuthBy.

4.4. <AAAServerSWx>

<AAAServerSWx> does not have any configurable parameters at the moment except Identifier.

4.5. <AAAServerSWm>

<AAAServerSWm> does not have any configurable parameters at the moment except Identifier.

4.6. <AAAServerS6b>

<AAAServerS6b> does not have any configurable parameters at the moment except Identifier.

4.7. <EAPContextInternal>

This section describes the configuring parameters of <EAPContextInternal>.

4.7.1. EAPContextTimeout

This integer defines the maximum time period, in seconds, how long EAP (Extensible Authentication Protocol) context is retained. The default value is 3. Usually there is no need to change this value.

4.8. <EAPContextGossip>

This section describes the configuring parameters of <EAPContextGossip>.

4.8.1. EAPContextTimeout

This integer defines the maximum time period, in seconds, how long EAP context is retained. The default value is 3. Usually there is no need to change this value.

4.9. <AAASessionInternal>

<AAASessionInternal> does not have any configurable parameters at the moment except Identifier. It keeps the session information of active SWm and S6b sessions and profiles fetched from HSS. The information is stored in internal memory.

4.10. <AAASessionGossip>

<AAASessionGossip> keeps the session information of active SWm and S6b sessions and profiles fetched from HSS. The information is stored in Gossip. The Gossip framework is documented in Radiator reference manual Opens in new window under section <GossipRedis> and Gossip framework. <AAASessionGossip> supports also Identifier.

4.10.1. CloseAction

CloseAction defines how to update Gossip when the session is closed. This is not set by default and the session is deleted when closed. The functionality is similar as when the value is set to delete. When set to timestamp, the session is not deleted but the stopping time timestamp is marked when the session is closed.

4.11. <AAASessionSQL>

This section describes the configuring parameters of <AAASessionSQL>. It keeps the session information of active SWm and S6b sessions and profiles fetched from HSS. The information is stored in SQL database.

4.11.1. AddSessionQuery

This string contains the SQL query for saving the SWm and S6b session information. Most of the parameters are required to save. Some parameters are conditional depending on the features the non-3GPP access system requires.
The following bind variables are available in AddSessionQuery:
  • %0
    This is the IMSI.
  • %1
    This is the value of Diameter Session-Id AVP (Attribute-Value Pair).
  • %2
    This is the value of Diameter Origin-Host AVP.
  • %3
    This is the value of Diameter Origin-Realm AVP.
  • %4
    This is the Diameter Application Id value.
  • %5
    This is the Diameter application name, which corresponds to the Application Id.
  • %6
    This is the Diameter Service-Selection attribute value, for example, SSID (Service Set Identifier) or NAI (Network Access Identifier).
  • %7
    This is the permanent user identity represented as NAI without leading digit in front of IMSI.
  • %8
    This is the session start time.
  • %9
    Conditional: This is the value of Emergency-Services attribute. There is no need to store this attribute if emergency services are not enabled.
  • %10
    Conditional: This is the value of User-Name attribute. Storing this is only needed when IMSI privacy is enabled and the ePDG requires anonymous username instead of permanent user identity.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.2. AddSessionQueryParam

This string array defines the bound variables to be used with AddSessionQuery. See AddProfileQuery for more information about the available bind variables.

4.11.3. GetSessionQuery

This string contains the SQL query for getting information about a single session for a specific IMSI.
The following bind variable is available in GetSessionQuery:
  • %0
    This is the value of Diameter Session-Id AVP.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.4. GetSessionQueryParam

This string array defines the bind variables to be used with GetSessionQuery. See GetSessionQuery for more information about the available bind variables.

4.11.5. GetSessionColumnDef

This string hash defines how Radiator interprets the result of the GetSessionQuery statement. The format is 'GetSessionColumnDef n, item', where n is the index of the column in the GetSessionQuery or GetAllSessionsQuery result and item is the name of the value used in later processing. See GetSessionQuery for an example.

4.11.6. CloseSessionQuery

This string contains the SQL query for closing a session.
The following bind variable is available in CloseSessionQuery:
  • %0
    This is the ID which is fetched with GetSessionSelect.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.7. CloseSessionQueryParam

This string array defines the bound variables to be used with CloseSessionQuery. See CloseSessionQuery for more information about the available bind variables.

4.11.8. CloseAllSessionsQuery

This string contains the SQL query for closing all open sessions of a specific IMSI.
The following bind variable is available in CloseAllSessionsQuery:
  • %0
    This is the IMSI.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.9. CloseAllSessionsQueryParam

This string array defines the bound variables to be used with CloseAllSessionsQuery. See CloseAllSessionsQuery for more information about the available bind variables.

4.11.10. CountSessionsQuery

This string contains the SQL query for counting all active sessions for one IMSI. The query must return one row where the first column is the session count.
The following bind variable is available in CountSessionsQuery:
  • %0
    This is the IMSI.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.11. CountSessionsQueryParam

This string array defines the bind variables to be used with CountSessionsQuery. See CountSessionsQuery for more information about the available bind variables.

4.11.12. GetAllSessionsQuery

This string contains the SQL query for getting information of all active sessions for a specific IMSI.
The following bind variable is available in GetAllSessionsQuery:
  • %0
    This is the IMSI.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.13. GetAllSessionsQueryParam

This string array defines the bind variables to be used with GetAllSessionsQuery. See GetAllSessionsQuery for more information about the available bind variables.

4.11.14. SaveProfileQuery

This string contains the SQL query for saving the subscriber's profile.
The following bind variables are available in SaveProfileQuery:
  • %0
    This is the IMSI.
  • %1
    This is the profile received from the HSS over SWx.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.15. SaveProfileQueryParam

This string array defines the bind variables to be used with SaveProfileQuery. See SaveProfileQuery for more information about the available bind variables.

4.11.16. GetProfileQuery

This string contains the SQL query for fetching the subscriber's profile. The query returns one row where the first column is the session count.
The following bind variable is available in GetProfileQuery:
  • %0
    This is the IMSI.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.17. GetProfileQueryParam

This string array defines the bind variables to be used with GetProfileQuery. See GetProfileQuery for more information about the available bind variables.

4.11.18. DeleteProfileQuery

This string contains the SQL query for deleting subscriber's profile.
The following bind variables are available in DeleteProfileQuery:
  • %0
    This is the IMSI.
For more information about SQL bind variables, see Radiator reference manual Opens in new window under section SQL Bind Variables.

4.11.19. DeleteProfileQueryParam

This string array defines the bind variables to be used with DeleteProfileQuery .See DeleteProfileQuery for more information about the available bind variables.

4.12. <AuthBy Dia3GPPAAAServer>

This section describes the configuring parameters of <AuthBy Dia3GPPAAAServer>. Apart from the parameters listed here, <AuthBy Dia3GPPAAAServer> inherits other parameters from <AuthBy AKA>. These parameters are documented in Radiator SIM Module reference manual.

4.12.1. AAAServerS6b

This object list defines the AAA Server S6b clause to be used.

4.12.2. AAAServerSWm

This object list defines the AAA Server SWm clause to be used.

4.12.3. AAAServerSWx

This object list defines the AAA Server SWx clause to be used.

4.12.4. AAASession

This object list defines the identifier of AKA Identity clause to be used as the 3GPP AAA Server session database.

4.12.5. AKAIdentity

This string defines the identifier of AKA Identity clause for mapping temporary AKA IDs (TMSI (Temporary Mobile Subscriber Identity) and reauthentication ID) to IMSI.

4.12.6. EAPContext

This object list defines the identifier of EAP context clause to be used.

4.12.7. SWmAuth

This string defines the identifier of 3GPP Auth clause for communicating with the remote AKA authentication and authorisation peer (HSS or MAP) for SWm messages.

4.12.8. OriginHost and OriginRealm

OriginHost and OriginRealm are optional parameters that define values for Diameter attributes Origin-Host and Origin-Realm in SWm, S6b and SWx application messages Radiator 3GPP AAA Server sends. These parameters are typically used when multiple parallel Radiator 3GPP AAA workers with the same Diameter identity used in conjunction with Radiator Service Provider Module hashbalance support.
These parameters are not set by default and Origin-Host and Origin-Realm attributes get their values from the DiaPeerDef clause use for forwarding the message. Special formatting characters are supported. Formatting is done when the configuration is loaded and AuthBy Dia3GPPAAAServer clause is activated.
See goodies file 3gpp-aaa-server-hashbalance.cfg for a sample configuration.
# We use local Diameter identity for peering with relay and
# this global identity for 3GPP AAA Server messages.
OriginHost radiator-3gpp.aaa.mnc001.mcc232.3gppnetwork.org
OriginRealm aaa.mnc001.mcc232.3gppnetwork.org

4.12.9. EmergencyServices

This flag parameter enables support for emergency services. When EmergencyServcies is not enabled, SWm or S6b requests with Emergency-Services AVP that have Emergency-Indication bit set are logged and rejected. Defaults to not set.

4.12.10. IMSICrypt

This string defines the identifier of IMSICrypt clause to use for IMSI decryption. For more about IMSI encryption, see Section 4.13. <IMSICrypt>.

4.12.11. DiaEIR

This object list enables EIR (Equipment Identity Register) check and identifies the used DiaEIR clause. This is an optional parameter.

4.12.12. EIR_SWm_UnknownAction

This defines how the 3GPP AAA Server handles the SWm requests if the EIR check does not recognise the connecting equipment. Unrecognised equipment is accepted by default. Allowed values are accept and reject.

4.12.13. StripMACFromUserName

This optional string parameters defines how 3GPP AAA Server strips MAC address of wireless LAN access point if it is embedded in the username. Some user equipment sends username in format such as 0234031234567890@00-11-22-33-44-55:nai.epc.mnc003.mcc234.3gppnetwork.org where 00-11-22-33-44-55: is not part of the username as specified by 3GPP TS 29.273. If ePDG or other network device can not be configured to remove the MAC address, 3GPP AAA Server can be configured to do so.
This option is not set by default and nothing is stripped. The only currently allowed value is colon, which removes everything starting after @ and ending with the first :.
# Our ePDG can not strip MAC addresses
StripMACFromUserName colon

4.13. <IMSICrypt>

This section describes the configuration parameters of an <IMSICrypt> clause. This clause provides support for Permanent Identity encryption, sometimes also called IMSI encryption or IMSI privacy. IMSI encryption is specified in 3GPP document S3-170116 and Wireless Broadband Alliance technical specification IMSI Privacy Protection for Wi-Fi.
IMSI encryption is supported by all EAP-SIM, EAP-AKA, EAP-AKA' and 3GPP AAA Server configuration clauses. To enable IMSI encryption, you need to modify Radiator configuration as follows:
For required software versions and modules, see Section 2.1. Prerequisites. A full configuration example is in file goodies/imsicrypt.cfg

4.13.2. DefaultPrivateKeyFile

DefaultPrivateKeyFile defines a private key file name for a key that is used when an encrypted permanent identity does not have key identifier. You can configure multiple key files to support key roll over. Decryption is attempted with all key files until the first one succeeds. If no key is able to correctly decrypt an encrypted identity, an error is returned to the client and the authentication fails.
See the configuration example for more information.

4.13.3. DefaultPrivateKeyPassword

DefaultPrivateKeyPassword defines the password for decrypting a default private key defined with DefaultPrivateKey. Key encryption is optional. If a key is stored without encryption, this parameter is not needed. An encrypted key file and its respective password must be configured in pairs.
See the configuration example for more information.

4.13.4. PrivateKeyFile

PrivateKeyFile defines a private key file name in name=value,filename format. This key is used when an encrypted permanent identity sent by the client has a key identifier. Decryption is attempted only with the key that matches the key identifier the client sends. If the key is not able to correctly decrypt the encrypted identity, an error is returned to the client and the authentication fails. You should not configure more than one PrivateKeyFile parameter with the same name=value because only the latest parameter is used.
See the configuration example for more information.

4.13.5. PrivateKeyPassword

PrivateKeyPassword defines the password for decrypting a private key defined with PrivateKey. The format for this parameter is name=value,password where name and value must match the respective values of a PrivateKeyFile parameter. Key encryption is optional. If a key is stored without encryption, this parameter is not needed.
See the configuration example for more information.

4.14. Configuring EIR

This section describes how to configure EIR parameters.
The EIR is a database that contains information on mobile devices that are banned from using the network or need to be tracked for some purpose. The devices are listed by their IMEI (International Mobile Equipment Identity).
You can find example configuration files in the distribution package, goodies/eir-client.cfg and goodies/eir-server.cfg.

4.14.1. <DiaEIR>

This section describes the configuring parameters of <DiaEIR>. <DiaEIR> implements the interface for querying EIR.

4.14.1.1. Identifier

This parameter defines the name of the specific EIR clause in the configuration. This must be defined, otherwise you cannot refer to this EIR clause.

4.14.1.2. DiaPeerDef

This parameter defines the Diameter Peer which the this clause connects to.

4.14.1.3. EIRCache

EIRCache is Identifier of the EIRCache clause. If this is not set, no caching is done. This is not set by default.

4.14.2. <EIRCacheInternal>

This section describes the configuring parameters of <EIRCacheInternal>. <EIRCacheInternal> is an optional module for caching EIR responses.

4.14.2.1. Identifier

This parameter defines the name of the specific EIR clause in the configuration. This must be defined, otherwise you cannot refer to this EIR clause.

4.14.2.2. CacheTimeout

CacheTimeout defines (in seconds) for how long the successful EIR responses are cached. The default value is 1800 (30 minutes).

4.14.2.3. NegativeCacheTimeout

If EIR cannot be connected or it returns an answer that cannot be successfully processed, NegativeCacheTimeout defines the time (in seconds) for how long time the answer is cached. Using this feature gives EIR time to recover from the possible error condition. The default value is 300 (5 minutes).

4.15. <Server3GPPTest>

This section describes the configuring parameters of <Server3GPPTest>.

4.15.1. 3GPPCardDatabaseFilename

This string defines the file path and name where 3G USIM card details are stored. Radiator requires read and write access to this file and its directory. When defined, this parameter is used to find the Milenage algorithm parameters for SIM (Subscriber Identity Module) and USIM cards. See goodies/simcards.dat for a sample file.
The file contains the following information coded to hexadecimal:

4.15.2. IndLength

This integer defines the length of the IND part in bits in the AKA authentication vector SQN. The default value is 5.

4.15.3. VendorAuthApplicationIds

This string defines the values of Auth-Application ID AVPs in CER. This is an optional parameter with no default value.

4.16. <ServerDIAMETERTelco>

This section describes the configuring parameters of <ServerDIAMETERTelco>.

4.16.1. Peer

This parameter defines the name or IP address of the Diameter peer. Both IPv4 and IPv6 addresses are supported. This parameter is required when <DiaPeerDef> is configured to act as an initiator.

4.16.2. Port

This is an optional parameter, which defines the network port <ServerDIAMETERTelco> listens to for connections from Diameter peers. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.16.3. BindAddress

This is an optional parameter, which defines one or more network interface addresses that are listened to for incoming Diameter connections. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.16.4. MaxBufferSize

This is an optional parameter, which defines the maximum number of octets buffered in output. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.16.5. Protocol

This is an optional parameter, which allows choosing transport layer protocol, TCP or SCTP, for carrying Diameter messages. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.16.6. ReadTimeOut

This is an optional parameter, which defines the maximum time, in seconds, to wait for incoming Diameter connection to complete the initial handshaking. The default value is 10. For more information, see Radiator reference manual Opens in new window under section <ServerDIAMETER>.

4.16.7. DisconnectTraceLevel

This optional parameter specifies log trace level for peer initiated disconnects. The default value is error level 0. When connections are known to be short-lived, a non-default value may be useful. This parameter is available for all Stream based modules, such as <ServerDIAMETER> and <AuthBy RADSEC>.
# Debug logging is enough for peer disconnects
DisconnectTraceLevel 4

4.16.8. TLS_*

These parameters enable and configure of TLS authentication and encryption. For more information, see Radiator reference manual Opens in new window under section "TLS configuration". To enable TLS, you need to define TLS_Protocols configuration parameter with the other TLS related parameters, such as certificates, that depend on your operating environment.
Note
Old configuration parameters UseTLS and UseSSL are obsolete and should not be used. Use TLS_Protocols instead.
Table of Contents Table of contents: Radiator® AAA Server Testing Radiator 3GPP AAA Server 3 - Testing Radiator 3GPP AAA Server Abbreviations 5 - Abbreviations