|
This appendix provides information on the translation that the RADIUS-DESS Proxy (RDP) server performs for the service-profile attributes that CDAT creates in the LDAP directory.
The content of the service profile that you create with CDAT is derived from a RADIUS service profile. When the SSG gets information about services, the SSG uses the RADIUS protocol and expects RADIUS service-profile attributes.
In an SESM system, the RDP server is a RADIUS proxy server that acts as a mediator between the SSG and the LDAP directory. For example, RDP uses the DESS programming interfaces to access service profiles in the LDAP directory. RDP translates the CDAT/DESS service-profile attributes into the RADIUS service-profile attributes that the SSG uses.
The three tables in this appendix list the CDAT-to-RADIUS translations that RDP performs for a service profile.
Note The information in this appendix may be useful to you if you are reading SSG documentation, which discusses only RADIUS attributes, and you need to know what RADIUS attribute corresponds to each CDAT attribute in a service profile. |
Table C-1 shows the CDAT attributes for a service that RDP translates into standard RADIUS attributes.
Standard RADIUS attribute number 6. Service type. The value must be outbound. Standard RADIUS attribute number 27. Maximum time, in seconds, that a host or service object can remain active in any one session. Standard RADIUS attribute number 28. Maximum time, in seconds, that a service connection can remain idle before it is disconnected.
Table C-1: Standard RADIUS Attributes
CDAT attribute
Standard RADIUS Attribute Sent to the SSG
Table C-2 shows the CDAT attributes for a service that RDP translates into RADIUS Service-Info attributes. Service-Info attributes are vendor-specific attributes (attribute number 26), vendor 9, subattribute 251.
Ttype Type of service. Valid values for type are: Mmode Service mode. Valid values for mode are: Description Idescription Service description where description is the text string for the description. Gkey Next-hop key where key is the text string for the key. Oname1[name2]...[;nameX] Domain names where name1, name2, and so forth are the domain names. Dip_address_1[;ip_address_2] Rip_address;subnet_mask Uurl or Hurl Service URL where url is a fully qualified URL. RADIUS server authentication port RADIUS server accounting port RADIUS shared secret SRadiusServerAddress;authPort;acctPort;secret Remote RADIUS server information where:
Table C-2: Service-Info Attributes
CDAT attribute
Service-Info Attribute Sent to the SSG
Table C-3 shows the CDAT attributes for a service that RDP translates into Cisco AVPair attributes. Cisco AVPair attributes are vendor-specific attributes (attribute number 26), vendor 9, subattribute 1.
vpdn:tunnel-id=name Tunnel identifier where name is the name of tunnel. Tunnel IP address vpdn:ip-addresses=ip_address Tunnel IP address where ip_address is the address of the home gateway (LNS) to receive the L2TP connection. Tunnel password vpdn:l2tp-tunnel-password=password Tunnel password where password is the password for L2TP tunnel authentication. Tunnel type vpdn:tunnel-type=type Tunnel type where type is the l2tp (the only value allowed with SESM).
Table C-3: Cisco AV-Pair Attributes
CDAT attribute
Cisco AVPair Sent to the SSG
CDAT allows the service provider to explicitly define additional Cisco AV pairs for a service with the Local Cisco AV Pairs box in the Services and Service Groups windows. RDP sends these AV pairs to the SSG with no translation. For information on these AV pairs, see the "RADIUS Profile" section.
For more information on RADIUS profiles and the SSG, see the Cisco 6400 Feature Guide and the Cisco Subscriber Edge Services Manager and Subscriber Policy Engine Installation and Configuration Guide.
Posted: Tue Jul 2 11:44:38 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.