Cisco Prime Nerk 43 User Guide
Have a look at the manual Cisco Prime Nerk 43 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
15-7 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing TACACS+ Servers Configuration Details To view the TACACS+ Servers configuration details: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>AAA>TACACS+ Servers. The configuration details for each TACACS+ server are displayed in the content pane. (The attributes that are displayed depend on the device type.) Table 15-7 describes the fields that are displayed in the TACACS+ Servers configuration content pane. Viewing AAA Group Configuration Details For certain devices, the Vision client allows you to view the following configurations for an AAA group: Diameter Configuration –Accounting Configuration –Authentication Configuration Radius Configuration –Accounting Configuration –Accounting Keepalive and Detect Dead Server Configuration –Authentication Configuration –Authentication Keepalive and Detect Dead Server Configuration –Charging Configuration Table 15-7 TACACS+ Servers Configuration Details Field Name Description Server Address The IP address or host name of the TACACS+ server. Port The TCP port used to communicate with the TACACS+ server. Server Name The name of the TACACS+ server. Status Specifies the operational state of the interface with the TACACS+ server. Visibility Specifies whether a TACACS+ server is public or private within the scope of an AAA group server. Timeout Specifies the time to wait for the TACACS+ server to reply in seconds. Single Connection Specifies whether all requests to a TACACS+ server are multiplexed over a single TCP connection to server (for CiscoSecure). Send NAT Address Specifies whether a client’s post NAT address is sent to the TACACS+ server.
15-8 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations –Charging Triggers TACACS+ Configuration (Refer to Cisco Prime Network 4.3.1 Supported VNEs for more information.) The Vision client displays the AAA configuration details under the AAA container as shown in Figure 15-1. You can view the individual AAA group details by choosing Logical Inventory>Context>AAA>AAA Groups. Figure 15-1 AAA Groups in Logical Inventory
15-9 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing Diameter Configuration Details for an AAA Group To view the diameter configuration details for a AAA group: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups. You can view the AAA groups on the content pane. Step 3Choose Diameter Configuration under a specific AAA group node. The diameter configurations made for accounting servers and authentication servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details. Table 15-8 describes the diameter configuration details for accounting and authentication servers. Step 4In the Inventory window, choose Accounting Configuration or Authentication Configuration under the Diameter Configuration node. The configuration details are displayed on the content pane. Table 15-9 describes the accounting/authentication diameter configuration details. Table 15-8 Diameter Configuration Field Name Description Accounting Servers/Authentication Servers Server Host Host name of the diameter authentication/accounting server. Priority Relative priority of the diameter authentication/accounting server. Number of Instances in Up StateNumber of instances between the diameter authentication/accounting server and the AAA manager that are in UP status. Number of Instances in Down StateNumber of instances between the diameter authentication/accounting server and the AAA manager that are in DOWN status. Table 15-9 Accounting/Authentication Diameter Configuration Field Name Description Dictionary Diameter dictionary used for accounting/authentication. Endpoint Name Diameter endpoint used for accounting/authentication. Maximum TransmissionsMaximum number of transmission attempts for diameter accounting/authentication. Maximum Retries Number of retry attempts for diameter accounting/authentication requests. Request Timeout Diameter accounting/authentication request timeout period. Redirect Host AVP Indicates whether to use: one returned AVP the first returned AVP as the primary host and the second returned AVP as the secondary host. This field is applicable only for Authentication configuration. Upgrade -dict-avps Sets the release version to 3GPP Rel.8 for upgrading diameter accounting dictionary in the current AAA group.
15-10 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing Radius Configuration Details for an AAA Group To view the radius configuration details for an AAA group: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups> AAA Group>Radius Configuration. The configurations made for accounting, authentication, charging, and charging accounting servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details. Table 15-10 describes the radius configuration details for accounting, authentication, charging, and charging accounting servers.HD-mode Sends records to the Diameter server. If all Diameter servers are down or unreachable, then periodically retries the diameter service. HD-Policy Associates a specific HD storage policy with a AAA group. Supported Features Disables the CLI command and does not send supported features AVP. Active Start Trigger Enables an R-P event when an active start trigger is received from the PCF and there is a parameter change. Active Stop Trigger Enables an R-P event when an active stop trigger is received from the PCF. AirlinkUsage Counter RolloverThe AirlinkUsage RADIUS accounting policy for R-P. Stop Start Trigger Indicates that a stop or start RADIUS accounting pair is sent to the RADIUS server at the time of R-P event occurrence. Active Handoff Trigger Enables a single R-P event when an active PCF-to-PCF handoff occurs. Trigger Policy Designates to use a custom RADIUS accounting policy for R-P. You can specify parameters to form custom accounting policy. By default, all optional parameters are disabled Handoff Policy Specifies the behavior of generating accounting STOP when handoff occurs. MIP HA Policy The RADIUS accounting policy for Mobile IP HA calls. TOD Values TOD Minutes/Hours A time of day at which an R-P event should occur. NoteUp to four time of day events are displayed, Table 15-9 Accounting/Authentication Diameter Configuration Field Name Description
15-11 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing Radius Client Configuration Details for an AAA Group To view the radius configuration details for an AAA group: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups> AAA Group>Default > AAA Radius Client Configuration. The configurations made for accounting, authentication, charging, and charging accounting servers are displayed in the respective tabs on the content pane. Click on the tabs to view more details. Table 15-11 describes the radius client configuration details for accounting, authentication, charging, and charging accounting servers. Table 15-10 Radius Configuration Field Name Description Dictionary The radius dictionary. Strip Domain Indicates whether the domain must be stripped from the user name prior to authentication or accounting. Authenticator ValidationIndicates whether the MD5 authentication of the user is enabled or disabled. Allow Server Down AuthenticationIndicates whether subscriber sessions are allowed when RADIUS authentication is unavailable. Allow Server Down AccountingIndicates whether subscriber sessions are allowed when RADIUS accounting is unavailable. Accounting Servers/Authentication Servers/Charging Servers/Charging Accounting Servers Server Name IP address of the RADIUS server. Server Port Port used to communicate with the RADIUS server. Preference Preference of the RADIUS server. Operational State Status of the RADIUS server. Administrative Status Administrative status of the RADIUS server. Retain Administrative Status after RebootIndicates whether the administrative status must be retained when the system reboots. Keepalive Representative GroupName of the Keepalive representative group.
15-12 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing Radius Accounting Configuration Details for an AAA Group To view the radius accounting configuration details for an AAA group: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups>AAA Group>Radius Configuration>Accounting Configuration. The accounting configuration details are displayed in the content pane. Table 15-12 describes the radius accounting configuration details. Table 15-11 Radius Client Configuration Field Name Description Radius Client Status The status of the RADIUS client: Up or Down. Active NAS IP Address The NAS IP address configured to the client that is currently active. Configured Primary NAS IP AddressThe NAS IP address configured as the primary IP address to the RADIUS client. Primary IP Address Interface StateThe status of the interface to which the primary NAS IP address is configured: Up or down. Configured Backup NAS IP AddressThe NAS IP address configured as the secondary or backup IP address to the RADIUS client. Secondary IP Address Interface StateThe status of the interface to which the secondary or backup NAS IP address is configured: Up or down.
15-13 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Table 15-12 Radius Accounting Configuration Field Name Description Server Selection AlgorithmThe algorithm to select the RADIUS accounting server(s) to which accounting data must be sent. Values are: first-n n Default first-server round-robin Billing Version The billing system version of RADIUS accounting servers. Server Deadtime The number of minutes after which communication must be attempted with a server that is not reachable. Maximum Outstanding MessagesThe maximum number of outstanding messages that can be queued with the AAA manager. Fire and Forget Indicates whether RADIUS Fire-and-Forget accounting is enabled for the AAA group. Maximum TransmissionsThe maximum number of transmissions attempted for a RADIUS accounting message, before it is declared FAILED. Maximum Retries The maximum number of attempts with the AAA server, before it is declared Not Responding and the detected dead server’s consecutive failures count is incremented. Maximum PDU Size (Bytes)The maximum packet data unit size, in bytes, that can be accepted or generated. Response Timeout The time period, in seconds, to wait for a response from the RADIUS server, before resending the message. Remote Address Indicates whether the remote IP address lists are configured and the collection of accounting data for the addresses in these lists are enabled. Archive Messages Indicates whether archiving of the RADIUS accounting messages in the system (after retries to all available RADIUS accounting servers) is enabled. APN To Be Included The Access Point Name (APN) associated with the RADIUS accounting. Interim Interval The time interval (in seconds) between sending interim accounting records. GTP Trigger Policy The downlink volume that triggers interim RADIUS accounting.
15-14 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing the Radius Keepalive and Detect Dead Server Configuration Details for an AAA Group To view the radius accounting/authentication Keepalive and Detect Dead Server Configuration details: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups>AAA Group>Radius Configuration>Accounting Keepalive and Detect Dead Server Configuration or Authentication Keepalive and Detect Dead Server Configuration. The configuration details are displayed in the content pane. Table 15-13 describes the radius accounting keepalive and detect dead server configuration details. Viewing the RADIUS Attributes Configuration Details for an AAA Group To view the radius attributes configuration details: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups>AAA Group>Radius Configuration>Attributes Configuration. The configuration details are displayed in the content pane. Table 15-14 describes the attributes configuration details. Table 15-13 Radius Accounting Keepalive and Detect Dead Server Configuration details Field Name Description Keepalive Interval The time interval (in seconds) between two keepalive access requests. Keepalive Timeout The time period to wait for a response from the RADIUS server, before resending the message. This value is displayed in seconds. KeepAlive Maximum RetriesThe maximum number of keepalive access requests to be sent, before the server is declared as not reachable. Keepalive Consecutive ResponseThe number of consecutive accounting responses after which the server is declared as reachable. Username The accounting user name. Calling Station ID The calling station ID to be used for keepalive accounting. Keepalive Password The password to be used for authentication. This field is available only for authentication configuration. Keepalive Allow Access RejectIndicates the valid response for authentication request. This field is available only for authentication configuration. Detect Dead Server Consecutive FailuresThe number of consecutive failures for an AAA manager, before the status of an accounting server is changed from Active to Down. Detect Dead Server KeepAliveThe number of seconds to wait for a response to any message, before the status of an accounting server is changed from Active to Down.
15-15 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Viewing the RADIUS Accounting Attributes Configuration Details for an AAA Group To view the RADIUS accounting attributes configuration details: Step 1Right-click on the required device and choose the Inventory option. Step 2In the Inventory window, choose Logical Inventory>Context>AAA> AAA Groups>AAA Group>Radius Configuration>Accounting Attributes Configuration. The configuration details are displayed in the content pane. Table 15-15 describes the attributes configuration details. Table 15-14 Radius Attributes Configuration details Field Name Description NAS identifier The AAA interface IP address used to identify the system. Next HOP Attribute name by which the system is identified in access request messages. Backup NAS IP AddressThe NAS IP address configured as the secondary or backup IP address to the RADIUS client. Next HOP The next hop IP address for the NAS IP address. Input MPLS Label Specifies the Systems AAA MPLS input label. Output MPLS Label Specifies the systems AAA MPLS output label.
15-16 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 15 Monitoring AAA Configurations Viewing AAA Configurations Table 15-15 RADIUS Accounting Attributes Configuration details Field Name Description NAS IP Address Indicates whether RADIUS accounting attribute for NAS IP Address is enabled. NAS Identifier Indicates whether RADIUS accounting attribute for NAS Identifier is enabled. IMSI Indicates whether RADIUS accounting attribute for IMSI is enabled. Service Type Indicates whether RADIUS accounting attribute for service type is enabled. Framed IP Address Indicates whether RADIUS accounting attribute for Framed IP Address is enabled. Framed IPv6 Prefix Indicates whether RADIUS accounting attribute for Framed IPv6 Prefix is enabled. Called Station ID Indicates whether RADIUS authentication attribute for called station id is enabled. Calling Station ID Indicates whether RADIUS authentication attribute for calling station id is enabled. User Name Indicates enabled status for - name of the user being authenticated by the RADIUS server. Class Indicates whether RADIUS accounting attribute for class is enabled. NAS Port ID Indicates whether RADIUS accounting attribute for NAS Port ID is enabled. Nas Port Type Indicates whether RADIUS accounting attribute for NAS Port Type is enabled. 3GPP PDP Type Indicates whether RADIUS accounting attribute for 3GPP PDP type is enabled. 3GPP CG Address Indicates whether RADIUS accounting attribute for 3GPP CG address is enabled. 3GPP GPRS QoS Negotiated ProfileIndicates whether RADIUS accounting attribute for 3GPP GPRS QoS negotiated profile is enabled. 3GPP SGSN Address Indicates whether RADIUS accounting attribute for 3GPP SGSN address is enabled. 3GPP GGSN Address Indicates whether RADIUS accounting attribute for 3GPP GGSN address is enabled. 3GPP GGSN MCC MNCIndicates whether RADIUS accounting attribute for 3GPP GGSN MCC MNC is enabled. 3GPP IMSI MCC MNC Indicates whether RADIUS accounting attribute for 3GPP select mode is enabled. 3GPP Select Mode Indicates whether RADIUS accounting attribute for 3GPP NSAPI is enabled. 3GPP NSAPI Indicates whether RADIUS accounting attribute for 3GPP NSAPI is enabled.