Chapter 6 Administering Remote Network Elements This chapter describes how to administer Diameter and RADIUS Remote Network Elements. Some administrative tasks are common to both protocols, and some are unique to each protocol. Use Table 15 to navigate to the various administrative tasks for Diameter and RADIUS Remote Network Elements. Table 15: Summary of Administrative Tasks Task Diameter RADIUS “Creating and Naming a Diameter or RADIUS Remote aa Network Element” on page 74 “Editing a Diameter or RADIUS Remote Network Element aa Description” on page 75 “Deleting a Diameter or RADIUS Remote Network aa Element” on page 75 “Assigning Functions and Configuring Implicit Routing aa Rules” on page 75 “Editing Functions and Implicit Routing Rules” on page 83 aa “Deleting a Function from a Diameter or RADIUS Remote aa Network Element” on page 83 “Configuring Diameter Connections” on page 85 a – “Editing Diameter Connections” on page 89 a – “Deleting a Diameter Connection” on page 90 a – “Configuring RADIUS Clients” on page 94 – a “Configuring RADIUS Targets” on page 97 – a “Editing RADIUS Clients” on page 99 – a “Editing RADIUS Targets” on page 100 – a “Deleting RADIUS Clients” on page 101 – a “Deleting RADIUS Targets” on page 101 – a This chapter covers the following topics: “Common Administrative Tasks” on page 74 “Administering Diameter Remote Network Elements” on page 84 73 IMS AAA Server 1.1 Administration Guide “Administering RADIUS Remote Network Elements” on page 90 Common Administrative Tasks This section describes administrative tasks that are common to both Diameter and RADIUS Remote Network Elements. To navigate to the Remote Network Elements dialog select Remote Network Elements, and then select either Diameter Elements or RADIUS Elements. The main dialog for Diameter Remote Network Elements is shown in Figure 37. Figure 37: Remote Network Elements Dialog From this dialog you can: Add a New Diameter or RADIUS Remote Network Element. Edit an Diameter or RADIUS Remote Network Element. Delete an existing Diameter or RADIUS Remote Network Element. Refresh the list of Diameter or RADIUS Remote Network Elements. Creating and Naming a Diameter or RADIUS Remote Network Element To create a new Diameter or RADIUS Remote Network Element: 1. From the main IMS AAA Server Administrator menu, navigate to either: Remote Network Elements > Diameter Elements Remote Network Elements > RADIUS Elements 2. Click New from the main Diameter or RADIUS Network Elements dialog. 3. Enter the name by which others will refer to this network element in the Name field. 74 Common Administrative Tasks Chapter 6: Administering Remote Network Elements Optionally, enter a description for the network element in the Description field. The description you associate with a network element is not used during processing. 4. Click OK to save the network element. Editing a Diameter or RADIUS Remote Network Element Description To edit the description of a Diameter or RADIUS Network Element: 1. From the main Diameter Network Elements dialog (Figure 37 on page 74), select the Remote Network Element you want to edit and click Edit. 2. Edit the Description field by highlighting the entire field and typing in the new description. 3. Click OK to save the edited description. Deleting a Diameter or RADIUS Remote Network Element 1. From the main Diameter Network Elements or RADIUS Network Elements dialog, select the Network Element you want to delete and click Delete. You are prompted with a Confirm Delete dialog. 2. Click Yes to delete the network element, or No to cancel the operation. Assigning Functions and Configuring Implicit Routing Rules This section describes how to assign functions to a Diameter or RADIUS Remote Network Element. Certain functions require you to configure implicit routing rules when you assign the function to the network element. This section also provides an overview of the implicit routing rules. Functions Supported in the IMS AAA Server Table 16 provides a description of each functions supported by the IMS AAA Server and specifies whether the function is supported in Diameter, RADIUS, or both. Common Administrative Tasks 75 IMS AAA Server 1.1 Administration Guide Table 16: Functions Supported in the IMS AAA Server Function Description Diameter RADIUS WLAN The WLAN Access Network function is a source of aa authentication, authorization and accounting for the Direct IP service provided by the WLAN infrastructure. Downstream This function is assigned to other 3GPP AAA servers to aa which this server may forward (proxy) requests. For example, the HSS may indicate the request needs to be redirected to another 3GPP AAA Server; in which case the local IMS AAA Server must proxy the request to the remote 3GPP AAA server. This remote 3GPP server would be assigned the Downstream function. Another example would be when a subscriber’s identity or realm decoration indicates roaming, and the IMS AAA Server may need to proxy the request to another 3GPP AAA server outside the HPLMN. HSS The Home Subscriber Server is a Diameter-based a - subscriber and policy database used in 3GPP networks that implement IMS R6 or later. The IMS AAA Server downloads and caches both user credentials and service subscription data (profile data) from the HSS. In addition, the IMS AAA Server coordinates with other 3GPP AAA servers via a registration mechanism in the HSS. The first 3GPP AAA server that authenticates a particular subscriber is registered as the “responsible” server in the HSS. Any subsequent authentications for that subscriber will be redirected to the “responsible” server, as long as it remains registered. After the subscriber has left the network, the registration may be purged by the 3GPP AAA server or the HSS, meaning it is no longer responsible and the next server to authenticate this subscriber may take over. The reference point between IMS AAA Server (3GPP AAA server), and the HSS is Wx, and it is defined only in terms of Diameter. Hence, the HSS function is not available for RADIUS network elements. PDG The Packet Data Gateway performs authentications and a - authorizations of tunnel requests, when tunneled IP service (3GPP IP Service) is being provided. The authorization processing of these requests is different from requests received from WLAN AN devices, because a different 3GPP service is used. However, the rest of the processing is very similar to WLAN AN. This function exists only for Diameter network elements, because no RADIUS protocol binding for the reference point (Wm) is defined. CDF The Charging Data Function is the accounting server for a - offline charging. Also known as Charging Collection Function, this function receives all chargeable event records from the IMS AAA Server and other network elements. 76 Common Administrative Tasks Chapter 6: Administering Remote Network Elements Table 16: Functions Supported in the IMS AAA Server (continued) Function Description Diameter RADIUS Upstream The Upstream function represents another 3GPP AAA a - Server, such as another Juniper IMS AAA Server, or other vendor’s AAA server, communicating over the Diameter protocol. This server proxies, or redirects requests to this local IMS AAA Server. These requests may be of the form usually received from WLAN AN or PDG in the local network, but they are actually proxied from some remote network. In this scenario, the exact WLAN AN or PDG the request originated from might not be known to this local IMS AAA Server. For example, if a roaming subscriber is receiving the 3GPP IP service provided by a visited network, the VPLMN might proxy the authentication received from the PDG to the HPLMN’s IMS AAA Server. The IMS AAA Server in the HPLMN would not know the actual PDG, but it would still be expected to authorize the access (roaming access in this case). AAA Cluster This function is assigned to AAA servers that are a - Peer operating in a cluster with the local server. The local server may forward requests to this AAA server, if the peer can process the request more efficiently. WAG The WLAN Access Gateway implements an enforcement a - function. During authorization, the IMS AAA Server pushes routing policy information for the subscriber’s current service to the WAG, which will then enforce this routing policy. This is only used for WLAN 3GPP (tunneled) IP Access service. SRC Policy server sending service activation and deactivation a - requests. See “Enabling Dynamic Authorization for Routers” on page 191 for more information. To assign functions to a Diameter or RADIUS Remote Network Element, select the function from the predefined list in the IMS AAA Server Administrator. Most functions require no further configuration. However, certain functions require you to configure implicit routing rules when you assign the function. For instance, when you assign the HSS function to a Diameter Remote Network Element, you need to specify which subscribers are served by the HSS. This is done by assigning the HSS function and configuring the implicit routing in the function configuration. NOTE: You can configure only one element of the SRC network for the SRC function. NOTE: If you assigned the SRC function, the server does not start listening for incoming RADIUS request until you establish at least one SRC connection in a network element. Common Administrative Tasks 77 IMS AAA Server 1.1 Administration Guide Implicit Routing Rules Implicit routing is based on subscriber identity or realm, except for the WAG function. In 3GPP WLAN networks, the subscriber identity is the IMSI (International Mobile Subscriber Identity) of the mobile device. Table 17 shows the functions that use implicit routing rules, and the type of routing rules used by each function. Table 17: Functions That Use Implicit Routing Rules Function IMSI Prefix Realm Routing Origin-Host Origin-Realm Routing Routing Routing HSS aa–– CDF aa–– Downstream - a –– WAG – – aa IMSI Prefix Routing-Allows you to specify which IMSI prefix numbers are associated with the remote peer (function).