EasyManuals Logo
Home>Cisco>Network Router>ASR 5000 Series

Cisco ASR 5000 Series User Manual

Cisco ASR 5000 Series
992 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #449 background imageLoading...
Page #449 background image
Features and Functionality - Base Software â–€
Cisco ASR 5000 Series Product Overview â–„
OL-22938-02
: Shows the total number of invalid cookies per
manager instance.
: Shows NPU statistics on each IPSec manager.
: Shows the combined data statistics for the given context name. Includes the
number of cookie flows, the number of cookie flow packets, and the total number of cookie errors.
: Shows the control statistics for a given context name. Includes the
output for plus Total IKEv2 Cookie Statistics, Cookie Notify Sent, Cookie
Notify Received, Cookie Notify Match, Cookie Notify NOT Match, and Invalid Notify Payload Cookie.
MAC Address Validation
The MS embeds the MAC address from the WiFi AP in the NAI when it sends an IKEv2 AUTH request. If MAC
address validation is enabled on the PDIF, it sends a Diameter User-Data-Request (UDR) message to the HSS with the
NAI from the MS. The HSS returns a User-Data-Answer (UDA) message to the PDIF containing a list of authorized
MAC addresses.
If the PDIF finds the MAC address in this list, the MAC address validation succeeds, and the PDIF continues with the
IKEv2 call. The MS starts EAP authentication through IKEv2 AUTH procedures. If configured to do so, the PDIF
removes the MAC address from the NAI when sending authentication requests to external RADIUS servers. If the
embedded MAC address is not removed, the authentication check fails, because the AAA server cannot accommodate
embedded MAC addresses.
If the MAC address is not in the list, the MAC address authorization fails, and the IKEv2 session is terminated with a
Notify Message Type 16382 - Private User Errors message.
If the HSS interface is not reachable, it is possible that the IKEv2 session setup could continue as if the MAC
authorization had succeeded. However, such error behaviors, including various Diameter error codes from the HSS, are
configuration options. That means if an HSS returns an error, the action could be either to continue or to terminate the
session. This is discussed in Diameter Failure Handling.
Important: See also Diameter Authentication Failure-Handling in the Command Line Interface Reference.
RADIUS Accounting
RADIUS Accounting messages are not generated while mobile IP setup is in progress.
A RADIUS accounting START message is generated when the session is established.
RADIUS INTERIM accounting messages are generated at configured intervals in a call.
A RADIUS STOP accounting message is sent to the AAA server when the call ends.

Table of Contents

Other manuals for Cisco ASR 5000 Series

Preview: Administration Guide
Administration Guide508 pages
Preview: Thresholding Configuration Guide
Thresholding Configuration Guide163 pages
Preview: Installation Guide
Installation Guide317 pages
Preview: Installation And Administration Guide
Installation And Administration Guide95 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 5000 Series and is the answer not in the manual?

Cisco ASR 5000 Series Specifications

General IconGeneral
BrandCisco
ModelASR 5000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals