RADIUS


The RADIUS tab is used to define the RADIUS protocol used in the test, AAA test type, the type of messages that will be generated by the NAS node, and the information included in the messages.

Parameter Index

General Settings (AAA Server Nodal)

General Settings (AAA Server Node)

 

CoA and Disconnect Simulator (AAA Server Node)

Subscription Concealed Identifier

Subscription Concealed Identifier

Authentication Settings

 

Accounting Settings (AAA Server Nodal)

 

Apply Parameter Values From Test Data File

CoA and Disconnect Simulator (AAA Server Nodal)

 

  • DAS Secret

  • DAS Key Type

DMU Support

 

NAS Port and Session ID Iteration

 
Prepaid Service      

Related Measurements

Different measurements are available depending on the Protocol selected.

 

General Settings

AAA Test

Use the drop-down list to select the types of transactions that are included in the test: authentication, accounting, or both. The types of transactions affect the way RADIUS sessions are connected and disconnected...

Options: Authentication With Accounting, Authentication Only, or Accounting Only

Default: Authentication With Accounting

NOTES:

  • The parameters in the Authentication and Accounting panes are dynamically enabled and disabled when their respective transactions are included in or excluded from the test.

  • In an Accounting Only test, an MN session is still established, although no Access Requests are sent.
    (This option is not applicable for CSN Nodal testing).

Tcl parameter: AaaTestType

Related Diameter Measurements

Starting Accounting ID

The Acct-Session-Id attribute in the RADIUS Accounting Request messages sent to the SUT. This value is used to associate the Start, Interim Update, and Stop messages for an MN's accounting session. You can also include this attribute in access request messages.

Range: Up to 64 characters

Default: ACCT0000

Tcl parameter: NasAccId

NOTES:

  • This parameter increments alphanumerically, cycling through digits, lower-case letters, and upper-case letters. The default value will increment as follows: ACCT0000, ACCT0001, ACCT0002...ACCT0009, ACCT000a...ACCT000z, ACCT000A...ACCT000Z, ACCT0010, and so on.

  • You can use Test Data Files to provision unique, non-sequential Acct-Session-Id values.

User Name and Password

See User Credentials

Authentication/Accounting Messages
  • Include User Name in Access Accept Message: The User-Name attribute is included and is provisioned with User Name .

Tcl Parameter: RadiusNasAuthUserNameEnabled

  • Send Proxy State: See Proxy Messages

  • AAA-HA Support: Use AAA-HA Support to have the AAA server act like WiMAX AAA server. If the access-req is from the FA, the AAA server sends message to FA, if not sends message to HA. (The AAA Server recognizes messages from the HA when: NAS-TYPE is not included in the access-req and the MIP attributes are included in the access-req message.)

  • Wait For Acct-Start Message: The number of milliseconds that the virtual server will wait for an Accounting Request-start message. If the start message is not received before the wait time expires, the IP address obtained by the MN during authentication will be released back to the address pool.

The Wait for Acct-Start Message is used in conjunction with IP Address Allocation (on Emulator Configuration).  If an Accounting Start message is not received in the provisioned time, the reserved IP address will be released. See also Accounting Message Cycle.

Range: 0 — 1,000,000

Default: 20,000

Tcl Parameter: WaitAcctStartTime

Related RADIUS Measurements

NAS Identifier

The NAS-Identifier attribute in RADIUS requests sent to the SUT, formatted as the Fully Qualified Domain Name (FQDN) of the NAS. The name must be unique within the scope of the SUT. Either the NAS-IP-Address or the NAS-Identifier attribute is required by RADIUS. Use the checkboxes in the Authentication and Accounting panes to include the attribute in Access Request and Accounting Request messages respectively.

If more than one NAS is used in the test, a unique name must be provisioned for each NAS. The default value will produce unique names in the format spcoastn@nasdomain, where n begins at 1 and increments for each NAS. Alternatively, you can use the Auto-Increment feature to generate custom names.

Range: <host name>@<domain>

Default: @nasdomain

Tcl Parameter: NasIdentifier

Retry Time and Retry Count See Retries
VSA Configuration

Use the Vendor-Specific Attribute (VSA) Configuration to define the templates used to create Radius attributes

VSA Database Size

Indicates the VSA size allocated for authentication packet flow descriptors and allows you to define the database memory to run VSA packets.

This is the memory allocated for the overflow data caused by VSA values that take up > 4 bytes. All VSAs that have values larger than 4 bytes will be stored in the Database.

In the example below:

The UNIT32 is just 4 bytes  4*8=32 bits thus it will not use the database. The HEX_STRING is empty and the USE_PRECONDITION has no value. Only the Text and String Values that are highlighted below will use the database and would require about 128 bytes for the Database size.

DB Size (bytes) has been added to the VSA/AVP configuration window. This is the value the AVP Database estimator calculates that is required for the AVP Database size in tabs such a Diameter, Radius, Etc. It should be used when determining the size of the AVP Database Size in Bytes.

During AAA Server Node testing, you may specify separate VSA size allocated for authentication and accounting packet flow descriptors.

Range: 2004,000

Default: 200

Tcl Parameters:

RadNasAttrSize

RadAaaAuthAttrSize

RadAaaAcctAttrSize

NOTE: The number of mobile nodes you can run during a test session depends on the VSA database size. The larger the VSA database size, fewer the mobile nodes you can run.

Class Attribute Size (bytes)

Indicates the Class Attribute Size allocated for authentication/accounting Class Attributes.

Range: 20 — 4,000

Default: 420

Tcl parameter: RadNasClassSize

NOTE: The number of mobile nodes you can run during a test session depends on the Class Attribute size. The larger the Class Attribute size, the fewer mobile nodes you can run.

VSA Criteria

Select to View/Edit criteria based on VSAs. Define VSA Criteria, that get associated with VSA Criteria measurements which increment when Criterion is not met. To get indication (measurement count > 0) when an AVP value==300, you must setup VSA Criterion to check for AVP!=300 and then it will increment when the value does == 300. The generated measurement will remain 0 by default and will only increment if the VSA Criterion is set to Not Present and a matching VSA type is found or if the VSA Criterion is set to match a condition (operator-format-value) the VSA type is matched and the condition is not met (false).  These rules are applied on a per-message basis, use the filter to see the effective rules on a per-message basis.   The Vendor and Flags have no impact on the Criterion.

See additional details in VSA Criteria in VSA/AVP Template Parameters:

Able to:

  • determine if certain VSAs are present, not present or have certain values in specific messages.   

  • define VSA Criteria, that get associated with VSA Criteria measurements. 

  • setup Pass/Fail Criteria against these measurements, to tie it into the Pass/Fail Criteria. 

NOTE:

  • Define up to 32 VSA Criteria per test case, which will result in up to 32 simple count measurements that increment each time a criteria is not met.  Measurements names are VSA Criterion 1 through VSA Criterion 32. 

  • Measurements are Summarized across all test cases in Summary view, and individual counts for each test case are available in the test case view.   (e.g. "The # of VSA that Failed to meet Criteria #N" )

  • Up to the user to put the VSAs in the same order in each test case to achieve same meaning.   

  • VSA Criteria can be setup easily in one Test Case, then copy/pasted to the others via QuickList, to maintain the same exact setup.  

  • Can also be synchronized across test cases using the Cross Reference.

  • Not all Operator options are available for all Format Types. For example, If Format type = MAC_ADDRESS then only '==' (Equal) and '!=' (Not Equal) are available Operator Options. When checking against a GROUPED AVP, you must use HEX_STRING set the Value to the Grouped AVP hex stream payload without the grouped AVP vendor field.

 

VSA Criteria Database Size (bytes)

Indicates the VSA Criteria Database size.

Range: 200 — 4,000

Default: 420

Tcl parameter: RadNasAttrCritSize

Tcl parameter: RadAaaAttrCritSize

NOTE: The number of mobile nodes you can run during a test session depends on the Class Attribute size. The larger the Class Attribute size, the fewer mobile nodes you can run.

Maximum Proxy State Number

Enter the Maximum Proxy State Number. This is for authentication only.

Range: 0 to 10

Default: 3

Tcl parameter: ProxyStatesNum

Transmission Protocol

Select Transmission protocol. Available in AAA Server Nodal and AAA Server Node Test cases. If TCP is selected, the TLS tab is automatically available for input (per RFC 6614 - TLS Encryption over RADIUS). This is a licensed feature.

Options: UDP (default) or TCP

Tcl parameter: RadTransProtocol

Number of Peers

Available if Transmission Protocol = TCP. Enter the number of peers.

Available on AAA Server Node test case.

Range: 1 to 30

Default: 1

Tcl parameter: RadNumPeers

Watchdog Time (Tw) (s)

Available if Transmission Protocol = TCP. Enter Watchdog time in seconds.

Range: 6 to 65535

Default: 30

Tcl parameter: RadWatchDogTime

SUT TLS Port

Available if Transmission Protocol = TCP. Enter SUT TLS port.

Range: 0 to 65535

Default: 2083

Tcl parameter: RadTlsPort

TLS Secret

Available if Transmission Protocol = TCP. The shared secret between a RADIUS TLS and AAA server that is included, along with other values, in the encrypted Authenticator field in the Access Request messages sent to the SUT. If more than one NAS node is used in the test, you can use the Auto-Increment feature to generate a unique secret for each NAS node.

Select to enable TLS Secret and enter the secret.

IMPORTANT: The AAA SUT must be provisioned to accept as valid the secrets used in the test or it will not accept messages from the NAS node.

Range: N/A

Default: radsec

Tcl parameter: RadTlsSecretEn

Tcl parameter: RadTlsSecret

 

^ Back to Top

Authentication Settings

The following parameters are available when a test includes authentication.

Authentication Type

During AAA Server Nodal testing, use the radio buttons to select the type of authentication performed by the SUT.

Options: CHAP, PAP, EAP, or DIGEST (DIGEST is only supported with RADIUS)

When you select CHAP, you can define the Challenge Length in the field provided.

Range: 1 — 128

Default: 16

When you select EAP, you can configure the methods that will be supported and the credentials used for each method with the EAP Settings window.

RADIUS Testing

If the challenge length is not 16, the challenge is placed in the CHAP-Challenge attribute by default. Otherwise, the challenge is placed in the Request Authenticator field and the CHAP-Challenge attribute is not used unless you select Message Always Includes the CHAP Attribute.

Related RADIUS Measurements

Enable IP Address by AAA

Use the checkbox to request that the AAA SUT allocate and return an IP address for an MN in the authentication response message. When address allocation is used, the address received is automatically included in the Framed-IP-Address attribute in any accounting requests sent to the SUT.

IMPORTANT: This option should not be used if IP addresses are provisioned with a Test Data File.

 

Tcl parameter: RadiusAuthType

Tcl parameter: RadiusChapChallengeLen

Use EAP Authentication

During AAA Server Node testing, Use EAP Authentication to enable EAP authentication support for a AAA server. You can configure the methods that will be supported and the acceptable credentials for each method with the EAP Settings window.

Tcl parameter: UseEapEn

Selecting Use EAP Authentication enables the following:

  • Send MSK in Access Accept via RFC2548 VSA: Select to encrypt transporting the MSK using the method described RFC 2548 (Section 2.4 describes a set of Attributes designed to support the use of Microsoft Point-to-Point Encryption (MPPE))

NOTE: MSK only applies to SIM, AKA, AKA', and TLS.

 

Tcl Parameter: RadiusMusername

Tcl Parameter: RadiusEapSendMsk

Use Digest Authentication

During AAA Server Node testing, select Use Digest Authentication and the relevant realm, algorithm, and QOP for Digest authentication.

  • Realm: Enter an appropriate Digest Realm name
  • Algorithm: Default is MD5 (influences the HTTP Digest calculation).
  • QOP: The Quality of Protection (influences the HTTP Digest calculation)

Increment Source Port

Enable to Increment Source port with each EAP Session. Only available when Authentication Type = EAP and Test case is AAA Nodal and Transmission Protocol is not equal to TCP.

Tcl Parameter: RadNasIncSrcPortEn

SUT (AAA) Port

The UDP port that is used for RADIUS authentication on all SUTs.

During AAA Server Node testing, you may specify separate the AAA SUT ports for authentication and accounting.

Range: N/A

Default: 1812

Tcl Parameter:

NasAuthPort

NasAcctPort

 

Authentication Secret

The shared secret between a RADIUS NAS and AAA server that is included, along with other values, in the encrypted Authenticator field in the Access Request messages sent to the SUT. If more than one NAS node is used in the test, you can use the Auto-Increment feature to generate a unique secret for each NAS node.

IMPORTANT: The AAA SUT must be provisioned to accept as valid the secrets used in the test or it will not accept messages from the NAS node.

Range: N/A

Default: secret

Tcl Parameter:

NasAuthSecret

NasAcctSecret

Related RADIUS Measurements

Digest

During AAA Server Nodal Testing, when the Authentication Type is DIGEST, you can configure the RADIUS Extension for Digest Authentication settings in this sub-pane.

  • RFC Version

Options: Draft or Final

Default: Final

  • Realm

String for the realm-value of digest-response.

Default: nas.com

  • Method

Method string for the request-URI of digest-response.

Default: INVITE

  • URI

String for the digest-uri-value of digest-response.

Default: sip:[email protected]

  • Algorithm

Option for the algorithm of digest-response.

Options: MD5 or MD5-sess

Default: MD5

  • QOP

Option for the qop-value of digest-response.

Options: auth or auth-int

Default: auth

Optional Access Request Attributes

Use the checkboxes to provision the following attributes in RADIUS Access Request messages with values defined in or generated by the test case.

Obtain IP Address from AAA Server

Use the checkbox to request that the AAA SUT allocate and return an IP address for HA in the authentication response message. When address allocation is used, the home address received in the MIP Registration Reply is automatically included in the Framed-IP-Address VSA in any the RADUIS Accounting Request sent to the SUT.

The IP address from this parameter is also transferred to the following messages including MIP RRQ, ACCESS-REQUEST if PDF RADIUS, and Accounting-Request.

Tcl Parameter: NasAaaIpAddAllocFeatEnabler

IMPORTANT:

  • Obtain IP Address from AAA Server should not be used if IP addresses are provisioned with a Test Data File.

  • RADIUS requires that either a NAS IP Address or a NAS Identifier is included.

 

Message Always Includes the CHAP Attribute

If this box is checked, the CHAP Challenge value will always be included in the CHAP-Challenge attribute regardless of the challenge length.

Tcl Parameter: RadiusUseChapAttributeEnabled

Message Includes the NAS Identifier

The NAS-Identifier attribute is included and is provisioned with NAS Identifier.

Tcl Parameter: RadiusAuthNasIdentifierEnabled

Do not Overwrite User Name

Only enabled when EAP is selected. Select to not override User Name with EAP Identity.

Tcl Parameter: RadiusAuthDontOverwriteUsernameEn

Message Includes the Accounting ID

The Acct-Session-Id attribute is included and is provisioned with Accounting ID.

Tcl Parameter: RadiusAuthAccountIDEnabled

 

Message Includes the NAS IP Address

  • By default, the NAS-IP-Address attribute is included and is provisioned with the address of the NAS Node associated with the MN.

Tcl Parameter: RadiusAuthNasIpAddressEnabled

TIP: You can add the NAS-IP-Address attribute to the VSA configuration and provision the attribute with a static or incrementing address that is different from the NAS node's address. If you use a custom attribute, be sure to clear the checkbox to prevent the inclusion of a second attribute.

 

Sending Proxy State

Use the checkbox to enable Proxy-State attribute handling if there is a proxy AAA Server between the NAS and the authenticating server.

Tcl Parameter: RadiusSendProxy

 

Use CHAP Attribute in DMU Initial Request

Available in HA Nodal test case. When enabled, CHAP and Challenge Length (bytes) Authentication become available for input. Select to use CHAP Attribute in DMU Initial Request on AAA Tab.

Tcl Parameter: DmuInitReqUseChapAttr

Use Unique Authenticator

Use the check box to enable using a unique authenticator.

Tcl Parameter: RadNasUniqueAuthEn

 

Reauthenticate Intervals(s)

Enabling the Reauthenticate Intervals checkbox and specifying the interval to re-authenticate, Enabling the checkbox causes and specifying the interval to re-authenticate, ensures that the current session is re-authenticated according to the specified interval.

Use [AP MAC:SSID] for Called Station ID

In Wifi Offload Gateway Nodal TC, select to include the format of the Called-Station-ID with the MAC address and SSID of the WLAN the client is connecting from (used for identification/authentication purposes). Available when you select UE Authentication on the Mobile Subscriber pane.

Options:

  • 00-10-A4-23-19-C0:ssid1 (0)
  • 00:10:A4:23:19:C1:ssid1 (1)
  • 0010A42319C2:ssid1 (2)

Tcl Parameter:

RadiusCustomCalledStationIdEn CsidPattern

Alternate Node Pane

When your RADIUS test requires that another network element participate in user authentication, such as an HA in a CDMA2000 Mobile IP test, you can add a generic NAS node that also sends Access Requests to the AAA SUT.

Use the Alternate Node checkbox to enable the Alternate Node authentication, and the Alternate Node pane on the RADIUS tab is enabled, allowing you to define the NAS emulator.

  • Access Request Delay Time — The number of seconds to wait before sending an Access Request message from the Alternate Node. This timer starts when the primary NAS Node sends an Access Request on behalf of the MN.

Range: 1100,000

Default: 1

  • NAS Identifier — A unique identifier for the node (see NAS Identifier for more information).

TIP: The Access Request messages sent by the alternate authentication node can include different VSAs than the messages sent by the NAS node.

 

 

^ Back to Top


Accounting Settings

During AAA Server Nodal testing, the following parameters are available when the test includes accounting.

SUT (AAA) Port

The UDP port that is used for RADIUS accounting on all SUTs.

Range: N/A

Default: 1813

Tcl Parameter: NasAccPort

 

NAS Accounting Secret

The shared secret between a RADIUS NAS and a AAA server that is included in the encrypted Authenticator field in the Accounting Request messages sent to the SUT. If more than one NAS node is used in the test, you can use the Auto-Increment feature to generate a unique secret for each NAS node.

IMPORTANT: The SUT must be provisioned to accept as valid the secrets used in the test or it will not accept messages from the NAS node.

Range: N/A

Default: secret (Enter None to use the Authentication Secret value)

Tcl Parameter: NasAccSecret

 

Send Start Message, Send Stop Message, and Send Interim Update Message

See Accounting Message Selection

Tcl Parameters:

RadiusSendStartMsgEn RadiusSendStopMsgEn RadiusSendInterimMsgEn

RadiusAcctHoldTime

RadiusAcctPendingTime

RadiusAcctUpdateTime

Started Time, Stopped Time, Interim Update Time, and Start Delay Time

See Accounting Message Cycle

The variable name:

RadAccHoldTime

RadAccPendingTime

RadAccUpdateTime

RadAccStartDelayTime

 

Optional Accounting Request Attributes

Use the check boxes to provision the following RADIUS attributes in Accounting Request messages with values defined in or generated by the test case.

IMPORTANT: RADIUS requires that either a NAS IP Address or a NAS Identifier is included.

  • Message Includes the User Name — The User-Name attribute is included and is provisioned with User Name.

Tcl Parameter: RadiusAccuserNameEnabled

  • Message Includes the NAS IP Address — By default, the NAS-IP-Address attribute is included and is provisioned with the address of the NAS node associated with the MN.

Tcl Parameter: RadiusAccNasIpAddressEnabled

TIP: You can add the NAS-IP-Address attribute to the VSA configuration and provision the attribute with a static or incrementing address that is different from the NAS node's address. If you use a custom attribute, be sure to clear the checkbox to prevent the inclusion of a second attribute.

  • Message Includes the NAS Identifier — The NAS-Identifier attribute is included and is provisioned with NAS Identifier.

Tcl Parameter:

RadiusAccNasIdentifierEnabled CsnRadIpAddrAllocEn
  • Message includes the MN Home Address Mobile Subscriber home address is included to enable checking MIP RRP from HA.

Tcl Parameter: RadiusMipHoaEn

 

Ignore Accounting Response

Use the checkbox to allow the test to continue regardless of whether Accounting Responses are received after a Start, Interim Update, or Stop Accounting Request is sent. When the box is checked the test will record timeouts and will continue to send requests if Retries are defined but will continue when the retries are exhausted.

Tcl Parameter: RadiusIgnoreAccIgnoreEn

 

Sending Accounting On/Off

Use the checkbox to include Accounting-On and Accounting-Off Accounting Request messages in the test. These messages direct the AAA SUT to start or stop accounting services, and are sent at the beginning and end of the test respectively. If more than one SUT is used in the test, the messages are sent to every SUT. The test will not continue until a response is received for every Accounting-On request, and if Retries are exhausted before a response is received, the test case will stop regardless of the Ignore Accounting Response setting.

Tcl Parameter: RadiusAccOnOffEn

TIP: If your test includes more than one test case, make sure that only one test case uses this option and that you use Automation Control to ensure that it is the first test case started and the last test case stopped.

Related Measurements

Accounting start Delay See Accounting Message Cycle

 

^ Back to Top


Apply Parameter Values From Test Data File

Rather than using auto-incrementing values in a RADIUS test, you may provision User Name, Password, and any VSA with an imported Test Data File. Select to apply parameter values from the test Data File and then click ... to choose the file. Download a sample RADIUS file by clicking the link below.

See Test Data Files for further explanation and sample files. If a sample is not found for the specific TDF, you can obtain a sample file from your Technical Support representative. You may also use the following options to select an existing TDF or create/edit TDF-CSV files (TDF-CSV Editor). 

For most TDF Parameters used for Applying Parameters, each row in the file is the overridden value for a different “Session”, aka a different UE. But some TDFs are done in other dimensions, like Bearers, eNodeBs, Subscribers (2 per UE sometimes) or even Hosts, etc. Tooltips on the TDF Parameter: 

Note that the “ID” is a unique ID. Please Provide the ID when reporting issues with a TDF. For TDFs that do not apply / override Parameters, but instead are just their own configuration or data or media files you won’t see TDF ID row details.

TIP: When including large files, please be aware of memory limitations, since the TDF Editor shares memory with the Client.

NOTE: The available TDF options vary. on the L3-7 | IPSec tab > IKE with RSA Settings you may only select the Certificate TDF from TAS (these are non-CSV TDFs).

In addition, where applicable, any rules for defining TDFs are included in specific Test Cases. (For example, In MME Node test case, see MME Node - Provisioning TDF.)

From the DMF Window, press Shift+Alt+A to display the  Save DMF as Tcl window. Click the Save to File button to save as Tcl file. See additional details on Using the Tcl API.

 

Select/Create a new TDF-CSV

Allows you to create a new TDF by entering a file name that doesn’t already exist or select an existing file by entering a file name that already exists.

Click to open the Select Existing or Create window.

  • Navigate to the relevant library/folder,

  • Enter the name of the file:

  • If the file name already exists, the file is selected and applied in the test case.

  • If the file name does not exist, a message displays that says you are creating a new TDF and the embedded TDF-CSV will be launched.

    • Click Yes to launch the TDF-CSV Editor and create/save the new TDF-CSV.

    • Click No to select a different file

NOTE: If you do not have permission to save in the selected library, an error displays when you try to create a new file.
TIP: You may also navigate to the relevant library/folder and select file, and click OK.

 

Upload a New TDF to TAS

Click to import a new TDF file from your local folder and select in the test Case (instead of having to go to TDF Admin).

  • Navigate to the file on your local folder and select.
  • Then navigate to the location (library) where you want to save it on the TAS. You may rename the file, if required.  

View Edit Selected TDF in TDF-CSV Editor

Available only when you have selected a TDF on TAS. Click to open the selected file in TDF-CSV Editor (in place, that is, within the Test Case).

Edit the file and save. You may also click Save As to save the edited TDF-CSV to a different library and also rename the file, if required.

NOTE: You may also select a TDF from a library to which you do not have write permissions, edit the file as required, and save (Save As) only to a different library with the same file name or a different name.

The only options available are Save As and Cancel.

Open Selected TDF in Standalone TDF-CSV Editor

Available only when you have selected a TDF on TAS. Select to retrieve the CSV file and open it in the stand alone TDF-CSV Editor.

Generate Stub TDF-CSV

TIP: Available only when a CSV specification has been defined for in the Test Case for the TDF widget ( View TDF Actions/Options Menu)

 

Opens an example context specific test data parametersexample context specific test data parameters, which you may save as a .CSV file or open in the TDF-CSV Editor.

 

Launch Standalone TDF-CSV Editor

Click to open a blank TDF-CSV Editor.

The Launch Standalone TDF-CSV editor options handles very large TDFs that may use too much Client memory if opened within the Test Case/in the embedded editor.  You may set the standalone TDF-CSV Editor memory high to edit large TDFs.

Tcl Parameter: RadNasCfgFileEn

NOTES:

  • The Framed-IP-Address attribute is automatically provisioned when IP address allocation is enabled in the AAA Server Node and AAA Server Nodal test cases. You should only include this parameter in a Test Data File when address allocation is disabled.
  • If you have defined VSAs within the test case, they will only be overridden by attributes defined in a Test Data File if the Vendor-ID, Type, and the length of the value exactly match. Otherwise, both attributes will appear in a message.
  • You can provision multiple VSAs with multiple attribute fields in the data file:

username,password,attr,attr,attr user1,pass1,attrvalue1,attrvalue2,attrvalue3  You

can also provision VSAs for some MNs but not others by skipping an attribute value:

 username,password,attr,attr,attr user1,pass1,attrvalue1,attrvalue2,attrvalue3 user2,pass2,attrvalue1,,attrvalue3

(the second attribute is not used) user3,pass3,attrvalue1,attrvalue2, (the third

attribute is not used)

^ Back to Top


Apply Test Data File to NAS Identifier

You may provision NAS Identifier with an imported Test Data File. Select Apply Test Data File to NAS Identifier and then click ....

See Test Data Files for further explanation and sample files. If a sample is not found for the specific TDF, you can obtain a sample file from your Technical Support representative. You may also use the following options to select an existing TDF or create/edit TDF-CSV files (TDF-CSV Editor). 

For most TDF Parameters used for Applying Parameters, each row in the file is the overridden value for a different “Session”, aka a different UE. But some TDFs are done in other dimensions, like Bearers, eNodeBs, Subscribers (2 per UE sometimes) or even Hosts, etc. Tooltips on the TDF Parameter: 

Note that the “ID” is a unique ID. Please Provide the ID when reporting issues with a TDF. For TDFs that do not apply / override Parameters, but instead are just their own configuration or data or media files you won’t see TDF ID row details.

TIP: When including large files, please be aware of memory limitations, since the TDF Editor shares memory with the Client.

NOTE: The available TDF options vary. on the L3-7 | IPSec tab > IKE with RSA Settings you may only select the Certificate TDF from TAS (these are non-CSV TDFs).

In addition, where applicable, any rules for defining TDFs are included in specific Test Cases. (For example, In MME Node test case, see MME Node - Provisioning TDF.)

From the DMF Window, press Shift+Alt+A to display the  Save DMF as Tcl window. Click the Save to File button to save as Tcl file. See additional details on Using the Tcl API.

 

Select/Create a new TDF-CSV

Allows you to create a new TDF by entering a file name that doesn’t already exist or select an existing file by entering a file name that already exists.

Click to open the Select Existing or Create window.

  • Navigate to the relevant library/folder,

  • Enter the name of the file:

  • If the file name already exists, the file is selected and applied in the test case.

  • If the file name does not exist, a message displays that says you are creating a new TDF and the embedded TDF-CSV will be launched.

    • Click Yes to launch the TDF-CSV Editor and create/save the new TDF-CSV.

    • Click No to select a different file

NOTE: If you do not have permission to save in the selected library, an error displays when you try to create a new file.
TIP: You may also navigate to the relevant library/folder and select file, and click OK.

 

Upload a New TDF to TAS

Click to import a new TDF file from your local folder and select in the test Case (instead of having to go to TDF Admin).

  • Navigate to the file on your local folder and select.
  • Then navigate to the location (library) where you want to save it on the TAS. You may rename the file, if required.  

View Edit Selected TDF in TDF-CSV Editor

Available only when you have selected a TDF on TAS. Click to open the selected file in TDF-CSV Editor (in place, that is, within the Test Case).

Edit the file and save. You may also click Save As to save the edited TDF-CSV to a different library and also rename the file, if required.

NOTE: You may also select a TDF from a library to which you do not have write permissions, edit the file as required, and save (Save As) only to a different library with the same file name or a different name.

The only options available are Save As and Cancel.

Open Selected TDF in Standalone TDF-CSV Editor

Available only when you have selected a TDF on TAS. Select to retrieve the CSV file and open it in the stand alone TDF-CSV Editor.

Generate Stub TDF-CSV

TIP: Available only when a CSV specification has been defined for in the Test Case for the TDF widget ( View TDF Actions/Options Menu)

 

Opens an example context specific test data parametersexample context specific test data parameters, which you may save as a .CSV file or open in the TDF-CSV Editor.

 

Launch Standalone TDF-CSV Editor

Click to open a blank TDF-CSV Editor.

The Launch Standalone TDF-CSV editor options handles very large TDFs that may use too much Client memory if opened within the Test Case/in the embedded editor.  You may set the standalone TDF-CSV Editor memory high to edit large TDFs.

 

^ Back to Top


CoA and Disconnect Simulator

 

NOTEs:

  • In AAA Server Node testing, select CoA Simulation on the AAA Node Emulator Configuration tab and during AA Server Nodal testing select CoA Simulator on the RADIUS tab. Available in SGW Nodal when WiFi UE Authentication = RADIUS.
  • The AVPs of User Name and NAS IP Address are necessary for Landslide AAA Server to initiate CoA Request.

During AAA Server Nodal and Node testing and SGW Nodal testing, use the checkbox to include support for RADIUS Change of Authorization requests. When the node receives an Access Request, Accounting Request Start, or Accounting Request Stop message, it will send a CoA Request to the SUT of your choice. You can choose the VSAs to include in the requests depending on the type of message received from the NAS with the Applies To checkboxes and choose whether CoA Requests will only be triggered when a message is received from a particular NAS.

Tcl Parameter: RadCoaSimulationEn

Related Measurements

The CoA report tab records the messages exchanged between the AAA node and CoA SUT along with rate and error measurements.

NOTE: To obtain accurate Black Hole measurements, the User-Name AVP must be included in Accounting Request messages received by the node and each MN can have only one accounting session.

CoA Secret

The secret known to both the AAA node and the CoA SUT.

Range: N/A (text or hexadecimal)

Default: secret

Tcl Parameter: RadCoaAuthSecret

CoA Return

Use the dropdown list to determine the timing of the CoA return messages. You can delay the messages if necessary, giving the filtering or policy server adequate time to process the authentication CoA Request prior to the start of accounting.

Options:

  • COA ACK — The Access Accept is sent immediately after a successful authentication.

  • COA NAK — The Access Accept is delayed until either a CoA ACK or CoA NAK is received, or until retries are exhausted.

  • None — The CoA retun is not delayed.

Default: CoA ACK

Tcl Parameter: RadCoARet

Disconnect Simulation

Use the checkbox to include support for RADIUS Disconnect requests. When the node sends a Disconnect Request, the AAA session stops  and tears down the AAA Session immediately.

Enter the following parameters:

  • DAS Secret: The secret known to both the AAA node and the CoA SUT.

  • DAS Key Type: From the dropdown list select the User name, User IP Address, or the Session ID.

NOTES: The Disconnect Simulation feature does not support the following:

  • Multiple NAS authentication/authorization of the same user name or round-robin.
  • When NAS chooses to quit when running in Authentication only mode.

Tcl Parameter: RadDisconnEn

CoA and Disconnect Simulator (AAA Server Node)

  • Send Access Accept message After: Indicates when an Access Accept message response is sent to NAS. Select a value from the dropdown list:
  • Access Request is Received (0)
  • COA ACK is received (1)
  • Access Request plus a delay (2)

Tcl Parameter: RadCoaAcceptWaitType

  • Access Delay Time (s): Enter the number of seconds for the test to wait for before sending the Access Request to NAS. The delay is applied to the first Access Request message and all subsequent Access Request messages.

Range: 5 — 65535

Default: 10

Tcl Parameter: RadCoaAcceptDelayTime

  • CoA Request Delays (s): Enter the number of seconds, used for delaying the CoA Request message from AAA Node when Access Request is received.

Range: 0 — 65535

Default: 0

Tcl Parameter: RadCoaReqDelayTime

  • Authentication Secret: Indicates the shared authentication secret key that is known to both the NAS and the AAA Server.

Tcl Parameter:  RadCoaAuthSecret

  • Retries: The number of times a message is re-transmitted. Enter 0 to disable retries.

Range: 1 - 65535

Default: 5

Tcl Parameter:  RadCoaRetryCount

  • Retry Time (ms): Indicates the amount of time, in milliseconds, the test waits for a response, if a response is expected. When the time expires and the Retries has not been exceeded, the message is re-transmitted.

Range: 1 - 65536

Default: 1000

Tcl Parameter:  RadCoaRetryTime

  • Disconnect Delay (s): Indicates the amount of time, in seconds, before sending a disconnect request. 0 for Disable (default).

Range: 1 - 65536

Default: 0

Tcl Parameter:  RadCoaDisconnectDelayTime

  • Repeat Disconnect : Indicates a periodic "Send Disconnect" request at time interval set by Disconnect Delay. No request sent when Disconnect Delay is set to Zero.

Default: False

Tcl Parameter:  RadCoaDisconnectDelayEn

  • Only Send CoA for Authentication Message From (SUT): Select a different SUT to send Authentication message.

Tcl Parameter:  RadCoaFilterAuthEn

  • Only Send CoA for Accounting Message From (SUT): Select a different SUT to send Accounting message.

Tcl Parameter:  RadCoaFilterAcctEn

 

NAS Port and Session ID Iteration

Set Iteration Limits

Use the Set Iteration Limits to control how the RADIUS client iterates over the RADIUS IDs and source ports.  That is, specify the NAS Port Range, Session ID Range, and IDs per Group such that when the maximum/Stop port number in the range is reached, the Session ID iteration occurs and cycles back to the Start Port Number.

Tcl Parameter: RadNasLimitPortIdFeatEn

Default: False

NAS Port Range

The NAS Port Range allows you to configure the start and end UDP source port range. The number of source ports is used to wrap around and re-use of Port and IDs/Group pairs.

Range: Start: 2000 - 65535; Stop: 65535

Default: Start: 2000; Stop: 65535

Tcl Parameter:

RadNasStartPort

RadNasEndPort

  

Session ID Range

The Session ID Range is a unique identifier that matches start and stop RADIUS session IDS.

Range: Start: 0 - 255; End: 255

Default: Start: 0; End: 255

Tcl Parameter:

RadNasStartIdentifier

RadNasEndIdentifier

 

IDs per Group

Use the IDs per Group to specify the number of IDs to be used with a port before using to the next port.

Range: 1 - 255

Default: 1

Tcl Parameter: RadNasGroupIdentifiers

Example:Example:

For example:

IDs per Group = 3,  NAS Port Range: Start - 2000 and Stop - 2001

  • 2000/0  2000/1  2000/2   2001/0  2001/1  2001/2    2000/3  2000/4   2000/5  

  • 2001/3  2001/4   2001/5

  • 2000/6  2000/7   2000/8  2001/6  2001/7   2001/8    &  2000/253  2000/254  

  • 2000/255  2001/253  2001/254  2001/255  (roll over to beginning)  

  • 2000/0 2000/1  2000/2 &.

Example when port range is 1:Example when port range is 1:

If the port range of 1 (Start and Stop NAS Port is the same), the first messages sent is as follows:

port/0,  port/1,  and port/255 then wraps to port/0 again.  If the response to the first port/0 is not received before sending the second message with port/0, then the results may be invalid and/or confusing.

 

NOTE: When a wrap around (Session Iteration) occurs, if there is no response to the first message, a second request is sent to the same Port/ID pair, which makes the results/reports and measurements invalid.

Prepaid Service

The Prepaid Service provides prepaid billing of services. The feature allows the AAA server to check the Mobile Subscriber's available credit to determine whether to connect the subscriber to a service and how long the connection can last. The subscriber's credit is administered by the billing server as a series of quotas representing either a duration of use (in seconds) or an allowable data volume (in bytes).

  • Prepaid Service: Select the checkbox to allow prepaid service and enter the data volume and duration threshold.

Tcl Parameter: AaaPrepaidSupportEn

  • Volume Credit: Indicates the allotment of data volume provided for the subscriber's prepaid service.
  • Volume Unit: The default volume unit 10. Enter a new volume unit

Tcl Parameter: AaaPrepaidVolumeUnit

  • Volume Threshold: The default threshold is 1. Enter a new volume threshold (in bytes).

Tcl Parameter: AaaPrepaidVolumeThreshold

  • Quota Type: Select the Quota Type which determines the allotment of available credit.

Tcl Parameter: AaaPrepaidQuotaTypeEn

  • Duration Credit: Indicates the allotment of duration (in units of time) provided for the prepaid service.
  • Duration Unit: The default duration unit 10. Enter a new duration unit.

Tcl Parameter: AaaPrepaidDurationUnit

  • Duration Threshold: The default threshold is 1. Enter a new duration threshold (in units of time).

Tcl Parameter: AaaPrepaidDurationThreshold

 

 

^ Back to Top


 

 

Subscription Concealed Identifier

Allows you to configure the SUPI (Subscription Permanent Identifier) - Available when TWIF is enabled on AMF Nodal Test Cnfg.

Starting SUPI

Enter the starting SUPI (Subscription Permanent Identifier). Corresponds to IMSI in earlier generations of networks.

Range: 14 or 15 digits

Default: 310310140000120

Tcl Parameter: RadSupi

Protection Scheme

Select the Protection Scheme.

Option: Null-Scheme, Profile <A>, Profile <B>

Tcl Parameter: RadProtectionScheme

Home Network Public Key Id

Available when Protection Scheme = Profile <A> or Profile <B>. Available in AMF Nodal Test Case.

Range: 0 to 255

Default: 0

Tcl Parameter: RadKhnPubKeyId

Home Network Public Key

Available when Protection Scheme = Profile <A> or Profile <B>. Available in AMF Nodal Test Case.

How to generate Home Network Key pair:

SSH to the Landslide test server or connect to any system that can execute the commands listed below:

For Profile <A>:

  1. openssl genpkey -algorithm x25519 -out x25519.key.pem
  2. openssl pkey -in x25519.key.pem -text
  3. Copy the output of the keys and remove the colons, use the hex public key on the Landslide AMF Nodal in the GUI and use the hex decimal private key on UDM ( or on AMF Node if UDM is emulated on it) in the GUI

For Profile <B> :

  1. openssl ecparam -name prime256v1 -genkey -conv_form compressed > prime256v1key.pem
  2. openssl ec -in prime256v1key.pem -text -noout
  3. Copy the output of the keys and remove the colons, use the hex public key on the Landslide AMF Nodal in the GUI and use the hex decimal private key on UDM ( or on AMF Node if UDM is emulated on it) in the GUI

 

Range: Hex with 0x, at least 1 byte included for instance : 0x00

Default: 0x00

Tcl Parameter: RadKhnPubKey

Home Network Private Key

Available when Protection Scheme = Profile <A> or Profile <B>. Available in AMF Node Test Case.

How to generate Home Network Key pair:

SSH to the Landslide test server or connect to any system that can execute the commands listed below:

For Profile <A>:

  1. openssl genpkey -algorithm x25519 -out x25519.key.pem
  2. openssl pkey -in x25519.key.pem -text
  3. Copy the output of the keys and remove the colons, use the hex public key on the Landslide AMF Nodal in the GUI and use the hex decimal private key on UDM ( or on AMF Node if UDM is emulated on it) in the GUI

For Profile <B> :

  1. openssl ecparam -name prime256v1 -genkey -conv_form compressed > prime256v1key.pem
  2. openssl ec -in prime256v1key.pem -text -noout
  3. Copy the output of the keys and remove the colons, use the hex public key on the Landslide AMF Nodal in the GUI and use the hex decimal private key on UDM ( or on AMF Node if UDM is emulated on it) in the GUI

 

Range: Hex with 0x, at least 1 byte included for instance : 0x00

Default: 0x00

Tcl Parameter: RadKhnPrivKey

Routing Indicator

Enter the Routing Indicator. 

Range : 1 to 9999

Default: 678

Tcl Parameter: RadRoutingInd

MNC Length

Enter the MNC Length. 

Options: 2 or 3

Default: 3

Tcl Parameter: RadMncLength

MSIN ASCII Encoding

Select for MSIN ASCII encodingAvailable when Protection Scheme = Profile <A> or Profile <B>.

Tcl Parameter: RadMsinAsciiEn

DMU Support

Select to enable DMU.

Tcl Parameter: RadAaaMipEnableDMU

MSID

The Mobile Subscriber ID.

Range:  N/A  

Default: msid12345678901

Tcl Parameter: RadAaaMipMsid

Validate MN Authenticator

Select to enable validation of MN Authenticator.

Tcl Parameter: RadAaaMipDmuValidateMnAuth

MN Authenticator

The authenticator that will be sent from the MN to the home AAA server.

Range:  0 — 16777215 (0x0 — 0xFFFFFF)  when Vendor Variant = None or

Range:  0x0 — 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) when Vendor Variant = AuthenticatorExt (Only Hex allowed)

Default: 123456 when Vendor Variant = None or

Default: 0x123456 when Vendor Variant = AuthenticatorExt

Tcl Parameter: RadAaaMipMnAuth

Vendor Variant

Vendor Variant is used to affect the range of MN Authenticator. If AuthenticatorExt is selected, the MN Authenticator field is extended to 16 bytes and only accept Hex number with 0x prefix.

Options:  None (default), AuthenticatorExt

Tcl Parameter: RadAaaDmuVendorVariant

Public Key Organization ID

The decimal value of the identifier of the Public Key Organization (PKO) that issued the public key shared by the MN and the home AAA server. See Table 1 in Verizon Wireless Dynamic Mobile IP Key Update for cdma2000(R) Networks for a list of valid PKOIDs.

Range:  0 — 255  

Default: 10

Tcl Parameter: RadAaaPkoId

Public Key Organization Index

The serial number assigned to the public key by the PKO.

Range:  0 — 255  

Default: 0

Tcl Parameter: RadAaaPkoi

PK Expansion

The serial number assigned for the public key expansion.

Range:  0 — 255  

Default: 0

Tcl Parameter: RadAaaPkExp

Private Key File

Use the drop-down list to select the file that will provision the local peers' private key.

Options: All Certificate files installed on the test server

Default: N/A

Tcl Parameter: RadAaaDmuPrivateKeyFile

 

First Entry

The First Entry indicates a subset of the keys contained in the private key file may be used. This parameter uses a zero-based index to specify the starting key for the set.

Range: N/A

Default: 0

Tcl Parameter: RadAaaDmuFirstCertEntry

Number of Entries

The number of private keys that will be used in the test. If there are more local peers than keys, the keys will be distributed among the peers as evenly as possible.

Range: N/A

Default: 1

Tcl Parameter: RadAaaDmuNumofEntries

File Format

Use the drop-down list to specify the format used in the key and certificate files. RSA format is used for files generated by the test server's CA.

Options: EVP or RSA

Default: RSA

Tcl Parameter: RadAaaDmuFileFormat

 

^ Back to Top