Radius Accounting - Cisco ASR 5000 series Product Overview

Packet Data Interworking Function Overview
manager instance.
number of cookie flows, the number of cookie flow packets, and the total number of cookie errors.
output for
Notify Received, Cookie Notify Match, Cookie Notify NOT Match, and Invalid Notify Payload Cookie.
MAC Address Validation
The MS embeds the MAC address from the WiFi AP in the NAI when it sends an IKEv2 AUTH request. If MAC
address validation is enabled on the PDIF, it sends a Diameter User-Data-Request (UDR) message to the HSS with the
NAI from the MS. The HSS returns a User-Data-Answer (UDA) message to the PDIF containing a list of authorized
MAC addresses.
If the PDIF finds the MAC address in this list, the MAC address validation succeeds, and the PDIF continues with the
IKEv2 call. The MS starts EAP authentication through IKEv2 AUTH procedures. If configured to do so, the PDIF
removes the MAC address from the NAI when sending authentication requests to external RADIUS servers. If the
embedded MAC address is not removed, the authentication check fails, because the AAA server cannot accommodate
embedded MAC addresses.
If the MAC address is not in the list, the MAC address authorization fails, and the IKEv2 session is terminated with a
Notify Message Type 16382 - Private User Errors message.
If the HSS interface is not reachable, it is possible that the IKEv2 session setup could continue as if the MAC
authorization had succeeded. However, such error behaviors, including various Diameter error codes from the HSS, are
configuration options. That means if an HSS returns an error, the action could be either to continue or to terminate the
session. This is discussed in Diameter Failure Handling.
Important:

RADIUS Accounting

RADIUS Accounting messages are not generated while mobile IP setup is in progress.
A RADIUS accounting START message is generated when the session is established.
RADIUS INTERIM accounting messages are generated at configured intervals in a call.
A RADIUS STOP accounting message is sent to the AAA server when the call ends.
OL-22938-02
: Shows the combined data statistics for the given context name. Includes the
See also Diameter Authentication Failure-Handling in the Command Line Interface Reference.
: Shows the total number of invalid cookies per
: Shows NPU statistics on each IPSec manager.
: Shows the control statistics for a given context name. Includes the
plus Total IKEv2 Cookie Statistics, Cookie Notify Sent, Cookie
Features and Functionality - Base Software ▀
Cisco ASR 5000 Series Product Overview ▄