fD-testbed: conf/opendiam.eap.testbed.aaa/opendiameter/nasd/config/nasd.xml annotate

author	Sebastien Decugis <sdecugis@nict.go.jp>
date	Thu, 17 Jun 2010 11:00:32 +0900
parents
children

rev	line source
0 9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	1 <?xml version="1.0" encoding="UTF-8"?>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	2 <!DOCTYPE call_management SYSTEM "nasd.dtd">
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	3 <call_management>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	4
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	5 <!-- Thread count that should be started for
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	6 the open diameter framework -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	7 <thread_count>5</thread_count>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	8
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	9 <!-- The nasd deamon supports the NAS model
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	10 described in RFC2881 -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	11
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	12 <!-- Call management section contains a list of
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	13 all the available access technology that
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	14 this deamon supports. Each access protocols
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	15 will have thier own specific configuration
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	16 entries. Currently supported access protocols
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	17 are:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	18 1. PANA: call entry name is "pana"
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	19 Future access protocols to be supported are:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	20 1. 802.1X: call entry name is "8021X"
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	21 -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	22 <access_protocols>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	23
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	24 <access_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	25 <name>pana</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	26 <enabled>true</enabled>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	27 <pana>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	28 <!-- protocol specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	29 <cfg_file>/etc/opendiameter/nas/config/nasd_pana_paa.xml</cfg_file>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	30 <ep_script>/etc/opendiameter/nas/scripts/script_pana_paa_ep.sh</ep_script>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	31 <dhcp_bootstrap>true</dhcp_bootstrap>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	32 </pana>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	33 </access_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	34
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	35 <access_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	36 <name>eap_8021X</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	37 <enabled>false</enabled>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	38 <eap_8021X>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	39 </eap_8021X>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	40 </access_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	41
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	42 </access_protocols>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	43
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	44 <!-- Call management section contains a list
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	45 of all available AAA technology supported
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	46 by this deamon. Each protocol has thier
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	47 own specific configuration information.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	48 Currently supported access protocols
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	49 are:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	50 1. Standalone EAP auth: protocol name is
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	51 "standalone-eap". This is for localized
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	52 authentication only and generally should
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	53 not be used. This uses a pre-shared key
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	54 for ALL eap access.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	55 2. Diameter EAP: protocol name is "diameter-eap".
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	56 Uses diameter eap for backend authorization
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	57 and authentication. This is compliant with
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	58 draft-ietf-aaa-eap-10.txt.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	59 Future protocol support are:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	60 1. RADIUS: Uses EAP radius
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	61 -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	62 <aaa_protocols>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	63 <aaa_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	64 <name>local_eap_auth</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	65 <enabled>true</enabled>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	66 <!-- protocol specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	67 <local_eap_auth>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	68 <shared_secret_file>/etc/opendiameter/nas/config/nasd_eap_shared_secret.bin</shared_secret_file>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	69 <identity>user1@isp.net</identity>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	70 </local_eap_auth>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	71 </aaa_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	72 <aaa_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	73 <name>diameter_eap</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	74 <enabled>false</enabled>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	75 <diameter_eap>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	76 <!-- protocol specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	77 <diameter_cfg_file>/etc/opendiameter/nas/config/nasd_diameter_eap.xml</diameter_cfg_file>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	78 </diameter_eap>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	79 </aaa_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	80 </aaa_protocols>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	81
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	82 <!-- Call management section contains a list
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	83 of policies that can be applied to a call.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	84 A policy dictates whether the call should
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	85 continue or not. They can also be used to
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	86 perform specific functions. These policies
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	87 are applied to each call attempt while
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	88 they perform very specific functions such
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	89 as network filtering, auditing, qos ... etc.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	90 Currently supported policy are:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	91 1. Scripts: policy name is "script".
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	92 This policy simply invokes a local
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	93 system script. This policy will
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	94 always allow the call to attempt
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	95 completion.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	96 Future supported policy are:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	97 1. Accounting
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	98 2. QoS
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	99 3. EP-filter
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	100 -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	101
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	102 <access_policies>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	103 <policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	104 <name>script</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	105 <!-- policy specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	106 <script>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	107 <file>/etc/opendiameter/nas/scripts/script_policy</file>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	108 </script>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	109 </policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	110 <policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	111 <name>ep-filter</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	112 <!-- policy specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	113 </policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	114 <policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	115 <name>qos</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	116 <!-- policy specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	117 </policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	118 <policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	119 <name>accounting</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	120 <!-- policy specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	121 </policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	122 <policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	123 <name>bridging</name>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	124 <!-- policy specific configuration entry -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	125 </policy_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	126 </access_policies>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	127
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	128 <!-- Call management section also contains a
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	129 simple routing rule set. This routing rule
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	130 works as follows. Each call is identified an
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	131 NAI (RFC2486). The route table lists a set
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	132 of NAI that may match the call's NAI. If a
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	133 match is made, the access policies is applied
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	134 to that call. If the access policy succeeds
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	135 then the call can proceed. If not the call
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	136 is dropped. The routing entry also specifies
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	137 the aaa protocol to be used if the call is
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	138 allowed to proceed. A default route is also
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	139 used as a catch all entry. Note that NAI
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	140 matching is done using the following rules:
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	141 1. Full NAI text takes precedence. i.e.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	142 if an entry has user@domain.com then
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	143 this is tested first. If succeeding
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	144 entries has domain.com then that
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	145 will be tested next.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	146 2. Domain only test. An entry can contain
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	147 only the domain name of the NAI and
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	148 can be used to apply policy for all
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	149 users in that domain.
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	150 -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	151 <call_routing>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	152 <call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	153 <!-- route entry is specific to user1@isp.net -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	154 <nai>user1@isp.net</nai>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	155 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	156 <access_policy>ep-filter</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	157 <access_policy>accouting</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	158 <aaa_protocol>local_eap_auth</aaa_protocol>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	159 </call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	160 <call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	161 <!-- route entry is specific to local_nas@opendiameter.org -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	162 <nai>local_nas@opendiameter.org</nai>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	163 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	164 <access_policy>ep-filter</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	165 <access_policy>accouting</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	166 <aaa_protocol>local_eap_auth</aaa_protocol>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	167 </call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	168 <call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	169 <nai>isp1.net</nai>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	170 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	171 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	172 <aaa_protocol>local_eap_auth</aaa_protocol>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	173 </call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	174 <call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	175 <nai>isp.net</nai>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	176 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	177 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	178 <aaa_protocol>diameter_eap</aaa_protocol>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	179 </call_route_entry>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	180 <call_route_default>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	181 <!-- this will catch all nai not listed above -->
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	182 <access_policy>script</access_policy>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	183 <aaa_protocol>diameter_eap</aaa_protocol>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	184 </call_route_default>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	185 </call_routing>
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	186
9e5a3c884de6 Initial import of the virtual testbed. Sebastien Decugis <sdecugis@nict.go.jp> parents: diff changeset	187 </call_management>

0

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

1 <?xml version="1.0" encoding="UTF-8"?>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

2 <!DOCTYPE call_management SYSTEM "nasd.dtd">

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

3 <call_management>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

4

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

5 <!-- Thread count that should be started for

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

6 the open diameter framework -->

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

7 <thread_count>5</thread_count>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

8

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

9 <!-- The nasd deamon supports the NAS model

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

10 described in RFC2881 -->

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

11

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

12 <!-- Call management section contains a list of

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

13 all the available access technology that

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

14 this deamon supports. Each access protocols

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

15 will have thier own specific configuration

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

16 entries. Currently supported access protocols

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

17 are:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

18 1. PANA: call entry name is "pana"

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

19 Future access protocols to be supported are:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

20 1. 802.1X: call entry name is "8021X"

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

21 -->

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

22 <access_protocols>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

23

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

24 <access_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

25 <name>pana</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

26 <enabled>true</enabled>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

27 <pana>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

28

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

29 <cfg_file>/etc/opendiameter/nas/config/nasd_pana_paa.xml</cfg_file>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

30 <ep_script>/etc/opendiameter/nas/scripts/script_pana_paa_ep.sh</ep_script>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

31 <dhcp_bootstrap>true</dhcp_bootstrap>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

32 </pana>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

33 </access_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

34

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

35 <access_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

36 <name>eap_8021X</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

37 <enabled>false</enabled>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

38 <eap_8021X>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

39 </eap_8021X>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

40 </access_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

41

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

42 </access_protocols>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

43

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

44 <!-- Call management section contains a list

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

45 of all available AAA technology supported

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

46 by this deamon. Each protocol has thier

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

47 own specific configuration information.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

48 Currently supported access protocols

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

49 are:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

50 1. Standalone EAP auth: protocol name is

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

51 "standalone-eap". This is for localized

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

52 authentication only and generally should

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

53 not be used. This uses a pre-shared key

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

54 for ALL eap access.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

55 2. Diameter EAP: protocol name is "diameter-eap".

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

56 Uses diameter eap for backend authorization

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

57 and authentication. This is compliant with

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

58 draft-ietf-aaa-eap-10.txt.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

59 Future protocol support are:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

60 1. RADIUS: Uses EAP radius

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

61 -->

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

62 <aaa_protocols>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

63 <aaa_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

64 <name>local_eap_auth</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

65 <enabled>true</enabled>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

66

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

67 <local_eap_auth>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

68 <shared_secret_file>/etc/opendiameter/nas/config/nasd_eap_shared_secret.bin</shared_secret_file>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

69 <identity>user1@isp.net</identity>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

70 </local_eap_auth>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

71 </aaa_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

72 <aaa_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

73 <name>diameter_eap</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

74 <enabled>false</enabled>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

75 <diameter_eap>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

76

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

77 <diameter_cfg_file>/etc/opendiameter/nas/config/nasd_diameter_eap.xml</diameter_cfg_file>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

78 </diameter_eap>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

79 </aaa_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

80 </aaa_protocols>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

81

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

82 <!-- Call management section contains a list

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

83 of policies that can be applied to a call.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

84 A policy dictates whether the call should

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

85 continue or not. They can also be used to

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

86 perform specific functions. These policies

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

87 are applied to each call attempt while

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

88 they perform very specific functions such

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

89 as network filtering, auditing, qos ... etc.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

90 Currently supported policy are:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

91 1. Scripts: policy name is "script".

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

92 This policy simply invokes a local

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

93 system script. This policy will

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

94 always allow the call to attempt

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

95 completion.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

96 Future supported policy are:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

97 1. Accounting

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

98 2. QoS

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

99 3. EP-filter

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

100 -->

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

101

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

102 <access_policies>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

103 <policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

104 <name>script</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

105

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

106 <script>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

107 <file>/etc/opendiameter/nas/scripts/script_policy</file>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

108 </script>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

109 </policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

110 <policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

111 <name>ep-filter</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

112

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

113 </policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

114 <policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

115 <name>qos</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

116

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

117 </policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

118 <policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

119 <name>accounting</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

120

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

121 </policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

122 <policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

123 <name>bridging</name>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

124

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

125 </policy_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

126 </access_policies>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

127

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

128 <!-- Call management section also contains a

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

129 simple routing rule set. This routing rule

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

130 works as follows. Each call is identified an

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

131 NAI (RFC2486). The route table lists a set

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

132 of NAI that may match the call's NAI. If a

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

133 match is made, the access policies is applied

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

134 to that call. If the access policy succeeds

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

135 then the call can proceed. If not the call

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

136 is dropped. The routing entry also specifies

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

137 the aaa protocol to be used if the call is

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

138 allowed to proceed. A default route is also

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

139 used as a catch all entry. Note that NAI

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

140 matching is done using the following rules:

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

141 1. Full NAI text takes precedence. i.e.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

142 if an entry has user@domain.com then

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

143 this is tested first. If succeeding

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

144 entries has domain.com then that

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

145 will be tested next.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

146 2. Domain only test. An entry can contain

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

147 only the domain name of the NAI and

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

148 can be used to apply policy for all

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

149 users in that domain.

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

150 -->

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

151 <call_routing>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

152 <call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

153

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

154 <nai>user1@isp.net</nai>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

155 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

156 <access_policy>ep-filter</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

157 <access_policy>accouting</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

158 <aaa_protocol>local_eap_auth</aaa_protocol>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

159 </call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

160 <call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

161

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

162 <nai>local_nas@opendiameter.org</nai>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

163 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

164 <access_policy>ep-filter</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

165 <access_policy>accouting</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

166 <aaa_protocol>local_eap_auth</aaa_protocol>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

167 </call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

168 <call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

169 <nai>isp1.net</nai>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

170 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

171 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

172 <aaa_protocol>local_eap_auth</aaa_protocol>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

173 </call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

174 <call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

175 <nai>isp.net</nai>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

176 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

177 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

178 <aaa_protocol>diameter_eap</aaa_protocol>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

179 </call_route_entry>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

180 <call_route_default>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

181

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

182 <access_policy>script</access_policy>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

183 <aaa_protocol>diameter_eap</aaa_protocol>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

184 </call_route_default>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

185 </call_routing>

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

186

9e5a3c884de6 Initial import of the virtual testbed.

Sebastien Decugis <sdecugis@nict.go.jp>

parents:

diff changeset

187 </call_management>

Mercurial > hg > fD-testbed

annotate conf/opendiam.eap.testbed.aaa/opendiameter/nasd/config/nasd.xml @ 0:9e5a3c884de6