When RADIUS or DIAMETER authentication is required to return the MSAP parameters without prior local user database authentication, then the authentication policy should be configured at the capture SAP context. In a Bridged CO model, the authentication policy specified in the capture SAP is also used for the MSAP in the VPLS service. In a Routed CO model, the same authentication policy must also be configured at the group-interface context. For example:
config>service>vpls>sap# authentication-policy <auth-policy-name>
config>service>ies>sub-if>grp-if# authentication-policy <auth-policy-name>
or
config>service>vpls>sap# diameter-auth-policy <auth-policy-name>
config>service>ies>sub-if>grp-if# diameter-auth-policy <auth-policy-name>
The MSAP is not created if the group interface name returned from RADIUS or DIAMETER has a different authentication policy than the authentication policy configured at the capture SAP.
Table: RADIUS attributes/DIAMETER AVPs for MSAP parameters lists the RADIUS attributes (VSAs) and DIAMETER AVPs required to obtain MSAP parameters in the authentication phase.
| Attribute name | Type | Purpose and format |
|---|---|---|
Alc-MSAP-Serv-Id [26-6527-31] |
Integer |
The service ID of the service context in which the MSAP is created. |
Alc-MSAP-Policy [26-6527-32] |
String |
The name of the policy that defines the MSAP parameters. |
Alc-MSAP-Interface [26-6527-33] |
String |
The name of the group interface context in which the MSAP is created. |
|
Alc-MSAP-Serv-Name [241.26.6527.90] |
String |
(RADIUS only) The service name of the service context in which the MSAP is created. Alc-MSAP-Serv-Id takes precedence over Alc-MSAP-Serv-Name if both are specified. |