pem protocol profile radius

pem protocol profile radius(1)				BIG-IP TMSH Manual			    pem protocol profile radius(1)

NAME
       radius - Configures a RADIUS protocol profile in Policy Enforcement Manager (PEM).

MODULE
       pem protocol profile

SYNTAX
       Configure the radius component within the pem protocol profile module using the syntax shown in the following sections.

   CP/CREATE/EDIT/MODIFY
	cp radius [source_name] [destination_name]
	create radius [name]
	modify radius [name]
	  options:
	    app-service [[string] | none]
	    description [string]
	    messages [add | delete | modify | replace-all-with] {
	      [ [message-name] ] {
		options:
		  direction [any | in | out]
		  message-type [acct-req-start | acct-req-stop | acct-req-interim-update]
		  avps [add | delete | modify | replace-all-with] {
		    [ [avp-name] ] {
		      options:
			default [string]
			ingress-op [ import | none]
			radius-avp [ [radius_avp_name] | none]
			subscriber-attr [ [subscriber_attribute_name] | none]
		    }
		  }
	      }
	    }
	    subscriber-id [add | delete | modify | replace-all-with] {
	      [ [id-name] ] {
		options:
		  order [integer]
		  prefix [[string] | none]
		  radius-avp [[radius_avp_name] | none]
		  suffix [[string] | none]
	      }
	    }
	    subscriber-id-type [e164 | imsi | nai | private]

	edit radius [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list radius
	list radius [ [ [name] | [glob] | [regex] ] ... ]
	show running-config radius
	show running-config radius [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete radius [name]

       Note: You must remove all references to a pem protocol profile radius before you can delete it.

DESCRIPTION
       You can use the radius component to configure pem protocol profile radius definitions in Policy Enforcement Manager.

EXAMPLES
       create cust_acct_start messages add { my_acct_start { direction in message-type acct-req-start avps add { avp1 {
       subscriber-attr _sys_attr_3gpp_imeisv radius-avp _sys_radius_3gpp_imeisv ingress-op import } } } }

       Creates a custom PEM RADIUS protocol profile cust_acct_start and add a message to define how the RADIUS message can be
       processed. The message is defined as RADIUS accounting on the ingress direction. The mapping action ingress-op is to
       extract RADIUS AVP defined in _sys_radius_3gpp_imeisv and store the value into subscriber attribute _sys_attr_3gpp_imeisv.

       delete radius cust_acct_start

       Deletes the PEM RADIUS protocol profile named cust_acct_start.

       list radius cust_acct_start

       Displays the properties of the PEM RADIUS protocol profile named cust_acct_start.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
	    strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
	    object. Only the application service can modify or delete the object.

       description
	    User defined description.

       messages
	    Adds, deletes, or replaces a set of messages which specify mapping of RADIUS AVPs to subscriber session attributes for
	    specific Gx message. If a message by the specified name does not exist, it will be created. You can configure the
	    following options for a message:

	    app-service
		 Specifies the name of the application service to which the message belongs. The default value is none. Note: If
		 the strict-updates option is enabled on the application service that owns the object, you cannot modify or delete
		 the message. Only the application service can modify or delete the message.

	    direction
		 Specifies the direction of the message.

		 The options are:

		 any  PEM will process the message in both ingress and egress directions.

		 in   PEM will process the message in ingress direction.

		 out  PEM will process the message in egress direction.

	    message-type
		 Specifies the type of the message.

		 The options are:

		 acct-req-start
		      The message is RADIUS accounting with the value of Acct-Status-Type AVP set to 1 (Start).

		 acct-req-stop
		      The message is RADIUS accounting with the value of Acct-Status-Type AVP set to 2 (Stop).

		 acct-req-interim-update
		      The message is RADIUS accounting with the value of Acct-Status-Type AVp set to 3 (Interim-Update).

	    avps Adds, deletes, or replaces a set of mapping between RADIUS AVPs and PEM subscriber attributes. You can configure
		 the following options.

		 app-service
		      Specifies the name of the application service to which the avp belongs. The default value is none. Note: If
		      the strict-updates option is enabled on the application service that owns the object, you cannot modify or
		      delete the message. Only the application service can modify or delete the avp.

		 default
		      Specifies the RADIUS AVP default value. When inserting the AVP, the default value is used if the
		      corresponding subscriber session attribute is not defined or is not present.

		 ingress-op
		      Specifies the ingress operation applied when processing the RADIUS AVP. The default value is none.

		      The options are:

		      import
			   Specifies that the RADIUS AVP will be parsed and the value will be stored in the subscriber attribute.

		      none Specifies that there is no ingress operation applied to the RADIUS AVP.

		 radius-avp
		      Specifies the name of the RADIUS AVP. The default value is none.

		 subscriber-attr
		      Specifies the name of the subscriber session attribute to be mapped to RADIUS AVP. The default value is
		      none.

       name Specifies a unique name for the component. This option is required for the commands create, delete, and modify.

       subscriber-id
	    Adds, deletes, or replaces a set of RADIUS AVPs to form PEM subscriber ID. You can configure the following options:

	    order
		 Specifies the order of RADIUS AVPs when constructing the subscriber ID.

	    prefix
		 Specifies the prefix string when constructing subscriber ID with the value of the RADIUS AVP.

	    radius-avp
		 Specifies the value of RADIUS AVP which will be used to construct the subscriber ID.

	    suffix
		 Specifies the suffix string when constructing subscriber ID with the value of the RADIUS AVP.

       subscriber-id-type
	    Specifies the subscriber ID type session attribute value for the session created.

	    The options are:

	    e164 A numbering plan that defines the format of an MSISDN international phone number (up to 15 digits). The number
		 typically consists of three fields: country code, national destination code, and subscriber number.

	    imsi International Mobile Subscriber Identity. A globally unique code number that identifies a GSM, UMTS, or LTE
		 mobile phone user.

	    nai  Network Access Identifier. A fully qualified network name in the form @; identifies a subscriber and
		 the home network to which the subscriber belongs.

	    private
		 The subscriber id type is private for the given deployment.

SEE ALSO
       create, delete, edit, glob, list, modify, pem protocol profile gx, pem protocol diameter-avp, pem protocol gx-avp, pem
       subscriber-attribute, regex, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2013-2016. All rights reserved.

BIG-IP							    2016-03-14				    pem protocol profile radius(1)