pem protocol profile radius

pem protocol profile radius(1)			  BIG-IP TMSH Manual		       pem protocol profile radius(1)

NAME
       radius - Configures a RADIUS protocol profile in Policy Enforcement Manager (PEM).

MODULE
       pem protocol profile

SYNTAX
       Configure the radius component within the pem protocol profile module using the syntax shown in the following
       sections.

   CP/CREATE/EDIT/MODIFY
	cp radius [source_name] [destination_name]
	create radius [name]
	modify radius [name]
	  options:
	    app-service [[string] | none]
	    description [string]
	    messages [add | delete | modify | replace-all-with] {
	      [ [message-name] ] {
		options:
		  direction [any | in | out]
		  message-type [acct-req-start | acct-req-stop | acct-req-interim-update]
		  avps [add | delete | modify | replace-all-with] {
		    [ [avp-name] ] {
		      options:
			default [string]
			ingress-op [ import | none]
			radius-avp [ [radius_avp_name] | none]
			subscriber-attr [ [subscriber_attribute_name] | none]
		    }
		  }
	      }
	    }
	    subscriber-id [add | delete | modify | replace-all-with] {
	      [ [id-name] ] {
		options:
		  order [integer]
		  prefix [[string] | none]
		  radius-avp [[radius_avp_name] | none]
		  suffix [[string] | none]
	      }
	    }
	    subscriber-id-type [e164 | imsi | nai | private]

	edit radius [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list radius
	list radius [ [ [name] | [glob] | [regex] ] ... ]
	show running-config radius
	show running-config radius [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete radius [name]

       Note: You must remove all references to a pem protocol profile radius before you can delete it.

DESCRIPTION
       You can use the radius component to configure pem protocol profile radius definitions in Policy Enforcement
       Manager.

EXAMPLES
       create cust_acct_start messages add { my_acct_start { direction in message-type acct-req-start avps add { avp1
       { subscriber-attr _sys_attr_3gpp_imeisv radius-avp _sys_radius_3gpp_imeisv ingress-op import } } } }

       Creates a custom PEM RADIUS protocol profile cust_acct_start and add a message to define how the RADIUS
       message can be processed. The message is defined as RADIUS accounting on the ingress direction. The mapping
       action ingress-op is to extract RADIUS AVP defined in _sys_radius_3gpp_imeisv and store the value into
       subscriber attribute _sys_attr_3gpp_imeisv.

       delete radius cust_acct_start

       Deletes the PEM RADIUS protocol profile named cust_acct_start.

       list radius cust_acct_start

       Displays the properties of the PEM RADIUS protocol profile named cust_acct_start.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none.
	    Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
	    modify or delete the object. Only the application service can modify or delete the object.

       description
	    User defined description.

       messages
	    Adds, deletes, or replaces a set of messages which specify mapping of RADIUS AVPs to subscriber session
	    attributes for specific Gx message. If a message by the specified name does not exist, it will be
	    created. You can configure the following options for a message:

	    app-service
		 Specifies the name of the application service to which the message belongs. The default value is
		 none. Note: If the strict-updates option is enabled on the application service that owns the object,
		 you cannot modify or delete the message. Only the application service can modify or delete the
		 message.

	    direction
		 Specifies the direction of the message.

		 The options are:

		 any  PEM will process the message in both ingress and egress directions.

		 in   PEM will process the message in ingress direction.

		 out  PEM will process the message in egress direction.

	    message-type
		 Specifies the type of the message.

		 The options are:

		 acct-req-start
		      The message is RADIUS accounting with the value of Acct-Status-Type AVP set to 1 (Start).

		 acct-req-stop
		      The message is RADIUS accounting with the value of Acct-Status-Type AVP set to 2 (Stop).

		 acct-req-interim-update
		      The message is RADIUS accounting with the value of Acct-Status-Type AVp set to 3 (Interim-
		      Update).

	    avps Adds, deletes, or replaces a set of mapping between RADIUS AVPs and PEM subscriber attributes. You
		 can configure the following options.

		 app-service
		      Specifies the name of the application service to which the avp belongs. The default value is
		      none. Note: If the strict-updates option is enabled on the application service that owns the
		      object, you cannot modify or delete the message. Only the application service can modify or
		      delete the avp.

		 default
		      Specifies the RADIUS AVP default value. When inserting the AVP, the default value is used if
		      the corresponding subscriber session attribute is not defined or is not present.

		 ingress-op
		      Specifies the ingress operation applied when processing the RADIUS AVP. The default value is
		      none.

		      The options are:

		      import
			   Specifies that the RADIUS AVP will be parsed and the value will be stored in the
			   subscriber attribute.

		      none Specifies that there is no ingress operation applied to the RADIUS AVP.

		 radius-avp
		      Specifies the name of the RADIUS AVP. The default value is none.

		 subscriber-attr
		      Specifies the name of the subscriber session attribute to be mapped to RADIUS AVP. The default
		      value is none.

       name Specifies a unique name for the component. This option is required for the commands create, delete, and
	    modify.

       subscriber-id
	    Adds, deletes, or replaces a set of RADIUS AVPs to form PEM subscriber ID. You can configure the
	    following options:

	    order
		 Specifies the order of RADIUS AVPs when constructing the subscriber ID.

	    prefix
		 Specifies the prefix string when constructing subscriber ID with the value of the RADIUS AVP.

	    radius-avp
		 Specifies the value of RADIUS AVP which will be used to construct the subscriber ID.

	    suffix
		 Specifies the suffix string when constructing subscriber ID with the value of the RADIUS AVP.

       subscriber-id-type
	    Specifies the subscriber ID type session attribute value for the session created.

	    The options are:

	    e164 A numbering plan that defines the format of an MSISDN international phone number (up to 15 digits).
		 The number typically consists of three fields: country code, national destination code, and
		 subscriber number.

	    imsi International Mobile Subscriber Identity. A globally unique code number that identifies a GSM, UMTS,
		 or LTE mobile phone user.

	    nai  Network Access Identifier. A fully qualified network name in the form @; identifies a
		 subscriber and the home network to which the subscriber belongs.

	    private
		 The subscriber id type is private for the given deployment.

SEE ALSO
       create, delete, edit, glob, list, modify, pem protocol profile gx, pem protocol diameter-avp, pem protocol gx-
       avp, pem subscriber-attribute, regex, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2013-2016. All rights reserved.

BIG-IP						      2016-03-14		       pem protocol profile radius(1)