Alcatel-Lucent 7750 Reference Manual page 122
Service router radius attributes
Hide thumbs
Also See for 7750:
- Configuration manual (788 pages) ,
- Quality of service manual (912 pages) ,
- Basic system configuration manual (576 pages)
Table of Contents
Advertisement
IPSEC
Table 38: IPSEC (description) (Continued)
Attribute ID
Attribute Name
26-6527-62
Alc-IPsec-Interface
26-6527-63
Alc-IPsec-Tunnel-
Template-Id
26-6527-64
Alc-IPsec-SA-Lifetime
26-6527-65
Alc-IPsec-SA-PFS-
Group
26-6527-66
Alc-IPsec-SA-Encr-
Algorithm
26-6527-67
Alc-IPsec-SA-Auth-
Algorithm
26-6527-68
Alc-IPsec-SA-Replay-
Window
Page 122
Private IPSec interface name, used by IKEv1/v2 remote-access tunnel, refers
to a preconfigured private ipsec interface the IPSec tunnel terminates
(config>service>vprn>interface <int-name> tunnel). A default private
interface is used when this attribute is omitted
(config>service>ies>if>sap>ipsec-gw>default-secure-service <service-id>
interface <ip-int-name>); the maximum length is 32 bytes; if the returned
interface doesn't exist/exceed the maximum length or exists but is not a
private ipsec interface, the tunnel setup will fail.
IPSec tunnel-template id, used by IKEv1/v2 remote-access tunnel, refers to a
preconfigured ipsec tunnel-template (configure ipsec tunnel-template <ipsec
template identifier>). A default tunnel-template is used when this attribute is
omitted (configure service vprn interface sap ipsec-gw default-tunnel-
template <template-id>). If the returned template does not exist or exceeds
the limits, the tunnel setup will fail.
IPSec phase2 SA lifetime in seconds, used by IKEv1/v2 remote-access tunnel.
A pre-configured value is used when this attribute is omitted (configure ipsec
ike-policy ipsec-lifetime <ipsec-lifetime>). Values outside the Limits are
treated as a tunnel setup failure.
IPSec PFS group id, used by IKEv1/v2 remote-access tunnel. The PFS group
in ike-policy is used when this attribute is omitted (configure ipsec ike-policy
1 pfs dh-group <grp-id>); if the returned value is not one of the allowed
value, the tunnel setup will fail.
IPSec phase2 SA Encryption Algorithm, used by IKEv1/v2 remote-access
tunnel. The esp-encryption-algorithm in ipsec-transform is used when this
attribute is omitted (configure ipsec ipsec-transform esp-encryption-
algorithm <algo>). This attribute must be used along with Alc-IPsec-SA-
Auth-Algorithm, otherwise tunnel setup will fail. Values different then the
Limits are treated as a setup failure.
IPSec phase2 SA Authentication Algorithm, used by IKEv1/v2 remote-access
tunnel. The esp-auth-algorithm in ipsec-transform is used when this attribute
is omitted (configure ipsec ipsec-transform esp-auth-algorithm <algo>).
Values different than the Limits are treated as a tunnel setup failure. This
attribute must be used along with Alc-IPsec-SA-Encr-Algorithm, otherwise
tunnel setup will fail.
IPSec anti-replay window size, used by IKEv1/v2 remote-access tunnel. The
replay-window size in tunnel-template is used when this attribute is omitted
(configure ipsec tunnel-template replay-window <size>). Values different
than the Limits are treated as a tunnel setup failure
7750 SR RADIUS Attributes Reference Guide
Description
Advertisement
Table of Contents
