Server properties are normally stored in the file 'server_properties' and Client properties are normally stored in the file 'client_properties'. On many properties, there exists an override relationship between identically named properties, with the client property winning.
Property Type Default Check-Authenticators One of a list of Values Auto Check-Duplicates Yes or No TRUE Auto-CheckItem Yes or No FALSE Auto-CheckPassword Yes or No FALSE Auto-CheckLeftovers Yes or No FALSE Auto-CheckMinSessionTimeout Yes or No FALSE Radius-Remove-Trailing-Nul Yes or No TRUE Radius-Append-Trailing-Nul Yes or No FALSE Auto-Remove-Check-Items Yes or No TRUE Reveal-Hidden-Attributes Yes or No FALSE Strict-Encode-Attributes Yes or No FALSE Session-Time-From-Time-Of-Day Yes or No FALSE Delimiter-Precedence Text @ Suffix-Delimiters Text @ Nas-Port-Normalization Dictionary Attribute List off Client-Dictionary Dictionary Codec #default Client-Timeout Duration with default timeunit of Milliseconds 10s Background-Timeout Duration with default timeunit of Milliseconds 5m Radius-Packetsize-Max Whole number 1..65536 4096 Radius-Recv-Buffer-Size Whole number 1..2147483647 262144 Radius-Send-Buffer-Size Whole number 1..2147483647 262144 Radius-Traffic-Class Whole number 0..255 Radius-Recv-Error-Ratio Text 0.0 Radius-Send-Error-Ratio Text 0.0 Radius-Response-Cache Yes or No TRUE Radius-Response-Cache-Timeout Duration with default timeunit of Seconds 60s Engine-Method-Limit Whole number 1..1000 100 Engine-Queue-Limit Whole number 0..10000 0 Radius-Acct-Address Multiple Network Addresses in Address:Port format *:1813 Radius-Auth-Address Multiple Network Addresses in Address:Port format *:1812 Radius-Dynamic-Auth-Address Multiple Network Addresses in Address:Port format *:3799 Radius-Receiver-Threads Whole number 1..50 1 Radius-Telnetd-Address Network Address in Address:Port format 127.0.0.1:9023 Radius-Httpd-Address Network Address in Address:Port format *:9080 Radius-Httpsd-Address Network Address in Address:Port format *:9443 Registry-Port Whole number 0..2147483647 9099 SSLRegistry-Port Whole number 0..2147483647 9100 Database-Address Network Address in Address:Port format 0 Database-Shutdown One of a list of Values NORMAL Database-LogSize Whole number 0..200 200 Derby-Address Network Address in Address:Port format *:1527 Derby-Severity One of a list of Values Warning Derby-LogLevel Log Level Value Debug Derby-Trace Yes or No FALSE Derby-SystemHome Text derby Radius-Httpd-RootDir Text ../html Minimum-Session-Timeout Duration with default timeunit of Seconds 0s Radius-CharSet Character Set 8859_1 Cache-DataFile Text Lawful-Intercept-Admin-Address Network Address in Address:Port format 0 Local-Address One of a list of Values * Provision-Enabled Yes or No TRUE Provision-JdbcDriver Text org.apache.derby.jdbc.ClientDriver Provision-JdbcUrl Text jdbc:derby://localhost:1527/provision Diameter-Address Network Address in Address:Port format *:3868 Origin-Host Multiple Lines of Text Origin-Realm Text unconfigured Peer-Socket-Timeout Duration with default timeunit of Seconds 15s Device-Watchdog-Rate Duration with default timeunit of Seconds 30s Peer-Idle-Timeout Duration with default timeunit of Seconds 5m Outstanding-Diameter-Request-Lifetime Duration with default timeunit of Seconds 1m Min-Accepted-Redirect-Cache-Time Duration with default timeunit of Seconds 10s Default-Advertised-Redirect-Cache-Time Duration with default timeunit of Seconds 5m Peer-Idle-Holdoff Duration with default timeunit of Seconds 20s Max-Redirect-Traversal-Depth Whole number 1..4294967295 10 Diameter-Max-Route-Attempts Whole number 1..4294967295 20 Diameter-Less-Specific-Route-Fallback Yes or No TRUE Diameter-Use-Session-Id-For-State Yes or No FALSE TLS Yes or No FALSE SCTP Yes or No FALSE SctpAgent-Diameter-Address Network Address in Address:Port format *:3868 SctpAgent-Inbound-Address Network Address in Address:Port format 127.0.0.1:9869 SctpAgent-Outbound-Address Network Address in Address:Port format 127.0.0.1:9868 SCTP-Input-Streams Unsigned short (16 bits) 0..65535 10 SCTP-Output-Streams Unsigned short (16 bits) 0..65535 10 Secure-HAUSS Yes or No FALSE Server-Certificate-File Text server.pem Trusted-Certificates-File Text trusted.pem Log-Auth-Accept-Pattern Text ${request.user-name} login ok Log-Auth-Reject-Pattern Text ${request.user-name} login failed Log-Auth-Challenge-Pattern Text ${request.user-name} login challenged Log-Auth-Discard-Pattern Text ${request.user-name} login discarded due to ${packet.Last-Disposition-Message} Log-Auth-Accept-Enable Yes or No FALSE Log-Auth-Reject-Enable Yes or No TRUE Log-Auth-Challenge-Enable Yes or No FALSE Log-Auth-Discard-Enable Yes or No TRUE Log-Acct-Response-Pattern Text ${request.user-name} ${request.acct-status-type} session on ${request.nas-ip-address}:${request.nas-port} Log-Acct-Start-Pattern Text ${request.user-name} started session on ${request.nas-ip-address}:${request.nas-port} Log-Acct-Interim-Pattern Text ${request.user-name} continued session on ${request.nas-ip-address}:${request.nas-port} for ${request.acct-session-time} seconds Log-Acct-Stop-Pattern Text ${request.user-name} stopped session on ${request.nas-ip-address}:${request.nas-port} for ${request.acct-session-time} seconds Log-Acct-Discard-Pattern Text ${request.user-name} session discarded due to ${packet.Last-Disposition-Message} Log-Acct-Response-Enable Yes or No FALSE Log-Acct-Start-Enable Yes or No FALSE Log-Acct-Interim-Enable Yes or No FALSE Log-Acct-Stop-Enable Yes or No FALSE Log-Acct-Discard-Enable Yes or No TRUE Log-History-Size Whole number 0..2147483647 0 Snmp-Address Network Address in Address:Port format 0 Snmp-Read-Community Text public Snmp-Write-Community Text SnmpV3-Engine-Id Hexadecimal encoded string which represents a minimum of 1 and a maximum of 32 bytes SNMPv1-Access-Enabled Yes or No TRUE SNMPv2c-Access-Enabled Yes or No TRUE SNMPv3-Access-Enabled Yes or No TRUE Snmp-System-Contact Text Snmp-System-Name Text Snmp-System-Location Text LDAP-Address Network Address in Address:Port format 0 SSH-Server-Max-Connections Unsigned integer (32 bits) 0..4294967295 10 SSH-Server-Max-Authentications Whole number 1..4294967295 3 SSH-Server-Listen-Address Network Address in Address:Port format *:9022 SSH-Server-Password-Auth-Type Yes or No TRUE SSH-Default-Encryption One of a list of Values aes128-cbc SSH-Default-Hash One of a list of Values hmac-sha1 SSH-Default-Pub-Key-Algorithm One of a list of Values ssh-dss SSH-Key-Exchange-Config One of a list of Values diffie-hellman-group1-sha1 Default-Challenge-Timeout Duration with default timeunit of Seconds 3m Default-Challenge-Timeout-Linger Duration with default timeunit of Seconds 15s Default-Continue-Timeout Duration with default timeunit of Seconds 10m Default-Continue-Timeout-Linger Duration with default timeunit of Seconds 15s Discard-On-Error Yes or No TRUE Cache-NAS-Routes Yes or No TRUE NAS-Routes-Cache-Name Text NAS_Routes Wire-Decode-Map Map. Use an '@' symbol to reference a file, i.e. @filename. Log-By-Item Yes or No TRUE Disconnect-Request-Map Map. Use an '@' symbol to reference a file, i.e. @filename. ${NAS-IP-Address}:=${request.NAS-IP-Address};\n${NAS-Identifier}:=${request.NAS-Identifier};\n${NAS-IPv6-Address}:=${request.NAS-IPv6-Address};\n${User-Name}:=${request.User-Name};\n${NAS-Port}:=${request.NAS-Port};\n${Framed-IP-Address}:=${request.Framed-IP-Address};\n${Called-Station-Id}:=${request.Called-Station-Id};\n${Calling-Station-Id}:=${request.Calling-Station-Id};\n${Acct-Session-Id}:=${request.Acct-Session-Id};\n${Acct-Multi-Session-Id}:=${request.Acct-Multi-Session-Id};\n${NAS-Port-Type}:=${request.NAS-Port-Type};\n${NAS-Port-Id}:=${request.NAS-Port-Id};\n${Originating-Line-Info}:=${request.Originating-Line-Info};\n${Framed-Interface-Id}:=${request.Framed-Interface-Id};\n${Framed-IPv6-Prefix}:=${request.Framed-IPv6-Prefix}; Uss2-Node-Timeout Duration with default timeunit of Seconds 60s Uss2-Heartbeat-Time Duration with default timeunit of Seconds 10s Uss2-Heartbeat-Skip Whole number 1..4294967295 3 Uss2-Bucket-Load-Factor Whole number 1..4294967295 10 Uss2-Idle-Ack-Rate Whole number 5..4294967295 10 Uss2-Merge-Pool-Size Whole number 1..50 4 Uss2-Replicator-Pool-Size Whole number 1..50 4 StateServer-AcctStartTimeout Duration with default timeunit of Milliseconds 45s StateServer-SessionTimeout Duration with default timeunit of Milliseconds -1ms StateServer-KeySeparator Text + StateServer-InactiveTimeout Duration with default timeunit of Milliseconds 5m StateServer-DataFile Text with a minimum length of 1 characters StateServer-RmiTimeout Duration with default timeunit of Milliseconds 15s StateServer-PrimaryHoldOffTime Duration with default timeunit of Milliseconds 30s StateServer-PrimaryAddress Network Address in Address:Port format StateServer-SecondaryAddress Network Address in Address:Port format StateServer-ReplicationRole One of a list of Values none StateServer-DiscoveryRetryTime Duration with default timeunit of Milliseconds 5s StateServer-DiscoveryDelayTime Duration with default timeunit of Milliseconds 15s StateServer-DiscoveryRetries Whole number 0..50 5 StateServer-MinUpdateThreads Whole number 1..5 1 StateServer-MaxUpdateThreads Whole number 1..5 5 StateServer-MaxUpdatePush Whole number 0..10000 2000 StateServer-MaxSecondaryFetch Whole number 0..10000 2000 StateServer-MinFlowEntries Whole number 0..2147483647 5000 StateServer-EntriesPerMs Whole number 1..2147483647 50 Http-Client-Max-Total-Connections Whole number 1..2147483647 1000 Http-Client-Connection-Manager-Timeout Duration with default timeunit of Milliseconds 5000ms ConfigServer-AdminAddress Network Address in Address:Port format 127.0.0.1:9020 ConfigServer-SshAddress Network Address in Address:Port format *:9021 ConfigServer-RegistryPort Unsigned short (16 bits) 0..65535 9097 ConfigServer-SSLRegistryPort Unsigned short (16 bits) 0..65535 9098 ConfigServer-Log-Location Text config.log ConfigServer-Log-Level Log Level Value Info TACACSPLUS-Address Network Address in Address:Port format *:49 Collector-SampleDir Text Client-Class Text Time-Zone One of a list of Values Client-Auth-Dictionary Dictionary Codec Client-Acct-Dictionary Dictionary Codec Client-Auth-Timeout Duration with default timeunit of Milliseconds Client-Acct-Timeout Duration with default timeunit of Milliseconds AdminState One of a list of Values Private-Key-Password Text
This property allows disabling the checking of the authenticators on RADIUS requests. If this property is set, RADIUS request packets with bad authenticators are discarded.
Value Description Off RADIUS authenticators are not checked. Auto RADIUS authenticators are checked if available. On RADIUS authenticators are checked. If not available, an error occurs.
Type
One of a list of Values Client
true Default
Auto
The property Check-Duplicates controls the server checking to see if the packet received is a duplicate of a previously received but completely processed request. Duplicates are detected by a combination of the Source IP Address, Source UDP Port, Destination UDP Port, Destination IP Address, and Packet Identifier. The default setting is true.
Type
Yes or No Client
true Default
TRUE
This property allows one to disable the automatic checking of items in the check variable group in the work engine. An explicit plug-in in the policy-flow must be invoked instead.
Type
Yes or No Default
FALSE
This property allows disabling the automatic checking of certain Auth-Type values and passwords. An explicit plug-in in the policy-flow must be invoked instead.
Type
Yes or No Default
FALSE
This property allows one to disable the automatic checking of leftover items in the check variable group. An explicit plug-in in the policy-flow must be used instead.
Type
Yes or No Default
FALSE
This property allows one to disable the automatic checking of the Session-Timeout attribute.
Type
Yes or No Default
FALSE
When set to true, this property truncates string attributes at the first occurrence of a null character in the data.
Type
Yes or No Client
true Default
TRUE
When set to true, this property will append a NUL character to string attributes when formatting RADIUS replies.
Type
Yes or No Client
true Default
FALSE
This property, when set, directs plug-ins to remove a check item from the check variable group after successfully completing the check.
Type
Yes or No Client
true Default
TRUE
This property tells the radius engine to output in plain text any attributes marked hidden in the dictionary. This affects the packet trace output.
Type
Yes or No Default
FALSE
This property controls how attributes that can not be encoded for transmission are handled. If false, AVPs that can not be encoded are skipped and not sent. If true, AVPs that cannot be encoded cause an exception and the packet is discarded.
Type
Yes or No Default
FALSE
This property specifies whether the user's ${reply.session-timeout} should be set when a time-of-day pattern is checked during authorization.
If the session-time-from-time-of-day is to true, the pattern specified in ${check.time-of-day} and the current time are used to determine the session's maximum duration allowed by the time-of-day pattern. The session-timeout determined from the time-of-day pattern is compared with the current value of the user's ${reply.session-timeout}.
- If the session-timeout determined from the time-of-day pattern is less than the ${reply.session-timeout} value, the ${reply-session-timeout} value is replaced with the session-timeout determined from the time-of-day pattern.
- If the value of ${reply.session-timeout} is less than the session-timeout determined from the time-of-day pattern then the ${reply.session-timeout} value remains the same.
- However, if the ${reply.session-timeout} is not specified, the ${reply.session-timeout} is set to the session-timeout determined from the time-of-day pattern.
To enable this function, the session-time-from-time-of-day value must be set to TRUE. If this value is set in a client class, it will override the server properties value.
Type
Yes or No Default
FALSE
This property lists the delimiters in precedence order used in parsing a User-Name into the sub-components Base-User-Name and User-Realm. The characters are tried, one a time, from left to right, to split the User-Name into two sections. If the character is not present in the User-Name, the next delimiter is tried until none remain. If there is no match, Base-User-Name is set from User-Name, and User-Realm remains unset. See Suffix_Delimiters .
Type
Text Client
true Default
@
This property is used in conjunction with Delimiter-Precedence. If a delimiter match is found and if it is also in this list, the User-Realm is taken from the right of the delimiter, and the Base-User-Name from the left. Otherwise, the reverse happens.
Type
Text Client
true Default
@
This property controls whether or not the server tries to normalize the NAS-Port attribute in a RADIUS requests. In addition, various augmented packet variable group variables will be decoded from the port number, based on which format is specified.
Value Description auto Uses ${request.Ascend-Nas-Port-Format} to determine mode. off No port normalization/decode performed. taos-0-6-5-5 Binary decode of 6 bits of slot, 5 bits of line, and 5 bits of channel. taos-1-2-2 Decimal decode of 1 digit of calltype, 2 digits of line, and 2 digits of channel. The calltype is removed from the normalized result. taos-1-2-3-3 Decimal decode of 1 digit of shelf, 2 digits of slot, 3 digits of line, and 3 digits of channel. taos-2-4-5-5 Binary decode of 2 bits of shelf, 4 bits of slot, 5 bits of line, and 5 bits of channel. taos-2-4-6-4 Binary decode of 2 bits of shelf, 4 bits of slot, 6 bits of line, and 4 bits of channel.
Type
Dictionary Attribute List Client
true Default
off
This property specifies which dictionary to to use to decode requests and encode replies when communicating with a particular NAS. These can be chosen from the dictionaries stored in the run directory, named with a '.dct' suffix or use Client-Dictionary="#default" to get the default dictionary.
Value Description #default Default ALU-WiMAX Alcatel-Lucent WiMAX offer Nokia Nokia in RFC space TAOS16-dictionary Taos 16 bit USDS-Plain USDS plain draft-sterman-aaa-sip-01 Draft HTTP Digest ericsson-vig-dictionary Ericsson VIG legacy-3588 Legacy Diameter max-dictionary Ascend MAX in RFC space mobile-iwf Mobile IWF mobile-pdsn Mobile PSDN
Type
Dictionary Codec Client
true Default
#default
This property tells the radius engine how it has long to send a response to a request. If the engine takes longer than the client timeout to generate the response, the request is discarded. Reception of retranmitted requests will update the request timeout value. Normally this should be set slightly higher then the client's retransmission time.
Type
Duration with default timeunit of Milliseconds Client
true Default
10s
Specifies a time limit to perform a background request like a cron job.
Type
Duration with default timeunit of Milliseconds Default
5m
This property controls how large a RADIUS datagram payload can be dealt with by the server. The RFC limit is 4096. However, the largest value 8950 AAA allows is 65504.
Type
Whole number 1..65536 Default
4096
The size of the receive buffer used by RADIUS sockets.
Type
Whole number 1..2147483647 Default
262144
The size of the transmit buffer used by RADIUS sockets.
Type
Whole number 1..2147483647 Default
262144
This property allows one to configure the traffic-class (QOS) value in sockets opened as RADIUS listeners for the server. The value to set is computed by ORing any of the following constants together. The Radius plug-in has a similiar property for its sockets.
IPTOS_LOWCOST (0x02)IPTOS_RELIABILITY (0x04)IPTOS_THROUGHPUT (0x08)IPTOS_LOWDELAY (0x10)
Type
Whole number 0..255
This property specifies a simulated receive error ratio for server RADIUS listeners. When set to a non-zero value, RADIUS listener threads will randomly drop received RADIUS packets. A value of one will drop all packets.
Type
Text Default
0.0
This property specifies a simulated transmit error ratio for server. When set to a non-zero value, RADIUS packets transmited from the work engine will be randomly dropped. If set to one, all packets will be dropped.
Type
Text Default
0.0
The property enables RADIUS response caching. If a duplicate RADIUS request is received for a previously answered query, the response is retransmitted.
Type
Yes or No Default
TRUE
This property controls the ammount of time a cached RADIUS response will be held for possible retransmission.
Type
Duration with default timeunit of Seconds Default
60s
This property configures the maximum number of plug-in invocations for ISPs. The default is 100. This value is configurable from the SMT, Server Properties, Advanced panel , Maximum Plugins in Method Chains field.
Type
Whole number 1..1000 Default
100
The maximum number of request items that can be queued for processing. This value is configurable from the SMT, Server Properties, Advanced panel , Maximum number of waiting items field.
Type
Whole number 0..10000 Default
0
This property specifies a list of listeners that will be started to receive accounting requests. If the port number is set to zero, the listener is not started.
Type
Multiple Network Addresses in Address:Port format Default
*:1813
This property specifies a list of listeners that will be started to receive access (authentication/authorization) requests. If the port number is set to zero, the listener is not started.
Type
Multiple Network Addresses in Address:Port format Default
*:1812
The socket address of an additional RADIUS listener to support the Dynamic Authorization RFC.
Type
Multiple Network Addresses in Address:Port format Default
*:3799
This property configures how many threads are allocated and run for each RADIUS listener address/port.
Type
Whole number 1..50 Default
1
This property specifies a listener for the internal administration (telnet) server. If the port has value zero, the server is not started.
Type
Network Address in Address:Port format Default
127.0.0.1:9023
This property specifies a listener for the internal HTTP server. If the port has value zero, the server is not started.
Type
Network Address in Address:Port format Default
*:9080
This property specifies a listener for the internal secure HTTP server. If the port has value zero, the server is not started.
Type
Network Address in Address:Port format Default
*:9443
Specifies the Registry Port the server uses for accepting connections from the SMT to retrieve statistical information about statistics, counters, indexes, and port status and this port is used to replicate data between the primary and secondary StateServers.
Type
Whole number 0..2147483647 Default
9099
The secure connection version of Registry-Port.
Type
Whole number 0..2147483647 Default
9100
Sets the listen addresses for bundled database server.
Type
Network Address in Address:Port format Default
0
Sets the shutdown mode for the embedded database.
Value Description NORMAL Checkpoints the database normally. IMMEDIATELY Equivalent to a poweroff or crash. COMPACT Compacts the tables, closes the log, and checkpoints the database.
Type
One of a list of Values Default
NORMAL
Sets the maximum size (in megabytes) that the database log file can reach before an automatic checkpoint occurs.
Type
Whole number 0..200 Default
200
A socket address to enable an additional internal database (Derby).
Type
Network Address in Address:Port format Default
*:1527
This property informs the embedded Derby database what level to log at.
Value Description None None Warning Warning Statement Statement Transaction Transaction Session Session Database Database System System
Type
One of a list of Values Default
Warning
The log level Derby messages are injected into the logging subsystem. See LogLevel.html
Type
Log Level Value Link
LogLevel.html Default
Debug
Enables link level trace of JCBC driver traffic. The trace is written to a separate file in the run directory.
Type
Yes or No Default
FALSE
The default location for embedded Derby databases.
Type
Text Default
derby
This property sets the directory that the internal http server uses to indicate the root of its service space.
Type
Text Default
../html
This property will reject any request that has a Session-Time value less than the value specified by the minimum-session-timeout property. This property is only valid when the property session-time-from-time-of-day is set to true. Will be overridden by client server session timeout property.
Type
Duration with default timeunit of Seconds Client
true Default
0s
This property indentifies which character set to use to convert payload octets in string RADIUS attributes to/from 8950 AAA internal variable values. This property can be set to any 'encoding' supported by the Java String class. For information about Java String character encoding support, see http://java.sun.com/j2se/1.3/docs/api/java/lang/package-summary.html#charenc
Value Description 8859_1 The Latin1 character set. Latin1 characters correspond to the first 256 Unicode characters. UTF8 The preferred way to encode non Latin1 characters.
Type
Character Set Client
true Default
8859_1
The name of a file to read or write cache information. Used at startup and shutdown.
Type
Text
This property specifieds a socket-address that the Lawful Intercept Admin server listens on.
Type
Network Address in Address:Port format Default
0
A IP Address that is used as a default for various plug-ins to indicate the interface to be used when binding to a socket. Defaults to '*', meaning any interfaces. (Or all).
Value Description
Type
One of a list of Values Default
*
This property enables the internal provisioning service.
Type
Yes or No Default
TRUE
This property specifies which JDBC driver class will be used with the embedded provisioning system.
Type
Text Default
org.apache.derby.jdbc.ClientDriver
This property specifies which JDBC URL will be used with the embedded provisioning system.
Type
Text Default
jdbc:derby://localhost:1527/provision
A socket address specifying where to listen for Diameter connections.
Type
Network Address in Address:Port format Default
*:3868
This property over-rides the automatic discovery of the server's name using network interface information. It is used by the Diameter server, and USSv2 replication.
Type
Multiple Lines of Text
The Diameter origin realm for this server.
Type
Text Default
unconfigured
The timeout used in each state in the peer state machine during connection establishment.
Type
Duration with default timeunit of Seconds Default
15s
The average rate at which the DWR (Device Watchdog Requests) are sent to remote Diameter peers.
Type
Duration with default timeunit of Seconds Default
30s
Specifies the time in milliseconds a Diameter peer is timed out if idle.
Type
Duration with default timeunit of Seconds Default
5m
The amount of time a Diameter request is held in the server without an answer before it is determined to be undeliverable.
Type
Duration with default timeunit of Seconds Default
1m
The minimum value accepted for the Redirect-Max-Cache-Time AVP in inbound redirect answers. Values less than this property take on this value.
Type
Duration with default timeunit of Seconds Default
10s
The default value passed in the Redirect-Max-Cache-Time AVP for outbound redirect answers.
Type
Duration with default timeunit of Seconds Default
5m
Specifies the time in milliseconds before a Diameter peer is failed back after being suspended (if it was failed over at the time of suspension). Peers are getting suspended as a result of an idle-timeout, either on the local side or by the remote server requesting a connection shut down. Without this time-out and no extended requests, suspended peers would be kept in the failed over state indefinitely if they were failed over when asked to suspend.
Type
Duration with default timeunit of Seconds Default
20s
The maximum number of consecutive redirects accepted for a given destination before it is considered unreachable.
Type
Whole number 1..4294967295 Default
10
This maximum number of routing attempts the Diameter router will try per message.
Type
Whole number 1..4294967295 Default
20
If enabled, a less specific Diameter route will be attempted if the more specific route fails.
Type
Yes or No Default
TRUE
Specifies to use Session-Id AVP instead of State AVP as a key for saving ahd retrieving a state context.
Type
Yes or No Default
FALSE
A boolean indicating that the connection to the Diameter Peer should be secured using TLS.
Type
Yes or No Client
true Default
FALSE
A boolean indicating that the connection to the Diameter Peer should be transported over SCTP rather than TCP.
Type
Yes or No Client
true Default
FALSE
The socketAddress (address:port) that the external SCTP gateway listens on for inbound Diameter over SCTP connections.
Type
Network Address in Address:Port format Default
*:3868
Specifies the address and port on which the Policy server will listen for traffic from the SCTP Agent, default value is 127.0.0.1:9869, which assumes the SCTP Agent runs on the local machine.
Type
Network Address in Address:Port format Client
true Default
127.0.0.1:9869
Specifies the address and port on which the SCTP Agent will listen for traffic from the Policy server, default value is 127.0.0.1:9868, which assumes the SCTP Agent runs on the local machine.
Type
Network Address in Address:Port format Client
true Default
127.0.0.1:9868
Specifies the number of SCTP input streams the local SCTP Agent will suggest to a remote SCTP client upon making outbound connections.
Type
Unsigned short (16 bits) 0..65535 Client
true Default
10
Specifies the number of SCTP output streams the local SCTP Agent will suggest to a remote SCTP client upon making outbound connections.
Type
Unsigned short (16 bits) 0..65535 Client
true Default
10
When enabled, replication traffic sent between the HA-USS pair is secured using TLS.
Type
Yes or No Default
FALSE
Type
Text Default
server.pem
Type
Text Default
trusted.pem
This property specifies a formatting pattern to be used when building a log message to be written when sending an Access-Accept packet. The logging action is enabled by the Log-Auth-Accept-Enable property.
Type
Text Default
${request.user-name} login ok
This property specifies a formatting pattern to be used when building a log message to be written when sending an Access-Reject packet. The logging action is enabled by the Log-Auth-Reject-Enable property.
Type
Text Default
${request.user-name} login failed
This property specifies a formatting pattern to be used when building a log message to be written when sending an Access-Challenge packet. The logging action is enabled by the Log-Auth-Challenge-Enable property.
Type
Text Default
${request.user-name} login challenged
This property specifies a formatting pattern to be used when building a log message to be written when discarding a reply to an Access-Request. The logging action is enabled by the Log-Auth-Discard-Enable property.
Type
Text Default
${request.user-name} login discarded due to ${packet.Last-Disposition-Message}
This property enables logging of Access-Accept replies with the pattern Log-Auth-Accept-Pattern.
Type
Yes or No Default
FALSE
This property enables logging of Authenticate-Reject replies with the pattern Log-Auth-Reject-Pattern.
Type
Yes or No Default
TRUE
This property enables logging of Authenticate-Challenge replies with the pattern Log-Auth-Challenge-Pattern.
Type
Yes or No Default
FALSE
This property enables logging of discarded replies with the pattern Log-Auth-Discard-Pattern.
Type
Yes or No Default
TRUE
This property enables logging of Accounting-Response replies with the pattern Log-Acct-Response-Pattern. This pair of properties is used only if the Acct-Status-Type attribute is not of value start, interim, or stop.
Type
Text Default
${request.user-name} ${request.acct-status-type} session on ${request.nas-ip-address}:${request.nas-port}
This property specifies a formatting pattern to be used when building a log message to be written when sending an Accounting-Response packet. The logging action is enabled by the Log-Acct-Start-Enable property.
Type
Text Default
${request.user-name} started session on ${request.nas-ip-address}:${request.nas-port}
This property specifies a formatting pattern to be used when building a log message to be written when sending an Accounting-Response packet. The logging action is enabled by the Log-Acct-Response-Enable property.
Type
Text Default
${request.user-name} continued session on ${request.nas-ip-address}:${request.nas-port} for ${request.acct-session-time} seconds
This property specifies a formatting pattern to be used when building a log message to be written when sending an Accounting-Response packet. The logging action is enabled by the Log-Acct-Stop-Enable property.
Type
Text Default
${request.user-name} stopped session on ${request.nas-ip-address}:${request.nas-port} for ${request.acct-session-time} seconds
This property specifies a formatting pattern to be sued when building a log message to be written when discarding an Accounting-Response packet. The loging action is enabled by the Log-Acct-Discard-Enable property.
Type
Text Default
${request.user-name} session discarded due to ${packet.Last-Disposition-Message}
This property enables logging of Accounting-Response replies with the pattern Log-Acct-Response-Pattern. This pair of properties is used only if the Acct-Status-Type attribute is not of value start, interim, or stop.
Type
Yes or No Default
FALSE
This property enables logging of Accounting-Response replies with the pattern Log-Acct-Start-Pattern. This pair of properties is used only if the Acct-Status-Type attribute is value start.
Type
Yes or No Default
FALSE
This property enables logging of Accounting-Response replies with the pattern Log-Acct-Interim-Pattern. This pair of properties is used only if the Acct-Status-Type attribute is value interim.
Type
Yes or No Default
FALSE
This property enables logging of Accounting-Response replies with the pattern Log-Acct-Stop-Pattern. This pair of properties is used only if the Acct-Status-Type attribute is value stop.
Type
Yes or No Default
FALSE
This property enables logging of discarded Accounting-Reponse replies with the pattern Log-Acct-Discard-Pattern.
Type
Yes or No Default
TRUE
Not used yet.
Type
Whole number 0..2147483647 Default
0
This property specifies the address to bind to for SNMP requests.
Type
Network Address in Address:Port format Default
0
String to use as community for SNMP READ requests
Type
Text Default
public
String to use as community for SNMP WRITE requests.
Type
Text Default
Type
Hexadecimal encoded string which represents a minimum of 1 and a maximum of 32 bytes
Type
Yes or No Default
TRUE
Type
Yes or No Default
TRUE
Type
Yes or No Default
TRUE
MIB-II sysContact. "The textual identification of the contact person for this managed node, together with information on how to contact this person."
Type
Text Default
MIB-II sysName. "An administratively-assigned name for this managed node. By convention, this is the node's fully-qualified domain name."
Type
Text Default
MIB-II sysLocation. "The physical location of this node (e.g., `telephone closet, 3rd floor')."
Type
Text Default
This property specifies a socket-address that the internal LDAP server binds to.
Type
Network Address in Address:Port format Default
0
Type
Unsigned integer (32 bits) 0..4294967295 Default
10
Type
Whole number 1..4294967295 Default
3
Type
Network Address in Address:Port format Default
*:9022
Type
Yes or No Default
TRUE
Value Description blowfish-cbc !!! fix aes128-cbc !!! fix
Type
One of a list of Values Default
aes128-cbc
Value Description hmac-sha1 !!! fix hmac-sha1-96 !!! fix hmac-md5 !!! fix hmac-md5-96 !!! fix
Type
One of a list of Values Default
hmac-sha1
Value Description ssh-dss !!! fix ssh-rsa !!! fix
Type
One of a list of Values Default
ssh-dss
Value Description diffie-hellman-group1-sha1 !!! fix me
Type
One of a list of Values Default
diffie-hellman-group1-sha1
Type
Duration with default timeunit of Seconds Default
3m
Type
Duration with default timeunit of Seconds Default
15s
Type
Duration with default timeunit of Seconds Default
10m
Type
Duration with default timeunit of Seconds Default
15s
If enabled, the 8950 AAA Server discards packets when a method chain exits with an error. If not enabled, the 8950 AAA Server rejects the packet.
Type
Yes or No Default
TRUE
Type
Yes or No Default
TRUE
Type
Text Default
NAS_Routes
If specified, this property defines a map used after normal RADIUS packet decode, but before engine packet augmentation. This allows one to fix up a request so that the augmentation phase can work on valid data.
Type
Map. Use an '@' symbol to reference a file, i.e. @filename.
If disabled, all log items are written to the log file independently, rather than grouped by the work item.
Type
Yes or No Default
TRUE
Specifies a map to use when copying attributes from an entry in the USS when creating a disconnect request.
Type
Map. Use an '@' symbol to reference a file, i.e. @filename. Default
${NAS-IP-Address}:=${request.NAS-IP-Address};\n${NAS-Identifier}:=${request.NAS-Identifier};\n${NAS-IPv6-Address}:=${request.NAS-IPv6-Address};\n${User-Name}:=${request.User-Name};\n${NAS-Port}:=${request.NAS-Port};\n${Framed-IP-Address}:=${request.Framed-IP-Address};\n${Called-Station-Id}:=${request.Called-Station-Id};\n${Calling-Station-Id}:=${request.Calling-Station-Id};\n${Acct-Session-Id}:=${request.Acct-Session-Id};\n${Acct-Multi-Session-Id}:=${request.Acct-Multi-Session-Id};\n${NAS-Port-Type}:=${request.NAS-Port-Type};\n${NAS-Port-Id}:=${request.NAS-Port-Id};\n${Originating-Line-Info}:=${request.Originating-Line-Info};\n${Framed-Interface-Id}:=${request.Framed-Interface-Id};\n${Framed-IPv6-Prefix}:=${request.Framed-IPv6-Prefix};
Specifies the amount of time the replication queue is kept active after a replicated server has gone down.
Type
Duration with default timeunit of Seconds Default
60s
Specifies the amount of time between heartbeat transmissions.
Type
Duration with default timeunit of Seconds Default
10s
Specifies the number of missing heartbeats before a connection to a replicated server is considered down.
Type
Whole number 1..4294967295 Default
3
Specifies the maximum number of heartbeat intervals of outstanding buckets before replication is halted and a reconciliation is prepared.
Type
Whole number 1..4294967295 Default
10
When remote ack rate per heartbeat interval drops below this limit a prepared reconciliation is started.
Type
Whole number 5..4294967295 Default
10
Specifies the number of threads servicing inbound replication.
Type
Whole number 1..50 Default
4
Specifies the number of threads servicing outbound replication.
Type
Whole number 1..50 Default
4
Specifies the time (in milliseconds) the Universal State Server will wait for an accounting-start after recording an access-accept for a particular port.
Type
Duration with default timeunit of Milliseconds Default
45s
Specifies the time (in milliseconds) after which the Universal State Server will mark a port as idle.
Type
Duration with default timeunit of Milliseconds Default
-1ms
Only used during an upgrade.
Type
Text Default
+
Specifies the time (in milliseconds) after which an inactive session entry will be removed entirely. A value of -1 disables the timeout and 0 fires immediately. The default value is -1 (disabled).
Type
Duration with default timeunit of Milliseconds Default
5m
Specifies a file to store the session state information. If specified, the State Server saves the session information when it shuts down. When the State Server is restarted the initial session information is read from this file. Note: this file is deleted after read and created each time the State Server shuts down.
Type
Text with a minimum length of 1 characters
Specifies the maximum amount of time (in milliseconds) to allow before a remote registry access aborts the attempt.
Type
Duration with default timeunit of Milliseconds Default
15s
The amount of time the primary in a HA-USS pair will wait for the secondary to communicate during primary server start up.
Type
Duration with default timeunit of Milliseconds Default
30s
This property informs the secondary in a HA-USS pair the location of the primary.
Type
Network Address in Address:Port format
This property informs the primary in a HA-USS pair the location of the secondary.
Type
Network Address in Address:Port format
Value Description none The USS runs in standalone mode. primary The USS runs as the primary in an HA-USS pair. secondary The Uss runs as the secondary in an HA-USS pair.
Type
One of a list of Values Default
none
Specifies the time (in milliseconds) to wait between each failed attempt to find the primary State Server.
Type
Duration with default timeunit of Milliseconds Default
5s
Specifies how often (in milliseconds) that the State Server communicates with the primary State Server.
Type
Duration with default timeunit of Milliseconds Default
15s
Specifies the number of times to attempt to find the primary State Server.
Type
Whole number 0..50 Default
5
Specifies the minimum number of worker threads per replication update queue.
Type
Whole number 1..5 Default
1
Specifies the maximum number of worker threads per replication update queue.
Type
Whole number 1..5 Default
5
Specifies the maximum number of USS entries to push to a secondary in a single RMI call.
Type
Whole number 0..10000 Default
2000
Specifies the maximum number of USS entries for the primary to fetch from the secondary in a single RMI call during reconciliation.
Type
Whole number 0..10000 Default
2000
The mininum number of entries in the primary replication queue before plug-in flow control enables.
Type
Whole number 0..2147483647 Default
5000
Used to compute the flow control delay time for the StateServer plug-in.
milliseconds := entriesOnQueue / entriesPerMs
Type
Whole number 1..2147483647 Default
50
This property configures the maximum number of concurrent HTTP connections to make as a client.
Type
Whole number 1..2147483647 Default
1000
The timeout in milliseconds used when retrieving an HTTP connection from the HTTP connection manager. 0 means to wait indefinitely.
Type
Duration with default timeunit of Milliseconds Default
5000ms
Specifies the TCP/IP address on which the Admin interface listens for connections. The Address is in the form of a hostname (or "*") followed by a colon, followed by the port number. The hostname must be a name that corresponds to a local interface on the machine, or the value "*", which represents all local interfaces. The default value for this property is "*.9020".
Type
Network Address in Address:Port format Default
127.0.0.1:9020
Like ConfigServer-AdminAddress, but uses SSH as the transport.
Type
Network Address in Address:Port format Default
*:9021
Defines the port to be used when creating an RMI registry. Normally, an RMI registry is already running at the address specified. However, if there is no registry, the Configuration Server will try to create one on the local host. By default, it uses the RMI port 9097 to do this, but this property enables another port to be used if necessary.
Type
Unsigned short (16 bits) 0..65535 Default
9097
Defines where the Secure RMI registry is opened on the configuration server.
Type
Unsigned short (16 bits) 0..65535 Default
9098
Specifies the name of the file in which Configuration Server writes messages and errors. The file 'config.log' is the default log file name.
Type
Text Default
config.log
Specifies the level (or debug level). The level determines what type of messages the Configuration Server writes to the log file. By default, the Configuration Server logs at 'info' level. See LogLevel.html
Type
Log Level Value Link
LogLevel.html Default
Info
Defines the port the TACACS+ server listens on.
Type
Network Address in Address:Port format Default
*:49
Specifies which directory collector samples will be recorded in.
Type
Text
This property is derived from the 3rd column of the client's file. It can be used in a dynamic string anywhere you need it.
Type
Text Client
true Server
false
This property is used by the time of day checktime of daytime of dayws a NAS and the server to be located in different time zones and still get reasonable time-of-day checks. If this property is not specified, the NAS is assumed to be in the same time zone as the server.
Value Description
Type
One of a list of Values Client
true Server
false
This property allow one to use separate dictionaries (codecs) for AUTH and ACCT policy flows.
Value Description unspecified Use client.client-timeout or server.client-timeout #default Default ALU-WiMAX Alcatel-Lucent WiMAX offer Nokia Nokia in RFC space TAOS16-dictionary Taos 16 bit USDS-Plain USDS plain draft-sterman-aaa-sip-01 Draft HTTP Digest ericsson-vig-dictionary Ericsson VIG legacy-3588 Legacy Diameter max-dictionary Ascend MAX in RFC space mobile-iwf Mobile IWF mobile-pdsn Mobile PSDN
Type
Dictionary Codec Client
true
This property allow one to use separate dictionaries (codecs) for AUTH and ACCT policy flows.
Value Description unspecified Use client.client-timeout or server.client-timeout #default Default ALU-WiMAX Alcatel-Lucent WiMAX offer Nokia Nokia in RFC space TAOS16-dictionary Taos 16 bit USDS-Plain USDS plain draft-sterman-aaa-sip-01 Draft HTTP Digest ericsson-vig-dictionary Ericsson VIG legacy-3588 Legacy Diameter max-dictionary Ascend MAX in RFC space mobile-iwf Mobile IWF mobile-pdsn Mobile PSDN
Type
Dictionary Codec Server
false
This client property allows one to over-ride the client timeout for just AUTH requests.
Type
Duration with default timeunit of Milliseconds Client
true Server
false
This client property allows one to over-ride the client timeout for just ACCT requests.
Type
Duration with default timeunit of Milliseconds Client
true Server
false
Specifies the desired state of a remote Diameter peer.
Value Description unspecified Same as Down.Down The link must be not enabled. Auto The link should be enabled when there is demand. Up The link should kept up at all times, if possible.
Type
One of a list of Values Server
false
The private key associated with the the cerftificate used to secure this Diameter TLS link.
Type
Text Server
false