Contents
1 Introduction
This document covers the massive operations available through the Ericsson™ Dynamic Activation (EDA) Command Line Interface (CLI) for layered Authentication, Authorization, and Accounting (AAA) data in IPWorks.
1.1 Purpose and Scope
This document describes layered AAA data in IPWorks, conditional search commands.
How to use these commands is covered in the document Generic CLI Interface Specification, Reference [3].
1.2 Target Group
The target group for this document is as follows:
- System Integrator
For more information regarding the different target groups, see Library Overview, Reference [2].
1.3 Typographic Conventions
Typographic conventions are described in the document Library Overview, Reference [2].
For information about abbreviations used throughout this document refer to Glossary of Terms and Acronyms, Reference [1].
2 Layered AAA Conditional Search Commands
This section covers all AAA conditional search commands available through the Dynamic Activation CLI. All conditional search commands generate response files, rather than printing the answer directly to the client.
The following AAA search commands are available:
- Print AAA Users (AAMSUIP), see Section 2.1
- Print AAA Groups (AAMSUGP), see Section 2.2
- Print AAA Policies (AAMSUPP), see Section 2.3
2.1 Print AAA Users (AAMSUIP)
This command prints all AAA users.
2.1.1 AAMSUIP Request
Command Description:
AAMSUIP:[USERNAMES=usernames][,SPNAMES=spnames][,GRPNAMES=grpnames] [,AUTHMETHODS=authenmethods][,IPALLOCTYPE=ipalloctype][,IPALLOCVALUE=ipallocvalue] [,IPV6PREFIXALLOCTYPE=ipv6prefixalloctype][,IPV6PREFIXALLOCVALUE=ipv6prefixallocvalue] [,ASSOCIATEDIMSI=associatedimsi]; |
Example of an AAMSUIP command
AAMSUIP;
This CLI command prints all AAA users.
The following table covers the attributes that can be received in AAA Users Result File.
|
Parameter |
Type |
Occurrence |
Description | ||
|---|---|---|---|---|---|
|
aaaUserName |
String Min Length = 1 Max Length = 253 |
Mandatory |
The name of the user. | ||
|
aaaUserPassword |
String Min Length = 1 Max Length = 256 |
Mandatory |
The password of the user. | ||
|
aaaAssociatedImsi |
String Length = 15 |
Optional (0-1) |
If the secure SSID feature is used by a non-SIM Wi-Fi subscription, an associated IMSI is needed for IPWorks AAA to download the user profile from HLR. This user profile is used for checking the Wi-Fi subscription for authorization. The associated IMSI must be available as an IMSI identity in CUDB. | ||
|
aaaAuthenticationMethod |
String Enumeration value = "NONE" Enumeration value = "EAP-MD5" Enumeration value = "EAP-SIM" Enumeration value = "EAP-AKA" Enumeration value = "EAP-TLS" Enumeration value = "EAP-TTLS" Enumeration value = "LEAP" Enumeration value = ""PEAP"" Enumeration value = "EAP-MSCHAP2" |
Optional (0-1) |
The authentication method used for this user. It can be:
| ||
|
aaaIPAllocationType |
Integer Min Inclusive = 0 Max Inclusive = 3 |
Optional (0-1) |
The policy of IP address allocation. There are 4 types:
| ||
|
aaaIPAllocationValue |
String Min Length = 1 Max Length = 128 |
Optional (0-1) |
The content of the policy that defines the IP address is allocated from which pool or address. Refer to description of the aaaIPAllocationType field. | ||
|
aaaIPv6PrefixAllocationType |
Integer Min Inclusive = 0 Max Inclusive = 3 |
Optional (0-1) |
| ||
|
aaaIPv6PrefixAllocationValue |
String Min Length = 1 Max Length = 128 |
Optional (0-1) |
The content of the policy that defines the IP address is allocated from which pool or address specified in the aaaIPv6PrefixAllocationType field. | ||
|
aaaGroupName |
String Min Length = 1 Max Length = 64 |
Optional (0-10) |
The name of the group. | ||
|
aaaPolicy |
Sub-MO |
Optional (0-1) |
|||
|
aaaIndividualPolicy |
Sub-MO |
Optional (0-10) |
List of the individual policies. The user can have multiple policies. | ||
|
aaaIndividualPolicyName |
Integer Min Inclusive = 1 Max Inclusive = 10 |
Mandatory(1) |
The name of the policy. | ||
|
aaaIndividualPolicyChecklist |
String Min Length = 1 Max Length = 1024 |
Optional (0-1) |
The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as System-Time. | ||
|
aaaIndividualPolicyReplylist |
String Min Length = 1 Max Length = 1024 |
Optional (0-1) |
The reply list is a reply rule of the policy. If the Access-Request message is authorized successfully, the reply rule is added to the Access-Accept message. | ||
|
aaaSharedPolicyName |
String Min Length = 1 Max Length = 64 |
Optional (0-10) |
The name of the policy. | ||
(1) This parameter is mandatory if the Sub-MO,
to which the parameter belongs, is selected.
2.1.2 AAMSUIP Result File Schema
Example 1 AAMSUIP Result File Schema
<!-- edited with XMLSpy v2008 rel. 2 sp2 (http://www.altova.com) by David (Ericsson AB) --> <xs:schema xmlns="http://schemas.ericsson.com/ma/IPWORKS/" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.ericsson.com/ma/IPWORKS/" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:include schemaLocation="../types/aaala_types.xsd"/> <xs:element name="AAAUserData"> <xs:complexType> <xs:sequence> <xs:element name="AAAUser" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="aaaUserName" type="aaaUserNameType"/> <xs:element name="aaaUserPassword" type="aaaUserPasswordType" minOccurs="0"/> <xs:element name="aaaAuthenticationMethod" type="aaaAuthenticationMethodType" minOccurs="0"/> <xs:element name="aaaIPAllocationType" type="aaaIPAllocationTypeType" minOccurs="0"/> <xs:element name="aaaIPAllocationValue" type="aaaIPAllocationValueType" minOccurs="0"/> <xs:element name="aaaIPv6PrefixAllocationType" type="aaaIPv6PrefixAllocationTypeType" minOccurs="0"/> <xs:element name="aaaIPv6PrefixAllocationValue" type="aaaIPv6PrefixAllocationValueType" minOccurs="0"/> <xs:element name="associatedimsi" type="aaaAssociatedImsiType" minOccurs="0"> <xs:element name="aaaGroupName" minOccurs="0" maxOccurs="10"/> <xs:element name="aaaPolicy" minOccurs="0"> <xs:complexType> <xs:sequence> <xs:element name="aaaIndividualPolicy" minOccurs="0" maxOccurs="10"> <xs:complexType> <xs:sequence> <xs:element name="aaaIndividualPolicyName" type="aaaIndividualPolicyNameType"/> <xs:element name="aaaIndividualPolicyChecklist" type="aaaIndividualPolicyChecklistType" minOccurs="0"/> <xs:element name="aaaIndividualPolicyReplylist" type="aaaIndividualPolicyReplylistType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="aaaSharedPolicyName" minOccurs="0" maxOccurs="10"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>
2.2 Print AAA Groups (AAMSUGP)
This command prints all AAA Groups.
2.2.1 AAMSUGP Request
Command Description:
AAMSUGP:[GRPNAMES=grpnames][,SPNAMES=spnames]; |
Example of an AAMSUGP command
AAMSUGP;
This CLI command prints all AAA groups.
The following table covers the attributes that can be received in AAA Groups Result File.
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
aaaGroupName |
String Min Length = 1 Max Length = 64 |
Mandatory |
The name of the group |
|
aaaSharedPolicyName |
String Min Length = 1 Max Length = 64 |
Optional (0-10) |
The name of the policy |
2.2.2 AAMSUGP Result File Schema
Example 2 AAMSUGP Result File Schema
<xs:element name="AAAGroupData">
<xs:complexType>
<xs:sequence>
<xs:element name="AAAGroup" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="aaaGroupName" type="aaaGroupNameType"/>
<xs:element name="aaaSharedPolicyName" minOccurs="0" maxOccurs="10"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
2.3 Print AAA Policies (AAMSUPP)
This command prints all AAA policies.
2.3.1 AAMSUPP Request
Command Description:
AAMSUPP:[PNAMES=pnames]; |
Example of an AAMSUPP command
AAMSUPP;
This CLI command prints all AAA policies.
The following table covers the attributes that can be received in search orders AAA Policies Result File.
|
Attribute |
Type |
Occurrence |
Description | |
|---|---|---|---|---|
|
aaaPolicyName |
String Min Length = 1 Max Length = 64 |
Mandatory |
The name of the policy. | |
|
aaaPolicyChecklist |
String Min Length = 1 Max Length = 1024 |
Optional (0-1) |
The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as System-Time. | |
|
aaaPolicyReplylist |
String Min Length = 1 Max Length = 1024 |
Optional (0-1) |
The reply list is a reply rule of the policy. If the Access-Request message is authorized successfully, the reply rule is added to the Access-Accept message | |
2.3.2 AAMSUPP Result File Schema
Example 3 AAMSUPP Result File Schema
<xs:element name="AAAPolicyData">
<xs:complexType>
<xs:sequence>
<xs:element name="AAAPolicy" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="aaaPolicyName" type="aaaPolicyNameType" />
<xs:element name="aaaPolicyChecklist" type="aaaPolicyChecklistType" minOccurs="0" />
<xs:element name="aaaPolicyReplylist" type="aaaPolicyReplylistType" minOccurs="0" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
3 AAA Massive Update Commands
This section covers all AAA Massive Update commands. These commands have the purpose of updating the settings of group and policy. All Massive Update commands generate response files, rather than echoing the answer directly back to the client.
The following AAA Massive Update commands are available:
- End Group (AAMSUGE) Section 3.1
- End Policy (AAMSUPE) Section 3.2
3.1 End Group (AAMSUGE)
The End Group CLI allows requesting of the following information:
- Delete all owning alias group name entries under AA entry in all mscId objects.
- Delete group name entry under AA groups entry in mscCommonData object.
3.1.1 AAMSUGE Request
Command Description:
AAMSUGE:GRPNAME=grpname; |
Example of an AAMSUGE command
AAMSUGE:GRPNAME=”group1”;
This CLI command remove “group1” group and its alias which is used in users.
The following table explains the attributes that can be used in an AAMSUGE request.
|
Parameter |
Type |
Occurrence |
Description | |
|---|---|---|---|---|
|
GRPNAME |
String Min Length = 1 Max Length = 64 |
Mandatory |
The name of the group | |
3.1.2 AAMSUGE Result File Schema
Example 4 AAMSUGE Result File Schema
<xs:element name="AAAGroupData" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="MassiveUpdateConditions">
<xs:complexType>
<xs:sequence>
<xs:element name="grpname" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="FailedUpdates" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="User" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="aaaUserName" type="xs:string" />
<xs:element name="FaultReason">
<xs:complexType>
<xs:sequence>
<xs:element name="code" type="xs:integer" />
<xs:element name="message" type="xs:string" />
<xs:element name="additionalinfo" type="xs:string" minOccurs="0" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="MassiveUpdateStatistics">
<xs:complexType>
<xs:sequence>
<xs:element name="starttime" type="xs:string" />
<xs:element name="stoptime" type="xs:string" />
<xs:element name="NumberOfChangedUsers" type="xs:integer" />
<xs:element name="NumberOfFailedUsers" type="xs:integer" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
The following table covers the attributes that can be received in a AAMSUGE response.
- Note:
- Error codes printed in the FaultReason element are related to the monitoring call forwarding registration
activation or deactivation for a single subscriber. These errors do
not stop the massive update.
If an error stops the massive update, that error code is returned in the generic XML structure, which is outside the previous schema. The generic XML structure for file responses is specified in document Introduction to CLI for Layered Applications.
|
Parameter |
Type |
Occurrence |
Description | ||||
|---|---|---|---|---|---|---|---|
|
AAAGroupData |
Sub-MO |
Optional (0-1) |
|||||
|
MassiveUpdateConditions |
Sub-MO |
Mandatory(1) |
|||||
|
grpname |
String |
Mandatory |
The name of the group | ||||
|
FailedUpdates |
Sub-MO |
Optional (0-1) |
|||||
|
User |
Sub-MO |
Mandatory (1) (1-n) |
|||||
|
aaaUserName |
String |
Mandatory |
The name of the user | ||||
|
FaultReason |
Sub-MO |
Mandatory |
|||||
|
code |
Integer |
Mandatory |
The error code | ||||
|
message |
String |
Mandatory |
The error message | ||||
|
additionalinfo |
String |
Optional (0-1) |
Additional info about the error | ||||
|
MassiveUpdateStatistics |
Sub-MO |
Mandatory (1) |
|||||
|
starttime |
String |
Mandatory |
The start time for the massive change | ||||
|
stoptime |
String |
Mandatory |
The stop time for the massive change | ||||
|
NumberOfChangedUsers |
Integer |
Mandatory |
Number of successfully updated users | ||||
|
NumberOfFailedUsers |
Integer |
Mandatory |
Number of failed users | ||||
(1) This parameter
is mandatory if the Sub-MO, to which the parameter belongs, is selected.
3.2 End Policy (AAMSUPE)
The End Policy CLI allows requesting of the following information:
- Delete all owning alias shared policy name entries under AA entry in all mscId objects.
- Delete all owning alias shared policy name entries under group name entry in mscCommonData object.
- Delete policy name entry under AA Policies entry in mscCommonData object
3.2.1 AAMSUPE Request
Command Description:
AAMSUPE:PNAME=pname; |
Example of an AAMSUPE command
AAMSUPE:PNAME=”AAAPolicy0”;
This CLI command remove “AAAPolicy0” policy and its alias which is used in users and groups.
The following table explains the attributes that can be used in an AAMSUPE request.
|
Parameter |
Type |
Occurrence |
Description | |
|---|---|---|---|---|
|
PNAME |
String Min Length = 1 Max Length = 64 |
Mandatory |
The name of the policy | |
3.2.2 AAMSUPE Result File Schema
Example 5 AAMSUPE Result File Schema
<xs:element name="AAAPolicyData" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="MassiveUpdateConditions">
<xs:complexType>
<xs:sequence>
<xs:element name="pname" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="FailedUpdates" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="User" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="aaaUserName" type="xs:string" />
<xs:element name="FaultReason">
<xs:complexType>
<xs:sequence>
<xs:element name="code" type="xs:integer" />
<xs:element name="message" type="xs:string" />
<xs:element name="additionalinfo" type="xs:string" minOccurs="0" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Group" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="aaaGroupName" type="xs:string" />
<xs:element name="FaultReason">
<xs:complexType>
<xs:sequence>
<xs:element name="code" type="xs:integer" />
<xs:element name="message" type="xs:string" />
<xs:element name="additionalinfo" type="xs:string" minOccurs="0" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="MassiveUpdateStatistics">
<xs:complexType>
<xs:sequence>
<xs:element name="starttime" type="xs:string" />
<xs:element name="stoptime" type="xs:string" />
<xs:element name="NumberOfChangedUsers" type="xs:integer" />
<xs:element name="NumberOfFailedUsers" type="xs:integer" />
<xs:element name="NumberOfChangedGroups" type="xs:integer" />
<xs:element name="NumberOfFailedGroups" type="xs:integer" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
The following table covers the attributes that can be received in a AAMSUPE response.
- Note:
- Error codes printed in the FaultReason element are related to the monitoring call forwarding registration
activation or deactivation for a single subscriber. These errors do
not stop the massive update.
If an error stops the massive update, that error code is returned in the generic XML structure, which is outside the previous schema. The generic XML structure for file responses is specified in document Introduction to CLI for Layered Applications.
|
Parameter |
Type |
Occurrence |
Description | ||||
|---|---|---|---|---|---|---|---|
|
AAAPolicyData |
Sub-MO |
Optional (0-1) |
|||||
|
MassiveUpdateConditions |
Sub-MO |
Mandatory(1) |
|||||
|
pname |
String |
Mandatory |
The name of the policy | ||||
|
FailedUpdates |
Sub-MO |
Optional (0-1) |
|||||
|
User |
Sub-MO |
Optional (1-n) |
|||||
|
aaaUserName |
String |
Mandatory (1) |
The name of the user | ||||
|
FaultReason |
Sub-MO |
Mandatory (1) |
|||||
|
code |
Integer |
Mandatory |
The error code | ||||
|
message |
String |
Mandatory |
The error message | ||||
|
additionalinfo |
String |
Optional (0-1) |
Additional info about the error | ||||
|
Group |
Sub-MO |
Optional (1-n) |
|||||
|
aaaGroupName |
String |
Mandatory (1) |
The name of the group | ||||
|
FaultReason |
Sub-MO |
Mandatory (1) |
|||||
|
code |
Integer |
Mandatory |
The error code | ||||
|
message |
String |
Mandatory |
The error message | ||||
|
additionalinfo |
String |
Optional (0-1) |
Additional info about the error | ||||
|
MassiveUpdateStatistics |
Sub-MO |
Mandatory (1) |
|||||
|
starttime |
String |
Mandatory |
The start time for the massive change | ||||
|
stoptime |
String |
Mandatory |
The stop time for the massive change | ||||
|
NumberOfChangedGroups |
Integer |
Mandatory |
Number of changed groups | ||||
|
NumberOfFailedGroups |
Integer |
Mandatory |
Number of failed groups | ||||
(1) This
parameter is mandatory if the Sub-MO, to which the parameter belongs,
is selected.
4 Faults or Errors
The CLI error codes can appear both directly in the prompt, and in the result files. Besides the generic and common error codes, the CLI commands can also return some more specific error codes.
4.1 General CLI Errors
The following table covers Dynamic Activation internal error codes. They can appear in any CLI responses.
|
Error Code |
Error Message |
|---|---|
|
1001 |
Invalid resource. |
|
1002 |
Invalid XPath. |
|
1003 |
Unrecognized namespace. No data view associated. |
|
1004 |
Access denied. Invalid principal or credentials. |
|
1005 |
Not authorized to perform current operation on selected data view. |
|
1006 |
Invalid parameter. |
|
1007 |
The XPath failed to match any data in the processed XML. |
|
1008 |
Failed to provision data. |
|
1009 |
Unsupported operation. |
|
1093 |
Could not process request because of limit of max number of concurrent ongoing CLI transactions reached. |
|
1095 |
Communication error while interacting with a Network Element. |
|
1096 |
Time-out expired during wait for answer from Network Element. |
|
1097 |
Failure during processing of the request. |
|
1098 |
Could not process request because of resource limitation. |
|
1099 |
System error. |
|
1100 |
Execution was canceled |
|
1101 |
External error |
|
1103 |
License error |
4.2 Command Mapped Errors
This section covers layered AAA in IPWorks provisioning interface errors that are mapped towards certain commands. The commands listed in this section can be assumed to be stopping, unless "(not stopping)" is stated. They are listed in the following table along with the commands that can return them.
|
Error Code |
Error Message |
Command |
|---|---|---|
|
18002 |
AAA USER NOT DEFINED |
AAMSUIP |
|
18005 |
AAA GROUP NOT DEFINED |
AAMSUGP |
|
AAMSUGE | ||
|
18009 |
AAA POLICY NOT DEFINED |
AAMSUPP |
|
AAMSUPE |
Reference List
| Ericsson Documents |
|---|
| [1] Glossary of Terms and Acronyms, 0033-CSH 109 628 Uen |
| [2] Library Overview, 18/1553-CSH 109 628 Uen |
| [3] Generic CLI Interface Specification, 15/155 19-CSH 109 628 Uen |