Alcatel-Lucent 8950 Authentication, Authorization, and Accounting (AAA) Release 8.2 QuickStart Guide

You might also like

Download as pdf or txt
Download as pdf or txt
You are on page 1of 78

Title page

8950 Authentication, Authorization, and Accounting (AAA) | Release 8.2
QuickStart guide
Issue 3 | April 2014
Legal notice

Legal notice

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective

The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright © 2014 Alcatel-Lucent. All rights reserved.

About this document

Purpose ............................................................................................................................................................................................. xi

Intended audience ......................................................................................................................................................................... xi


Supported systems ........................................................................................................................................................................ xi


How to use this document ......................................................................................................................................................... xi


Conventions used ........................................................................................................................................................................ xii


Related information ................................................................................................................................................................... xiii


Document support ...................................................................................................................................................................... xiii


Technical support ....................................................................................................................................................................... xiii


How to comment ........................................................................................................................................................................ xiii


1 Platform and system requirements

Overview ...................................................................................................................................................................................... 1-1


8950 AAA overview ................................................................................................................................................................ 1-1


Platform support ........................................................................................................................................................................ 1-3


Java environment ...................................................................................................................................................................... 1-4


Server memory ........................................................................................................................................................................... 1-5


Server storage ............................................................................................................................................................................. 1-5


Hardware requirements ........................................................................................................................................................... 1-6


2 Prepare system for installation

Overview ...................................................................................................................................................................................... 2-1


Download latest 8950 AAA version .................................................................................................................................. 2-2


Get valid license ........................................................................................................................................................................ 2-3


Use ZIP/TAR utility ................................................................................................................................................................. 2-3


8950 AAA iii
365-360-007 Release 8.2
Issue 3 April 2014

Check patch levels of operating systems .......................................................................................................................... 2-4

Upgrade of 8950 AAA ........................................................................................................................................................... 2-4


3 Install and learn 8950 AAA

Overview ...................................................................................................................................................................................... 3-1


Install 8950 AAA server on UNIX/LINUX ................................................................................................................... 3-2


Install 8950 AAA server on Windows ............................................................................................................................... 3-8


Install the server management tool .................................................................................................................................. 3-13


Third-party licences information ...................................................................................................................................... 3-13


Start SMT GUI application ................................................................................................................................................. 3-14


Start 8950 AAA configuration server .............................................................................................................................. 3-16


Start 8950 AAA policy server ............................................................................................................................................ 3-18


Automatically start the 8950 AAA servers ................................................................................................................... 3-20


Install configuration sets after installing 8950 AAA ................................................................................................. 3-23


Stop 8950 AAA configuration server .............................................................................................................................. 3-27


Stop 8950 AAA policy server ............................................................................................................................................ 3-29


Connect local SMT or MT to remote AAA server using RMI over SSH or NAT .......................................... 3-31

Stop SMT application ........................................................................................................................................................... 3-34


Support for VMware ............................................................................................................................................................. 3-35


Learn 8950 AAA .................................................................................................................................................................... 3-36


Technical support ................................................................................................................................................................... 3-37


4 Remove 8950 AAA

Overview ...................................................................................................................................................................................... 4-1


Uninstall from UNIX platform ............................................................................................................................................ 4-2


Uninstall from Windows platforms .................................................................................................................................... 4-4


5 Determine hardware needs

Overview ...................................................................................................................................................................................... 5-1


iv 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014

Hardware needs ......................................................................................................................................................................... 5-1

Basic AAA load calculations ................................................................................................................................................ 5-2


Server sizing ............................................................................................................................................................................... 5-4


Scaling your network ............................................................................................................................................................... 5-5


Load distribution ....................................................................................................................................................................... 5-6



8950 AAA v
365-360-007 Release 8.2
Issue 3 April 2014


vi 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
List of tables

1 Document usage ............................................................................................................................................................ xi


2 Typographical conventions used ........................................................................................................................... xii

8950 AAA vii
365-360-007 Release 8.2
Issue 3 April 2014
List of tables


viii 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
List of figures

3-1 Install new PolicyFlow .......................................................................................................................................... 3-24


3-2 Login screen .............................................................................................................................................................. 3-32


3-3 Verify certificate chain screen ............................................................................................................................ 3-33

3-4 SMT GUI on a remote server ............................................................................................................................. 3-34

8950 AAA ix
365-360-007 Release 8.2
Issue 3 April 2014
List of figures


x 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
About this document
About this document

This guide helps you understand the system and platform requirements for the installation
of 8950 AAA, know how to install it, and estimate the hardware needs.

Intended audience
This document is intended for users working in the following domains:
• Installation
• Operation
• Engineering
• Validation
This guide is also useful to any other user who wants to know more about 8950 AAA
installation and configuration procedures.

Supported systems
This publication applies to the 8950 AAA System Release 8.1, 8.1.x, and 8.2.

How to use this document

The recommended approach for using this guide is to read the entire guide and refer to it,
as needed, for specific configuration details of the 8950 AAA.
The chapters that provide information on installation, pre requirements, system and
platform requirements, and so on of the 8950 AAA application are listed in the table as

Table 1 Document usage

Document organization When to use

Chapter 1, “Platform and To understand system and platform requirements, install the
system requirements” 8950 AAA, and estimate hardware needs.

8950 AAA xi
365-360-007 Release 8.2
Issue 3 April 2014
About this document

Table 1 Document usage (continued)

Document organization When to use

Chapter 2, “Prepare system for To understand system and server requirements for installing
installation” the 8950 AAA.
Chapter 3, “Install and learn To know steps required to install the 8950 AAA on a UNIX
8950 AAA” or on Microsoft Windows platform.
Chapter 4, “Remove 8950 To know steps required to remove the 8950 AAA from your
AAA” UNIX or Microsoft Windows platform.
Chapter 5, “Determine To understand basic sizing calculations, implementation
hardware needs” considerations and additional recommendations to estimate
system needs.

Conventions used
The terms AAA and 8950 AAA describe the Alcatel-Lucent 8950 AAA server.
The terms USS and USSv1 describe the Universal State Server version 1.
The term USSv2 describes the Universal State Server version 2.
This guide uses the following typographical conventions as shown in the table.

Table 2 Typographical conventions used

Appearance Description
Emphasis Text that is emphasized
Document titles Titles of books or other documents
File or directory names Names of files or directories
graphical user interface text or key Text displayed in a graphical user interface or in a
name hardware label
Keyboard keys Name of a key on the keyboard
System input Text that the user types as input to a system
System output Text that a system displays or prints
variable Value or command-line parameter that the user
[] Text or a value that is optional
{value1 | value2} A choice of values or variables from which one value
{variable1 | variable2} or variable is used

xii 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
About this document

Related information
The following documents are referenced in this document and include additional
information relevant to this document.
• Alcatel-Lucent 8950 AAA Quick Start Guide; this guide provides information as to
how to install the 8950 AAA, where to obtain licenses, and about system
• Alcatel-Lucent 8950 AAA System Administration Guide, 365-360-009; this guide
provides a general information and features of the 8950 AAA, how to configure the
8950 AAA, and how to perform monitoring and administrative tasks.
• Alcatel-Lucent User Provisioning System User Guide; this guide provides information
on the User Provisioning System (UPS) included in the 8950 AAA that allows you to
manage (create/search/modify/delete) users in a predefined DB schema.
All 8950 AAA documents are available at Alcatel-Lucent OnLine Customer Support Site
( Download the zipped files from the Downloads and
Registration section.

Document support
To order Alcatel-Lucent documents, contact your local sales representative or use Online
Customer Support (OLCS) (

Technical support
For technical support, contact your local Alcatel-Lucent customer support team. See the
Alcatel-Lucent Support web site ( for contact
For Alcatel-Lucent remote technical support and warranty claims, send an e-mail to

How to comment
To comment on this document, go to the Online Comment Form (http://infodoc.alcatel- or e-mail your comments to the Comments Hotline

8950 AAA xiii
365-360-007 Release 8.2
Issue 3 April 2014
About this document


xiv 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
1 1 latform and system

This chapter provides a brief overview of the 8950 AAA server and lists the main product
features. The chapter also provides information about the platforms supported by the
8950 AAA and the hardware and memory requirements to install and run the 8950 AAA.


8950 AAA overview 1-1

Platform support 1-3
Java environment 1-4
Server memory 1-5
Server storage 1-5
Hardware requirements 1-6

8950 AAA overview

The 8950 AAA server is a highly flexible AAA server available today for remote access
services. The 8950 AAA handles user requests for access to network resources and
provides authentication, authorization, and accounting (AAA) services. This guide
provides information to help you understand system and platform requirements, install
8950 AAA, and estimate hardware needs.

8950 AAA 1-1
365-360-007 Release 8.2
Issue 3 April 2014
Platform and system requirements 8950 AAA overview

The main product features of the 8950 AAA server are as follows:
• Supports the following standard authentication protocols:
– Radius
– Diameter
• Supports the 802.1x authentication using the following EAP protocols:
• Implements XML-based dictionary, which is a superset of RFC standard and Vendor
Specific Attributes (VSA).
This design provides the 8950 AAA, the ability to adapt to various vendors in any
• Offers a built-in programming language for writing custom 8950 AAA policy
applications. The PolicyFlow ™ language allows configuration of the 8950 AAA
according to any complex policy rules of a network. The proprietary PolicyFlow
architecture built on Java ™ programming language is flexible and extensible.
• Provides a Command Line Interface (CLI) in addition to the SMT.
The CLI allows you to access and operate the 8950 AAA in any network environment.
It supports Telnet and SSH-based CLI through the admin console. An administrator
can use this CLI for executing commands for administrative purposes.
• Provides PolicyAssistant, a graphical wizard to define policies for network policy
If the application requires complex policies, use PolicyFlows instead of the
• Supports a flexible logging mechanism that can be configured according to the
• Supports the Server Management Tool (SMT) that provides a graphical remote
configuration and management interface to all features of the 8950 AAA.
• Interfaces with the following back-end systems:
– SQL database (JDBC complaint)
– LDAP server
1-2 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Platform and system requirements 8950 AAA overview

– HLR over MAP interface
– HSS over Diameter
– Online Charging System (OCS) over Diameter
– Microsoft Active Directory
– RSA Token server
– DHCP server
– Motive Device Management System
– SNMP Manager
• The 8950 AAA can be configured to send e-mail as notification.

Platform support
Hardware and platform support
The 8950 AAA is supported on the following platforms and hardware:
• Solaris: Solaris 10
• Linux: Red Hat 5.x and 6.x
• Windows: Server 2003, XP with SP2 and above, Server 2008, Vista, and Windows7
• Oracle: Oracle T1000/T2000 and X86 hardware. Install the hardware with Solaris 10
OS version and Oracle JRE1.7
• Ulticom D7G product: HP x86 machines with Red Hat Linux 6.3 or above
Note: For more information on the latest versions of the operating systems and
hardware supported by the 8950 AAA, refer ReleaseNotes.html included in your
software package. When installed, you can find the release notes in the
<AAA_Install>\doc folder.

8950 AAA 1-3
365-360-007 Release 8.2
Issue 3 April 2014
Platform and system requirements Java environment


Java environment
Using Java
Before you install the 8950 AAA, check that you have the appropriate version of Java,
that is, the Java 2 Standard Edition (J2SE) for the 8950 AAA and install Java on your
The 8950 AAA requires Java 2 Standard Edition (J2SE) version 7.0 (also known as
version 1.7.0) or later to run on all platforms. Both J2SE JDK and JRE are supported.
However, JDK is recommended as it provides additional tools for supporting Java
From 8950 AAA 8.2.0 onwards it is mandatory to install JDK version 1.7.0_10 or above.
Contact the operating system vendor or ( for information on
Java support for your computer. It is important that the operating system and Java
environment are kept at current patch levels.

Download latest Java version

The 8950 AAA does not run with the MS-Java release included in many Windows
If your server does not have the correct Java version installed, get the current Java version
as per the operating systems. For Windows, Solaris, and Linux platform, visit the Oracle
web site: (

Check current Java version

Enter the following at the command prompt:
java -version
The output is similar to the following:
Java version “1.7.XXX”
Java(TM) SE Runtime Environment, Standard Edition (build
java HotSpot(TM) Client VM (build 10.X.XXX, mixed mode, sharing)
Note: The Java version displayed is the version available on your system.

1-4 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Platform and system requirements Server memory


Server memory
Memory allocation
By default, memory allocated for 8950 AAA process is 1 GB for a 32 bit JVM.
Memory use is affected by the following factors:
• Server configuration.
• User file size (when used).
• Total number of active subscribers (during peak hour).
• Whether the Universal State Server (USS) or the Server Management Tool (SMT)
runs on the same platform as that of the 8950 AAA server.
Note: For the memory configuration, contact 8950 AAA product support team to get a
confirmation on the following:
• Use of JVM 32 bit or 64 bit.
• Memory allocated for each type of JVM.

Server storage
Storage requirements
The server must have at least 150 MB of free disk space for installation.
Note: The storage requirement of 150 MB is for installation. For daily operations,
allow storage space for accounting data and log files. The actual amount of disk space
needed for logs and accounting records depends on many factors such as logging
level, accounting detail, and the length of time for which the data is retained.
Additional storage is also required for USS/USSv2 persistence files, IPAMv2, and
Statistics Collector, if configured.

8950 AAA 1-5
365-360-007 Release 8.2
Issue 3 April 2014
Platform and system requirements Hardware requirements


Hardware requirements
For more details on estimating system hardware requirements, see Chapter 5, “Determine
hardware needs”.

1-6 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
2 2repare system for

This chapter describes the several system and server requirements that must be met to
ensure a complete installation.


Download latest 8950 AAA version 2-2

Get valid license 2-3
Use ZIP/TAR utility 2-3
Check patch levels of operating systems 2-4
Upgrade of 8950 AAA 2-4

8950 AAA 2-1
365-360-007 Release 8.2
Issue 3 April 2014
Prepare system for installation Download latest 8950 AAA version


Download latest 8950 AAA version

This procedure provides instructions to download the latest 8950 AAA installation
package from the Alcatel-Lucent OnLine Customer Support Site.

Before you begin

To download the software, you need to be a registered user with login credentials.

To get the latest version


1 Visit the Alcatel-Lucent OnLine Customer Support Site (https://support.alcatel-lucent.

com/). Enter your credentials when prompted.

2 From the drop-down list box in the Technical Content For section, select 8950 AAA
(Authentication, Authorization, and Accounting).


3 Follow the instructions and download the zipped folder for the latest version of 8950
AAA software. The zipped folder contains the installation files of both Windows and
UNIX operating systems.
Note: If required, download the zipped folder of documents from the same location.

2-2 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Prepare system for installation Download latest 8950 AAA version


4 Save the folder to a temporary directory.


Get valid license

License for installation
The 8950 AAA requires a valid license for installation. If you are using a demonstration
copy, you require an evaluation license that is valid for six months. Permanent licenses
are specific to a single major version such as 7.x.x or 8.x.x. Upgrading 8950 AAA point
releases for example, version 7.0.x to 7.2.x or version 7.2.1 to 7.2.2, does not require a
different license. If you are performing a major version upgrade for example, 7.x. to 8.x, a
new license is required.
For more information on version upgrades and to obtain licenses, contact your local
Alcatel-Lucent sales representative.

Use ZIP/TAR utility

File extraction utility
You need to have a file extraction utility for the 8950 AAA archive type. Use the file
extraction utilities to extract files from the file you download from the 8950
AAA website.
Note: Some unzip programs truncate file names longer than 8 characters. This
prevents the 8950 AAA installer to run. Ensure that your unzip program does not
truncate or alter file names.

8950 AAA 2-3
365-360-007 Release 8.2
Issue 3 April 2014
Prepare system for installation Check patch levels of operating systems


Check patch levels of operating systems

Operating system
It is important that operating systems are at their current patch level. Failure to install
required patches can significantly impact the operation of 8950 AAA. For information on
the patches available for your server, contact the operating system vendor or
representative or visit their support website. Verify that all applicable patches are applied
to your Java environment.

Upgrade of 8950 AAA

Please contact your Alcatel-Lucent sales or support representative prior to any minor or
major version upgrade of your existing 8950 AAA installation(s) in a live network. They
will guide you on the process to migrate your existing configurations for a successful
upgrade without any data loss. Do not try to upgrade an 8950 AAA system that supports a
live network without Alcatel-Lucent assistance.
If you wish to upgrade a test setup of 8950 AAA that is not supporting a live network,
follow the installation steps described in Chapter 3, “Install and learn 8950 AAA”. When
the installation program prompts you with the following question:
“The directory, <8950AAA install dir>, contains an existing 8950 AAA, Vital AAA or
NavisRadius installation. Do you want to use existing configuration?”
• Select “YES” to retain the old property configurations and PFs
• Select “NO” to do a totally fresh install
In either case, the original software is replaced with the new version of 8950 AAA

2-4 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
3 Install and learn 8950 AAA

This section provides the steps required to install the 8950 AAA server on a
UNIX/LINUX or Windows platform. It addresses the requirements and procedures
necessary for new installations only. When upgrading the 8950 AAA server, ensure not to
overwrite existing configuration files.


Install 8950 AAA server on UNIX/LINUX 3-2

Install 8950 AAA server on Windows 3-8
Install the server management tool 3-13
Third-party licences information 3-13
Start SMT GUI application 3-14
Start 8950 AAA configuration server 3-16
Start 8950 AAA policy server 3-18
Automatically start the 8950 AAA servers 3-20
Install configuration sets after installing 8950 AAA 3-23
Stop 8950 AAA configuration server 3-27
Stop 8950 AAA policy server 3-29
Connect local SMT or MT to remote AAA server using RMI over SSH or NAT 3-31
Stop SMT application 3-34
Support for VMware 3-35
Learn 8950 AAA 3-36
Technical support 3-37

8950 AAA 3-1
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on UNIX/LINUX


Install 8950 AAA server on UNIX/LINUX

This procedure provides instructions to perform a command line installation of 8950
AAA server on UNIX/LINUX platform.

Before you begin

Before you begin, ensure that you have a valid license file for the 8950 AAA software
version you are installing.


1 Open the terminal window and extract the to a temporary directory.

2 Type the following at the command prompt: ./


3 Press Enter key.

Result: The following message displays:
8950 AAA Setup, Version 8.2.0dev
Copyright (c) 2014 Alcatel-Lucent. All rights reserved.
You are about to install 8950 AAA.
Enter 'X' at any prompt to exit the setup program.
Using Java version:
Java(TM) SE Runtime Environment
Oracle Corporation
Version: 1.7.0_25
From: '/usr/java/jdk1.7.0_25/jre'
The version of Java you have installed is compatible with 8950 AAA.
Note: The Java version displayed is the version available on your system.

4 Enter Y to accept the license agreement and press Enter key.

Result: The following prompt message appears:
Enter the directory for 8950AAA:

5 Press Enter key to accept the default directory or enter the desired location.

3-2 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on UNIX/LINUX

Result: The following prompt appears if the directory does not exist:
The directory does not exist. Do you want to create it? [Y /
N (Default)]

6 Press Y to create the directory.

Result: A directory is created and the following message displays:
Select the type of installation: 8950 AAA Server or Server
Management Tool (SMT) Only.
The SMT is a graphical tool used to configure and manage the
8950 AAA Server.
[1] 8950 AAA Server
This option installs both the 8950 AAA Server and SMT. Use
this option on the computer where you want to run the server.
[2] Server Management Tool Only
This option ONLY installs SMT. Use this option to configure
and manage a 8950 AAA Server remotely from another computer
on the network.
Install: 8950 AAA Server and SMT [1] or SMT Only [2]:

7 To install the 8950 AAA server, type 1 and press the Enter key.
Result: The following prompt appears if the license file is not in the installation
Enter path that contains the license file:

8 Enter the path to reflect the location of your license file. Press Enter key.
Result: The following prompt appears:
Enter the administrator's user credentials for the Servers:
Administrator User [admin]:

9 Type the AAA administrator's username and press Enter key.

Result: The following prompt appears:
Administrator Password:

8950 AAA 3-3
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on UNIX/LINUX


10 Type the AAA administrator's password and press Enter key.

Result: The following output message appears:
8950 AAA allows secure connections for the SMT, web access,
and for Diameter peers. 8950 AAA uses certificates for use
with secure connections.
Enter the Company [Alcatel-Lucent (Internal)]:

11 Press Enter key to accept the default company name, or change the name if required.
Enter the other details as follows:
Enter the Website:
Enter the City:
Enter the State:
Enter the Country:
Result: The following prompt appears:
Enter the Root Password (required):

12 Enter the password for root certificate and press Enter key.
Note: 8950 AAA allows secure communication from the remote client-SMTs to the
8950 AAA servers, when connecting to the built-in web service, and for
communication between Diameter peers. The 8950 AAA can act as a CA (Certificate
Authority) to issue server or client certificates. Root password entered here is the
password for the Root-CA Certificate. Server password entered in the next step is the
password for the Server certificate for 8950 AAA server process.
Result: The following prompt appears:
Enter the Server Password (required):

13 Enter the password for server certificate and press the Enter key.
Result: The following prompt appears:
Enter the Root Certificate File Name [root.pem]:

14 Enter the file name of the root certificate and press the Enter key.

3-4 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on UNIX/LINUX

Result: The following prompt appears:
Enter the Trusted Certificate File Name [trusted.pem]:

15 Enter the file name of the trusted certificate and press the Enter key.
Result: The following prompt appears:
Enter the Server Certificate File Name [server.pem]:

16 Enter the file name of the server certificate and press the Enter key.
Result: You are prompted to change or accept the default company name, website,
city, state, and country.
Change the default names, if required or press the Enter key to accept the default

17 The following output is displayed:

Select the option to install a PolicyFlow. 8950 AAA uses
PolicyFlow to make decisions about how to authenticate users and
store accounting information.
The PolicyAssistant is a predefined PolicyFlow that retrieves
user information from an LDAP Directory, RADIUS User File,
Database, or Remote RADIUS Server. User authentication can be
done by Windows NT, Unix, Plain Text Passwords, SecurID and
WiMAX Configuration
The Alcatel-Lucent WiMAX configuration is a predefined
PolicyFlow that works specifically with WiMAX bundled systems.
Femto Configuration
The Alcatel-Lucent Femto configuration is a predefined
PolicyFlow that works specifically with Femto installations.
LTE Configuration
The Alcatel-Lucent LTE configuration is a predefined PolicyFlow
that works specifically with LTE eHRPD installations.
Sample Set

8950 AAA 3-5
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on UNIX/LINUX

Installs a predefined PolicyFlow configuration. Select a set
from the list to install it.
Build Your Own
Installs an empty PolicyFlow. Use this option if you want to
configure your own PolicyFlow.
Install: PolicyAssistant [P], Wimax [W], Femto [F], LTE eHRPD
[L], Sample from List [S], or Build Your Own [B]:

18 Enter the appropriate letter to install the required Policy Set. Press Enter key to complete
the installation process.
Result: When the installation is complete, the following output is displayed and you
are ready to configure the servers:
Setting up for reading entries..
Installing files to /opt/AAA..
Updating Server Properties..
Updating Security Properties..
Updating SMT Properties..
Creating Certificates..
Setting Up Database..
Updating Server Properties..
Copying License File..
Installation Completed Successfully.

Note: For prompt less installation use the command line options. To know about the
command line options, use the following command:
./ -usage

Install 8950 AAA using GUI installer

8950 AAA can also be installed using a GUI form of installer. Follow the steps to install
the 8950 AAA:
1. Open the terminal window and extract the to a temporary directory.
2. Type the following at the command prompt:
./ -gui
3-6 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on UNIX/LINUX

Result: The 8950 AAA Setup program is displayed.
3. Click Next twice.
Result: The Software License Agreement window appears.
4. Continue the installation from Step 3 in the procedure “Install 8950 AAA server on
Windows” (p. 3-8).

8950 AAA 3-7
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on Windows


Install 8950 AAA server on Windows

This procedure provides instructions to install the 8950 AAA server on Microsoft
Windows platform.

Before you begin

The Microsoft Windows 8950 AAA Setup program assists you through a series of
interactive panels that contain information about configuring the 8950 AAA installation.
As you progress through the panels you are asked to make several decisions. Read each
panel and carefully follow the instructions.
Ensure that you have a valid license file for the 8950 AAA software version you are


1 Double-click the and extract the file to a temporary directory.


2 Navigate to the location of the unzipped 8950 AAA files and double-click setup.exe. The
8950 AAA Setup program is displayed. Click Next twice.
Result: The Software License Agreement window appears.

3 If you agree to the licensing terms, select Accept License Agreement Terms and click

3-8 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on Windows

Result: The Choose Installation Location window is displayed.


4 Perform one of the following tasks:

If... Then...
You want to use the default Click Next.
installation location
You want to use any existing Click Browse and select the desired location.
folder Click Next.
You want to create a new Enter the full path and the name of the folder.
folder Click Next.
Note: You are prompted to allow the folder to be created.
Click Yes.

8950 AAA 3-9
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on Windows

Result: The Choose Installation Type window is displayed.


5 Select an installation type, click Next.

Result: The License File Location window is displayed.


6 Follow the instructions listed on the dialog to specify the location of the license file and
click Next.

3-10 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on Windows

Result: The 8950 AAA Administrator Configuration window is displayed.


7 Enter the administrator information (username and password) and click Next.
Result: The 8950 AAA Policy Set Installation window is displayed.


8 Follow the instructions on the dialog to select the desired Configuration Set.

8950 AAA 3-11
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install 8950 AAA server on Windows

Note: If you select the Install WiMAX Configuration set, WiMAX Configuration
window appears. Follow the instructions on the dialog and select the required
WiMAX set.
Click Next.
Result: The Certificate Configuration window is displayed.


9 Enter the Root Password and the Server Password (this allows secure connection from
SMT to the Servers). The default file names and location information are displayed. Edit
the information if required.
Result: The 8950 AAA is installed on the selected location.
On completion, the Installation Complete dialog box is displayed.

10 Click Finish to close the installation program, or click Run Server Management Tool to
start the SMT to configure and manage your servers.
Note: You can also view the Release Notes from the Setup Complete dialog box.

3-12 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install the server management tool


Install the server management tool

Server Management Tool
If you want to configure or monitor the 8950 AAA Servers from a remote machine, you
can install only the Server Management Tool (SMT) GUI on the remote machine. The
configuration server must be running on the 8950 AAA server before launching the
remote SMT GUI client to connect to the 8950 AAA server.
To install the Server Management Tool follow the instructions to install 8950 AAA on
UNIX or on Windows, however, when you are prompted to install either the 8950 AAA
Server or Server Management Tool, select Install Server Management Tool check box.
Note: If you do not have access to the SMT because of firewall restrictions or other
environment limitations, you can still access the sample Policy Sets shipped with the
8950 AAA, with the exception of the PolicyAssistant. The PolicyAssistant is a
UI-based interactive tool used to help create and manage policies.

Third-party licences information

The 8950 AAA software package includes certain third-party software bundled along with
it. By installing the 8950 AAA software package, you implicitly agree to these third-party
software licenses also.
More information about the third-party software licenses is found at the
<AAA-Install>\doc\legalfolder. All terms and conditions listed, disclaimers, and
copyright notices provided are based on information made available to the 8950 AAA by
the third-party licensors.

8950 AAA 3-13
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Start SMT GUI application


Start SMT GUI application

This topic provides instructions to start SMT on the following platforms:
• Windows
• UNIX or Linux

Related information
The 8950 AAA Server Management Tool (SMT) is an application that is used to
configure and manage 8950 AAA servers. SMT is a graphical user interface that
interfaces with the 8950 AAA server and can be used to manage all aspects of server
operation. The SMT is a standalone application that is started and run independently of
the 8950 AAA server.
You can also install the 8950 AAA on a UNIX server and the SMT GUI on your PC.
Before you connect to the 8950 AAA server from remote SMT GUI, ensure to start the
configuration server on the UNIX server. For information on how to start the
configuration server, see “Start 8950 AAA configuration server” (p. 3-16).

Before you begin

Ensure that you have the required user credentials.


1 On Windows platform
Choose one of the following methods to start the SMT:
• Navigate to the <AAA_Install>/bin folder. Double-click aaa-smt.exe to launch the
• Click Start button to display the Start menu. Select Programs. Navigate to the folder
on which the 8950 AAA is installed. Click Server Management Tool.
On UNIX or Linux platform:
Navigate to the <AAA_Install>/bin folder and run the following command in the bin

3-14 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Start SMT GUI application

Result: The Server Management Tool Login screen appears.
The administrators or users generally connect to UNIX/Linux machines using
X-Client software on the local PC.
While using this software, when the SMT is started on a remote UNIX/Linux
machines, by default the GUI may not be displayed. In such scenarios by performing
the following procedure the GUI is displayed on the UNIX/Linux machines and is
visible on local PC running X-client software.
Procedure to start SMT on UNIX/Linux:
1. Start an X-client on your PC.
2. Find and enter the IP address of your PC.
3. Enter the following command on the UNIX prompt: export DISPLAY=, where is the IP address of your PC.
4. At the UNIX/Linux prompt, run the aaa-smt command.

2 In the Server Management Tool Login screen, enter the user name and password.

3 Choose one of the following options to connect to the AAA server:

1. Connect locally - when the server and the client application are installed on a single
2. Connect to a remote 8950 AAA server- when the server and the client application
are installed on different systems.
When connecting to a remote 8950 AAA server (through the configuration server),
enter the host details where the 8950 AAA server is installed. For secure connection
enable the Use Secure Connection option during login.
Note: For remote connection, ensure that the configuration server is running on the
remote machine.

4 Click Connect.
Result: The 8950 AAA Server Management Tool launches.

8950 AAA 3-15
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Start 8950 AAA configuration server


Start 8950 AAA configuration server

This topic provides various methods that you can use to start the configuration server.

Related information
The configuration server runs on the 8950 AAA server machine. Configuration server is
used by the remote SMT GUI to configure or monitor the 8950 AAA server from a
remote machine.

Before you begin



1 Perform one of the following tasks where the 8950 AAA server is installed to start the
configuration server:
• From the SMT application - in the SMT navigation pane, click the Configuration
Server tool icon, .
Select Start Server in the drop-down list.
Result: The configuration server starts and the status changes to green in SMT.
• From the command-line window - navigate to the <Installed Directory>/bin folder.
Enter the command ./aaa start config
Result: The configuration server starts. The output is displayed as follows:
8950 AAA Configuration Server starting...
8950 AAA Configuration Server initialized.
• As a Windows service - navigate to Start Menu -> Control Panel -> Administrative
Tools -> Services.
Select 8950 AAA Configuration Service from the list of applications.
In the left-hand panel, click Start the service, or right-click and select Start.
Result: The server starts as a Windows service. The status changes to Started.


3-16 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Start 8950 AAA configuration server

Configuration server status
You can check the status of the configuration server in one of the following ways:
• From the SMT
Check for the status of the configuration server icon in the tool bar:
– Green - the configuration server is active.
– Red - the configuration server is inactive.
• From the CLI
Execute this command from <install>/bin folder:
./aaa list config
The output is as follows if the configuration server is running:
101 Server active
8950 AAA Configuration Server responding
The output is as follows if the configuration server is not running:
8950 AAA Configuration Server not responding
• From Windows service (For Windows OS)
If the 8950 AAA configuration server is active, then the status of the 8950 AAA
Configuration Service displays as Started. If the 8950 AAA configuration server is
not running, status is not displayed.

8950 AAA 3-17
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Start 8950 AAA policy server


Start 8950 AAA policy server

This topic provides various methods that you can use to start the policy server.

Related information
The 8950 AAA policy server handles the authentication, authorization, and accounting
requests. The policy server process runs on the 8950 AAA server. It is a multi-threaded
system designed to handle multiple tasks concurrently.

Before you begin



1 Perform one of the following tasks where the 8950 AAA server is installed to start the
policy server:
• From the SMT application - in the SMT tool bar, click the Policy Server tool icon
Select Start Server in the drop-down list.
Result: The policy server starts and the status changes to green in SMT.
• From the command-line window - navigate to the <Installed Directory>/bin folder.
Enter the command ./aaa start policy
Result: The policy server starts. The output is displayed as follows:
8950 AAA Policy Server starting...
8950 AAA Policy Server initialized.
• As a Windows service - navigate to Start Menu -> Control Panel -> Administrative
Tools -> Services.
Select 8950 AAA Policy Service from the list of applications.
In the left-hand panel, click Start the service, or right-click and select Start.
Result: The server starts as a Windows service. The status changes to Started.


3-18 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Start 8950 AAA policy server

Policy server status
You can check the status of the policy server in one of the following ways:
• From the SMT
Check for the status of the policy server icon in the tool bar:
– Green - the policy server is active.
– Red - the policy server is inactive.
• From the CLI
Execute this command from <install>/bin folder:
./aaa list policy
The output is as follows if the policy server is running:
101 Server active
8950 AAA Policy Server responding
The output is as follows if the policy server is not running:
8950 AAA Policy Server not responding
• From Windows service (For Windows OS)
If the 8950 AAA policy server is active, then the status of the 8950 AAA Policy
Service displays as Started. If the 8950 AAA policy server is not running, status is not

8950 AAA 3-19
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Automatically start the 8950 AAA servers


Automatically start the 8950 AAA servers

In the event of a sudden machine outage and when the machine reboots, you can set the
8950 AAA processes to start automatically whenever the operating system reloads. These
two procedures provide instructions to automatically start the 8950 AAA servers. The
procedures can be performed on Windows platform or on UNIX as required.

Related information

Before you begin

Ensure that you have the right privileges as a Windows user to operate on Windows

Perform this on the Windows platform:

1 Click Start Menu -> Control Panel -> Administrative Tools -> Services.
Result: The Services window opens.

2 Select 8950 AAA Policy Service or 8950 AAA Configuration Service from the list of

3 To automatically start the servers when the 8950 AAA is started, from the drop-down list
in the Startup type field, select Automatic and click OK.

Perform the following configuration on the 8950 AAA server installed on a Solaris

1 Create a script called /etc/init.d/aaa with the following content:

3-20 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Automatically start the 8950 AAA servers

Note: Based on the flavour of the UNIX , the script may change. Refer your UNIX
documentation for the same.
[ ! -f $AAA_HOME/bin/aaa ] && exit
# Start/stop processes required for 8950 AAA
case "$1" in
$AAA_HOME/bin/aaa start
$AAA_HOME/bin/aaa stop
$AAA_HOME/bin/aaa restart
echo "Usage: $0 { start | stop | restart }"
exit 1
1. Change the line AAA_HOME=/opt/AAA with the correct path where you have
installed the 8950 AAA.
2. If the AAA processes are not owned by the root, but by another OS user, then
change the lines that begin after start, restart, or stop the processes to:
su - aaa -c "$AAA_HOME/bin/aaa xxx"

2 Create some symbolic links, so that this file is executed when starting up or shutting
down Solaris:
# chmod a+x /etc/init.d/aaa

8950 AAA 3-21
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Automatically start the 8950 AAA servers

# ln -s /etc/init.d/aaa /etc/rc3.d/S99aaa
# ln -s /etc/init.d/aaa /etc/rc0.d/K01aaa
# ln -s /etc/init.d/aaa /etc/rc1.d/K01aaa
# ln -s /etc/init.d/aaa /etc/rcS.d/K01aaa

3 To ensure that this script and the links works, you can optionally execute the following
# /etc/rc3.d/S99aaa start
# /etc/rc0.d/K01aaa stop
Note: You can even reboot the whole system.

3-22 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install configuration sets after installing 8950 AAA


Install configuration sets after installing 8950 AAA

This topic provides procedures to install configuration sets from the SMT after installing
8950 AAA:
• Use “From the SMT” (p. 3-23) to install the configuration sets from the SMT.
• Use “From installation directory” (p. 3-25) to install the configuration sets from the
<AAA_Install>/run/samples folder.

Related information
A configuration is a collection of policy and data files, which the 8950 AAA server uses
to determine the following:
• User authentication
• Authorized access and configuration
• Accounting data processing
A configuration set includes all the files necessary to support a particular AAA

Before you begin

Refer to the list of configuration set options at Step 7 in the “Install 8950 AAA server on
Windows” (p. 3-8) procedure.

From the SMT


1 To start the 8950 AAA SMT, perform one of the following tasks:
• On the Windows platform:
From the Windows desktop, double-click the Server Management Tool icon or click
the Start button to display the Start Menu. Select Programs and scroll down to 8950
AAA 8.x.x. Click Server Management Tool.
• On a CLI:
Change to the <AAA_Install>/bin folder in the 8950 AAA install directory.
Enter aaa-smt at the command prompt and press Enter.
• On the UNIX/Linux platform:
Run the following command in the <AAA_Install>/bin directory:

8950 AAA 3-23
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install configuration sets after installing 8950 AAA


2 From the SMT, select Server Configuration tab. In the left navigation pane, select Policy
Server > Policies > PolicyFlow Editor.
Note: If the PolicyAssistant configuration set is selected during installation, click
PolicyAssistant on the navigation pane and click Install New PolicyFlow….

Figure 3-1 Install new PolicyFlow


3 Click Install New PolicyFlow....

Result: The PolicyFlow Installation window appears.

4 Select the required policy set.


5 Click the Install Policy Flow button. A message is displayed.

3-24 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install configuration sets after installing 8950 AAA



6 Click Yes to continue. On completion a message is displayed.


7 Perform the following steps:

1. Click OK.
2. Restart the 8950 AAA policy server.
To restart the servers, click the policy server icon on the SMT tool bar. From the
pop-up menu, click Restart Server.
Note: To refresh the SMT with the latest configuration files for the selected policy set,
click Disconnect button from the SMT tool bar and click Connect button again. Use
your credentials to login to the SMT.
Result: The new configuration set is installed.

From installation directory

You can find the sample configuration sets in the <AAA_Install>/run/samples folder.

1 Review the readme.txt files in run/samples/ directory to determine the policy set that best
matches your business needs.

8950 AAA 3-25
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Install configuration sets after installing 8950 AAA


2 Copy all the files from the correct folder under the <AAA_Install>/run/samples/ directory
to the <AAA_Install>/run folder.
Note: Do not perform this step if this is an upgrade and you are unsure of what
configuration files are stored in the <AAA_Install>/run folder.

3 Restart the 8950 AAA servers.

For more information on how to restart the 8950 AAA servers, see Step 7.
Result: The 8950 AAA is configured for the new policy flow set.

3-26 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Stop 8950 AAA configuration server


Stop 8950 AAA configuration server

This topic provides instructions to stop the configuration server.

Related information

Before you begin

Ensure that the configuration server is running. Always start and stop the configuration
server from where the 8950 AAA server is installed. Do not start or stop the configuration
server from a remote SMT GUI.


1 Perform one of the following tasks where the 8950 AAA server is installed to stop the
configuration server:
• From the SMT application - in the SMT navigation pane, click the Configuration
Server tool icon, .
Select Shutdown Server in the drop-down list.
Result: The configuration server stops and the status changes to red in SMT.
• From the command-line window - navigate to the <Installed Directory>/bin folder.
Enter the command ./aaa stop config
Result: The configuration server stops. The output is displayed as follows:
101 Shutdown initiated....
8950 AAA Configuration Server shut down.
• As a Windows service - navigate to Start Menu -> Control Panel -> Administrative
Tools -> Services.
Select 8950 AAA Configuration Service from the list of applications.
In the left-hand panel, click Stop the service, or right-click and select Stop.
Result: The configuration server stops and no status is displayed in the window.

8950 AAA 3-27
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Stop 8950 AAA configuration server

Note: To restart the configuration server, perform any of the tasks as follows:
• From the SMT application, select Restart Server from the drop-down list to
restart the configuration server.
• From the command-line window, execute the command
./aaa restart config
The status of the configuration server changes to green after it restarts.

3-28 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Stop 8950 AAA policy server


Stop 8950 AAA policy server

This topic provides instructions to stop the policy server.

Related information

Before you begin

Ensure that the policy server is running.


1 Perform one of the following tasks where the 8950 AAA server is installed to stop the
policy server:
• From the SMT application - in the SMT tool bar, click the Policy Server tool icon,
Select Shutdown Server in the drop-down list.
Result: The policy server stops and the status changes to red in SMT.
• From the command-line window - navigate to the <Installed Directory>/bin folder.
Enter the command ./aaa stop policy
Result: The policy server stops. The output is displayed as follows:
101 Shutdown initiated....
8950 AAA Policy Server shut down.
• As a Windows service - navigate to Start Menu -> Control Panel -> Administrative
Tools -> Services.
Select 8950 AAA Policy Service from the list of applications.
In the left-hand panel, click Stop the service, or right-click and select Stop.
Result: The policy server stops and no status is displayed in the window.
Note: To restart the policy server, perform any of the tasks as follows:
• From the SMT application, select Restart Server from the drop-down list to
restart the policy server.
• From the command-line window, execute the command
./aaa restart policy

8950 AAA 3-29
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Stop 8950 AAA policy server

The status of the policy server changes to green after it restarts.

3-30 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Connect local SMT or MT to remote AAA server using RMI
over SSH or NAT

Connect local SMT or MT to remote AAA server using RMI over

This topic provides port details with an example to connect the local SMT or MT to
remote 8950 AAA server using Remote Method Invocation (RMI) over Secure Shell
(SSH) or Network Address Translation (NAT) tunnel.

Related information
The following ports are used to connect SMT or MT using RMI over SSH or NAT:
• Configuration Server Registry Port: 9097
• Configuration Server Secure Registry Port: 9098
• Policy Server Registry Port: 9099
• Policy Server Secure Registry Port: 9100

Before you begin

Establish the SSH or NAT tunnel.
Note: The following procedure is only an example of connecting SMT to
configuration server over SSH in RedHat Linux (port forwarding to Configuration
Server Secure Registry Port).

The following steps only serve as an example to establish the connection:

1 Log in to the local 8950 AAA server as root. In the command prompt, enter the following:
# ssh -L <local free port>:<destination>:<port> <osuser>@<remotehost>
Example: [root@grape run]# ssh -L 9093: aaa@
Where grape is the local 8950 AAA machine, aaa is the user to log into the OS on the
remote server at hosting the 8950 AAA server.

2 Log in to the SMT on local host with the port forwarded to remote host as shown in the
Figure 3-2, “Login screen” (p. 3-32).

8950 AAA 3-31
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Connect local SMT or MT to remote AAA server using RMI
over SSH or NAT

Figure 3-2 Login screen

Result: The Verify Certificate Chain screen is displayed.


3 Select the default value and click OK.

3-32 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Connect local SMT or MT to remote AAA server using RMI
over SSH or NAT

Figure 3-3 Verify certificate chain screen

Result: Again Verify Certificate Chain screen is displayed.


4 Select the default value and click OK.

8950 AAA 3-33
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Connect local SMT or MT to remote AAA server using RMI
over SSH or NAT
Result: The SMT GUI is displayed on the remote server.

Figure 3-4 SMT GUI on a remote server


Stop SMT application

This topic provides procedures to disconnect and close the SMT application on both
Windows and UNIX platforms.

1. From the SMT icon bar, click to disconnect the SMT from the AAA server.
2. Click to close the SMT application.

3-34 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Support for VMware


Support for VMware

The 8950 AAA can run within a virtual machine without conflict and has been used
successfully with various VMware products and also with Solaris Zones. However, there
are specific known issues that can arise out of an inadequate VM environment.
The 8950 AAA provides real-time network service for requests using protocols such as
Diameter and Radius. In order to provide real-time service, the 8950 AAA server needs to
have guaranteed access to machine resources such as CPU, memory and disk. Any time
that the AAA application shares hardware with other independent applications in a
production mode, there must be some infrastructure in place to guarantee AAA an
appropriate share of resources. This is true whether AAA runs in a VM, or simply resides
on the same host with another application.
This is particularly noticeable when using the Radius protocol. Radius runs on top of the
UDP network layer and as such does not possess the packet-delivery guarantees that
services using TCP do. In cases where the Radius receiver is starved of resources, it is
very likely that Radius packets are lost.
Radius is designed to deal with packet loss, and in non-production modes this may be
acceptable, since lost packets are simply retried. But in cases where performance is
critical and network behaviors including packet loss are monitored, excessive packet loss
is unacceptable.
So, any use of VMs in production cases needs to take care to use only VM products that
are capable of providing resource quotas to a VM. Oracle/Solaris containers and VMware
ExSI do provide this when installed on the bare hardware. Any time a VM server is
installed on top of another OS, that OS must of course provide resource quota
management to the VM host; the VM host can only allocate those resources it itself is
guaranteed access to.

8950 AAA 3-35
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Learn 8950 AAA


Learn 8950 AAA

Various options
Alcatel-Lucent provides a variety of options for you to learn 8950 AAA, including
context help, tool tips for the graphical interface, and reference manuals.
Context help in SMT
You can read The SMT GUI displays content help.
In the Server Configuration tab, many screens provide information related to the various
configuration tasks that are executed on the GUI. Click to open the help in a new
window or click to expand the section and read the help on the same window.
Use SMT tool tips
The SMT tool tips display the name of tools, buttons, or controls and provide helpful
information when entering data in fields.
Position the pointer over a tool, button, or control, and pause. A tool tip appears showing
the name or a descriptive note for the item.
View reference manuals
View reference documents in one of the following ways:
• The <AAA_Install>/doc directory contains some reference documentation.
• From the SMT tool bar, click and from the pop-up menu, select the required
Access web site
To access the Discussion Forum:
1. Using a browser, enter the following URL: (
2. Select On-line Support Forums from the menu on the left of the 8950 AAA Web
3. Follow Support Forum instructions for logging and accessing content.
You can access additional resources for learning about the 8950 AAA at the 8950 AAA
web site ( These resources are continually updated. Explore
the web site for additional information about 8950 AAA.
Download Adobe Reader
To download the latest version of Adobe Reader to view pdf based manuals, visit the 8950
AAA web site or (

3-36 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Technical support


Technical support
Remote technical support and pre-sales support
• For Alcatel-Lucent remote technical support and warranty claims, send an e-mail to
• To find hotline contact information for your country, refer the website
• For pre-sales and sales information, contact your local Alcatel-Lucent sales

8950 AAA 3-37
365-360-007 Release 8.2
Issue 3 April 2014
Install and learn 8950 AAA Technical support


3-38 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
4 Remove 8950 AAA

This chapter provides procedures to remove the 8950 AAA from your UNIX or Microsoft
Windows systems.
The uninstall process does not remove the 8950 AAA configuration files from the
<AAA_Install>/run directory or any files you put in the 8950 AAA directories. To
uninstall the 8950 AAA completely, remove the installation directory after completing the
uninstall procedures.


Uninstall from UNIX platform 4-2

Uninstall from Windows platforms 4-4

8950 AAA 4-1
365-360-007 Release 8.2
Issue 3 April 2014
Remove 8950 AAA Uninstall from UNIX platform


Uninstall from UNIX platform

This procedure provides instructions to uninstall 8950 AAA from UNIX platform.


1 Using the command prompt, navigate to the temporary directory that contains the file.
Note: If you have deleted the unzipped version, unzip again before you proceed with
the next step.

2 Enter the following command to uninstall the 8950 AAA:

./ -uninstall
Press Enter key.
The following output is displayed:
8950 AAA Setup, Version 8.x
Copyright (c) 2014 Alcatel-Lucent. All Rights Reserved.
You are about to remove 8950 AAA.
Are you sure you want to continue? [Y | N (Default)]

3 Type Y to confirm the uninstallation and press Enter key. The following output is
Enter the directory for AAA: [/opt/AAA]:

4 Press Enter key to accept the default or change the location to the 8950 AAA installed
directory. Press Enter key. The Setup program removes the 8950 AAA from your system
and the following output is displayed:
Removing from: /opt/AAA
Setting up for reading entries
Removing installation files...DONE
Uninstall of 8950AAA complete.

4-2 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Remove 8950 AAA Uninstall from UNIX platform

Result: The 8950 AAA is removed from the system.

8950 AAA 4-3
365-360-007 Release 8.2
Issue 3 April 2014
Remove 8950 AAA Uninstall from Windows platforms


Uninstall from Windows platforms

This procedure provides instructions to uninstall 8950 AAA using the Control Panel on
Windows platform.

To uninstall from Control Panel:


1 Click Start > Settings > Control Panel > Add or Remove Programs.

2 Select the 8950 AAA 8.x and click on Change or Remove.

Result: The 8950 AAA is removed from the system.

To uninstall from a Command Prompt:


1 Using the command prompt navigate to the temporary directory that contains the
extracted file.
Ensure that the setup.exefile is present in this directory
Note: If you have deleted the unzipped version, unzip again to proceed with the next

2 Type the following and press Enter:

setup -uninstall
Result: The 8950 AAA Setup program appears.

3 In the Choose 8950 AAA Location window, enter or browse to the installed directory, and
click Next.
Result: The 8950 AAA is removed from the system.


4-4 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Remove 8950 AAA Uninstall from Windows platforms


8950 AAA 4-5
365-360-007 Release 8.2
Issue 3 April 2014
Remove 8950 AAA Uninstall from Windows platforms


4-6 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
5 5 etermine hardware

This chapter deals with the major issues involved in planning an 8950 AAA server


Hardware needs 5-1

Basic AAA load calculations 5-2
Server sizing 5-4
Scaling your network 5-5
Load distribution 5-6

Hardware needs
Analyzing requirements
This section covers the basic sizing calculations, two sample scenarios, implementation
considerations and additional recommendations to help you estimate your system needs.
The performance of the 8950 AAA software depends on a variety of factors. Consult your
Alcatel-Lucent sales representative to determine the hardware necessary to run the 8950
AAA server in your production environment.
Consider the following factors that determines the hardware requirement:
• Complexity of your PolicyFlow (configuration).
• Peak usage and average session times that you can expect.
• Storage of subscriber information, such as SQL Database (Oracle or Sybase) or an
LDAP directory (Sun One Directory).
8950 AAA 5-1
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Hardware needs

• Hardware currently in use, such as Oracle servers or Intel Based server (number of
CPUs, Memory).
• Volume of subscribers or ports that the system handles.
• Type of connection services that are available, such as dial-in, DSL, VPN, 802.11
Wireless LAN (802.1x), or 3G-1X Data.
• Operating system that the customer prefers, such as Oracle Solaris, Windows/Intel,
and Linux.
• Layout of the physical network, such as the location of Radius clients.

Basic AAA load calculations

Maximum AAA load
To determine the system hardware requirements, perform preliminary calculations to
establish the maximum AAA load that your system can handle. Some basic definitions for
commonly used terms are as follows.
AAA Session
The standard measurement of a load created by a single user session that generates one
Access Request and two accounting records namely START record and STOP record.
AAA load
AAA load is expressed as AAAs per second (AAA/s).
Peak Busy Hour
It is the hour of the day when the greatest number of users access the network and is also
called The Peak Hour.
Maximum Simultaneous Sessions (MSS)
MSS is the total number of concurrent sessions during the Peak Hour. This is equal to the
total number of occupied ports.
Peak Hour Load
The 8950 AAA implementation must be designed to handle the load during the Peak
To estimate the Peak Hour Load, it is necessary to know the following:
• The network MSS
• The expected average length of a session that has started during the Peak Busy Hour

5-2 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Basic AAA load calculations

The number or percentage of ports not used is subtracted from the total ports on the
network during the Peak Hour (MSS = total number of ports – percentage of ports not
used ). For example, in a network with 100,000 ports and an expected Peak Hour vacancy
factor of 5 percent, the estimated MSS total at Peak would be 100,000 - 5,000 = 95,000
(or 95 percent of 100,000).
In many cases, it is sufficient to use the maximum number of sessions as the MSS.
Port Use Factor
The number of times a port is used during the Peak Hour. For example, in a network
where an average Peak Hour user session lasts 30 min, each port could be used twice
during the hour
Port Use Factor = {60/average call length in minutes}. . If the total number of ports in use
is 60 and the average call length in minutes is 30, the Port Use Factor is 2 (60/30 = 2). For
an average session length of 20 min, the Port Use factor is 3 (60/20 = 3).
Peak Hour User Sessions
The number of user sessions in the peak hour.
Peak Hour User Sessions = Port User Factor x MSS
For example, 100,000 ports at 5 percent vacancy factor at Peak Hour calculate to an
estimated MSS of 95,000. Thus, Peak Sessions = 95,000 * 2 = 190,000 . If the Port Use
Factor is 3, then, Peak Hour sessions = 95,000 * 3 = 285,000
AAA Load
The number of peak hour sessions per second. It is expressed as AAA/s.
AAA Load = (Peak Hour Sessions/3600) AAA/s
Note: The formula for calculating the Peak Hour AAA/s load is (AAA per second
total ports in use * 60); average call length in seconds is 3,600 s.
Peak Hour AAA/sec Load = Peak Hour User Sessions average call length in seconds .
Using the data from the first example, substitute 190,000 for Peak User Sessions and
1,800 s for the average 30 min call length (Peak Hour AAA per sec Load =
190000/3600 = 52.7 AAA/s). The second example of 20 min per session (285,000 / 1,
2000) results in 285000/3600 = 79.1 AAA/s. In these calculations, we can round off
these AAA figures to 55 and 80 respectively.

8950 AAA 5-3
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Server sizing


Server sizing
Maximum AAA capacity
To estimate server requirements, it is necessary to know your server's maximum
AAAs/sec capacity.
This number depends on the following factors:
• System speed - Number of processors and processor speed
• Hardware shared with other applications, for example, the Server Management Tool
• Number of methods in the PolicyFlow
• Interaction with the Universal State Server
• Whether the server accesses a database or directory
• How the server handles accounting records, such as writing to disk or entering into a
Estimating server size requires learning how the access servers select and balance the
load between AAA servers. Some access servers can switch between a maximum of three
AAA servers while others can only switch between two.
For this example, assuming the following factors:
• A peak hour load of 25 AAA/sec
• Access servers that can switch between two RADIUS servers
• Two 8950 AAA servers that can handle 30 AAA/sec each
• The two AAA servers use the IP Addresses and
Configure the access servers such that the first choice server, RADIUS #1, is equally
divided between the access servers
Half of the access servers list the RADIUS servers in the following order:
The next half reverses the preference and lists the RADIUS servers in the following
With this configuration, you can expect the Peak Load 25AAA/sec total load to be
equally divided between the two RADIUS servers - each server processes 12.5 AAA/sec
in the Peak Busy Hour.

5-4 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Server sizing

If one of the two RADIUS servers becomes unavailable (for example, the network
experiences an outage or power failure) the entire load of 25 AAA/sec falls on the
remaining RADIUS server which is safely under its maximum rating of 30 AAA/sec.
As this example demonstrates, in cases where access servers can select between two
RADIUS servers, it is important to distribute the load so that in normal operation no
RADIUS server handles more than 50% of its rated capacity. This ensures a reserve
capacity in the event of server failure.

Scaling your network

Load handling by AAA
The second example of Server Sizing assumes that the network has grown from a Peak
Hour load of 25 AAA/sec to a load of 36 AAA/sec.
In normal operation, one 8950 AAA server can handle 18 AAAs/second (1/2 the load). If
one server fails, the remaining server has to handle all 36 AAA/sec, which is not possible.
In such cases, a failure requires a third 8950 AAA server to handle the load.
If there are three 8950 AAA servers each with 30 AAA/second capacities and with the
following IP addresses,, and assigned to the servers.
Configure the servers so that the RADIUS #1 is equally divided between the three
The first three of the access servers list the RADIUS servers in the following order:
The second three stagger the preference and list the RADIUS servers in the following
The last three stagger the preference and list the RADIUS servers in the following order:

8950 AAA 5-5
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Scaling your network

As in the previous example with two 8950 AAA servers, the normal load is evenly
distributed across the three 8950 AAA servers. With a Peak Hour AAAs/sec rate of 36,
each of the 8950 AAA servers can handle 12 AAA/sec during the peak hour.
If one of the 8950 AAA servers fails or otherwise becomes unavailable, the load is evenly
distributed across the other two servers. This leaves each with an 18 AAA/sec load, which
is safely within its load capacity.
This example shows that when the access server can list three AAA servers, each server
can handle up to two- thirds of its maximum (30 AAA/sec in this example) capacity.
However, a more conservative load factor of 50% should be used and an allowance must
be made for simultaneous failure of two systems in situations where:
• maximum reliability must be ensured
• unreliable network links exist
• Power supply problem exist
• computing hardware or similar problems are encountered

Load distribution
Load distribution
In cases where the total Peak Hour AAA load exceeds the rated capacity of a RADIUS
server, develop a means to ensure that the load is evenly distributed.
For example, in the case of the three 8950 AAA servers and the three access servers that
can only list two 8950 AAA servers, a scheme using three 8950 AAA servers similar to
the following could be used. One bank of the access servers would list the 8950 AAA
servers in this order:
The first group lists the RADIUS servers in this order:
The next group lists the RADIUS servers in this order:
The last group lists the RADIUS servers in this order:

5-6 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Load distribution

The access servers are configured so that first and second 8950 AAA server choices are
equally divided between the three server banks.

8950 AAA 5-7
365-360-007 Release 8.2
Issue 3 April 2014
Determine hardware needs Load distribution


5-8 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014

C Connect SMT or MT using RMI Ports, 3-31 uninstall from Windows, 4-4
over SSH or NAT, 3-31
connect SMT or MT using upgrade of 8950 AAA, 2-4
............................................................. RMI over SSH or NAT, 3-31
use ZIP/TAR utility, 2-3
D download 8950 AAA latest product overview, 1-1
version, 2-2 .............................................................
V valid license, 2-3
R RIM, 3-31
VMware support, 3-35
H hardware needs, 5-1 .............................................................
hardware requirements, 1-6
S scaling network, 5-5
X X-server, 3-14
server memory, 1-5
I install configuration sets, 3-23 server sizing, 5-4
install on windows, 3-8 server storage, 1-5
installing on unix/linux, 3-2 start configuration server, 3-16
installing server management tool, start policy server, 3-18
start SMT
on UNIX, 3-14
J java environments, 1-4
on Windows, 3-14
remotely, 3-14
L latest java version, 1-4 stop configuration server, 3-27
learning 8950 AAA, 3-36 stop policy server, 3-29
load calculations, 5-2 stop SMT, 3-34
load distribution, 5-6 .............................................................
T technical support, 3-37
P patch levels of operating system, third-party software, 3-13
platform support, 1-3
U uninstall from unix, 4-2

8950 AAA IN-1
365-360-007 Release 8.2
Issue 3 April 2014


IN-2 8950 AAA
365-360-007 Release 8.2
Issue 3 April 2014

You might also like