An Internet session consists of the following RADIUS requests:
-
Authorize::NETACCESS
-
Accounting::NETACCESS::Start
-
Accounting::NETACCESS::Alive
-
Accounting::NETACCESS::Stop
Authentication/Authorization requests
Currently, the following attributes are required for the correct processing of authentication/authorization requests:
Attribute |
Description |
---|---|
User-Name (required) |
This is the name of the user being authenticated by the RADIUS server. |
Password |
Encrypted password with PAP or CHAP authentication. Present only in an authentication request. |
NAS-IP-Address (required) |
Specifies the IP address of the network access server that is requesting authentication. |
NAS-Port-Type |
Indicates the type of the port on the network access server that is requesting authentication. |
NAS-Port |
Indicates the port on the network access server that is requesting authentication. |
Service-Type |
The type of service the user is requesting. |
Framed-IP-Address |
The IP address to assign to a user. It can be defined for a user under an account configuration or allocated by NAS from a pool of IP addresses. PortaBilling can modify the Framed-IP-Address value depending on which NAS sends the request. PortaBilling extracts the NAS IP address from the NAS-IP-Address attribute and checks for the IP mapping rule defined for the NAS on the Configuration server. The mapping rule defines the IP pool allocated to this NAS. If there is no mapping rule, PortaBilling returns the static IP address assigned to the user in the Framed-IP-Address. Otherwise, it assigns the IP address to the user from the IP pool allocated to the NAS. To configure IP pool mapping, enter the ippoolmapper=Porta::Extra::IPPoolMapper string for the LoadModules option on the Configuration server. Then define the mapping rules for every NAS you use in your network in the IniOptions option. |
Authentication/Authorization responses
The billing server can generate one of three responses to NAS:
-
Access Reject – the user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or unknown or inactive user account.
-
Access Challenge – additional information such as a secondary password, PIN, etc. is requested from the user. Access Challenge is also used in complex authentication dialogues.
-
Access Accept – the user is granted access. Once the user is authenticated, the billing server will check that the user is authorized to use the network service requested.
Accounting requests
The focus of accounting is to track both network resources usage and traffic characteristics.
The following attributes are used for the correct processing of accounting requests:
Attribute |
Description |
---|---|
Acct-Status-Type |
The type of accounting message: Start, Alive, Stop. |
Calling-Station-Id |
The user’s telephone number for a Dialup session, MAC address for a PPPoE session and the IP address for a PPP session. |
Called-Station-Id |
The telephone number the user calls for a Dialup session, MAC address for a PPPoE session and the user IP address for a PPP session. |
Acct-Session-Time |
Defines how long the user is connected (for Alive requests) or was connected (for Stop requests). |
Acct-Session-Id |
A unique identifier for the session. |
Acct-Input-Octets |
The user’s outgoing traffic (in bytes). |
Acct-Output-Octets |
The user’s incoming traffic (in bytes). |
Acct-Input-Packets |
Indicates the number of received packets. |
Acct-Output-Packets |
Indicates the number of sent packets. |
User-Name |
Indicates the name of the user for the accounting request. |
NAS-IP-Address |
Specifies the IP address of the network access server that is sending accounting requests. |