RADIUS attributes for Internet billing

Link copied to clipboard

An Internet session consists of the following RADIUS requests:

  • Authorize::NETACCESS

  • Accounting::NETACCESS::Start

  • Accounting::NETACCESS::Alive

  • Accounting::NETACCESS::Stop

Authentication/Authorization requests

Link copied to clipboard

Currently, the following attributes are required for the correct processing of authentication/authorization requests:

Attribute

Description

User-Name (required)

This is the name of the user being authenticated by the RADIUS server.

Password

Encrypted password with PAP or CHAP authentication. Present only in an authentication request.

NAS-IP-Address (required)

Specifies the IP address of the network access server that is requesting authentication.

NAS-Port-Type

Indicates the type of the port on the network access server that is requesting authentication.

NAS-Port

Indicates the port on the network access server that is requesting authentication.

Service-Type

The type of service the user is requesting.

Framed-IP-Address

The IP address to assign to a user. It can be defined for a user under an account configuration or allocated by NAS from a pool of IP addresses.

PortaBilling can modify the Framed-IP-Address value depending on which NAS sends the request. PortaBilling extracts the NAS IP address from the NAS-IP-Address attribute and checks for the IP mapping rule defined for the NAS on the Configuration server. The mapping rule defines the IP pool allocated to this NAS.

If there is no mapping rule, PortaBilling returns the static IP address assigned to the user in the Framed-IP-Address. Otherwise, it assigns the IP address to the user from the IP pool allocated to the NAS.

To configure IP pool mapping, enter the ippoolmapper=Porta::Extra::IPPoolMapper string for the LoadModules option on the Configuration server. Then define the mapping rules for every NAS you use in your network in the IniOptions option.

Authentication/Authorization responses

Link copied to clipboard

The billing server can generate one of three responses to NAS:

  • Access Reject – the user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or unknown or inactive user account.

  • Access Challenge – additional information such as a secondary password, PIN, etc. is requested from the user. Access Challenge is also used in complex authentication dialogues.

  • Access Accept – the user is granted access. Once the user is authenticated, the billing server will check that the user is authorized to use the network service requested.

Accounting requests

Link copied to clipboard

The focus of accounting is to track both network resources usage and traffic characteristics.

The following attributes are used for the correct processing of accounting requests:

Attribute

Description

Acct-Status-Type

The type of accounting message: Start, Alive, Stop.

Calling-Station-Id

The user’s telephone number for a Dialup session, MAC address for a PPPoE session and the IP address for a PPP session.

Called-Station-Id

The telephone number the user calls for a Dialup session, MAC address for a PPPoE session and the user IP address for a PPP session.

Acct-Session-Time

Defines how long the user is connected (for Alive requests) or was connected (for Stop requests).

Acct-Session-Id

A unique identifier for the session.

Acct-Input-Octets

The user’s outgoing traffic (in bytes).

Acct-Output-Octets

The user’s incoming traffic (in bytes).

Acct-Input-Packets

Indicates the number of received packets.

Acct-Output-Packets

Indicates the number of sent packets.

User-Name

Indicates the name of the user for the accounting request.

NAS-IP-Address

Specifies the IP address of the network access server that is sending accounting requests.

On this page