Filter
Top Products
2-35
Cisco BBSM Hotspot 1.0 User Guide
78-15293-01
Chapter 2 Setting Up BBSM Hotspot
Feature Considerations
Although BBSM Hotspot officially supports the Cisco ACS, Microsoft IAS, and Navis RADIUS server
protocols, it is compatible with any RADIUS server that complies with RFCs 2865 and 2866 and allows
configuration of vendor-specific attributes.
BBSM Hotspot stores accounting and activation/deactivation information in the
RADIUS_SessionHistory table in the BBSM Hotspot database. This table provides independent auditing
of end-user sessions. Session data can be viewed in the RADIUS Session History report or by direct SQL
query.
The RADIUS Session History report shows session activation and deactivation entries:
• Session activation entries—When the end user authenticates through the RADIUS authentication
server and gains Internet access
• Session deactivation entries—When the end user’s Internet access is terminated
The report shows Start and Stop accounting requests and whether or not an accounting response was
received. If BBSM Hotspot is configured to send Interim-Update packets, the report displays the first
Interim-Update accounting request made for each session. Subsequent Interim-Update requests are
reported only if an error occurs during the packet transmission.
RADIUS Authentication, Authorization, and Accounting
Each time the end user connects to the BBSM Hotspot service, BBSM Hotspot prompts the user for a
username and password. These values are sent in the Access-Request packet to the RADIUS
authentication server. These authentication servers can be configured by administrators by order of rank
using the RADIUS Server web page in Hotspot Configuration. (Servers are ranked in ascending order,
so the primary RADIUS server is rank = 1, secondary server is rank = 2, and so on.) When sending the
Access-Request packets, BBSM Hotspot begins authenticating servers in ascending order by using all
configured RADIUS authentication servers until an Access-Accept packet is received:
• If a server does not respond within the specified time, BBSM Hotspot attempts to contact that server
up to three times before moving to the next highest ranked server.
• If a server responds with an Access-Reject packet, BBSM Hotspot immediately attempts to
authenticate using the next highest ranked server. (A RADIUS user can have a session active on
more than one computer on the BBSM Hotspot network at the same time if this option is
configured.)
When a RADIUS server sends a vendor-specific attribute that contains a bandwidth kbps value, BBSM
Hotspot throttles the bandwidth of the end-user session to the specified kbps value (if bandwidth throttle
is configured on BBSM Hotspot). To use this feature, administrators need to configure their RADIUS
server to send the vendor-specific attribute to transmit the following:
• A vendor ID of 5263
• A vendor type of 1
• The integer value of the bandwidth kbps desired for the user account
RADIUS accounting provides administrators with end-user session information when Internet access is
granted and terminated. This end-user information can then be retrieved from RADIUS accounting
servers, and independent billing can be performed. Administrators can choose flat-rate or per-minute
billing by using the information that BBSM Hotspot sends to the RADIUS accounting server in Start and
Stop Accounting-Request packets. If configured, BBSM Hotspot also sends Interim-Update packets to
the RADIUS accounting server at intervals set by the administrator.