90
Network Parameters
RADIUS
• RADIUS Overview
• Unique AP-2500 RADIUS Client Features
• RADIUS Messages and RADIUS Attributes
• Sample RADIUS Transmissions
• RADIUS Configuration Parameters
RADIUS Overview
RADIUS is a proven carrier-class protocol to perform accurate time and volume-based billing. The RADIUS protocols
are defined in RFCs 2865 (Authentication) and 2866 (Accounting). These RFCs are available at
http://www.rfc-editor.org/. Coming from the traditional dial-up Internet access world, this mature protocol has been
adapted to perform the same tasks in modern broadband environments, both for public access and residential
solutions. The core RADIUS client implementation of the AP-2500 is being used in carrier networks every day by
hundreds of thousands of users worldwide, providing accurate authentication and accounting information in
conjunction with virtually all major RADIUS servers (e.g. Lucent, Funk, and Cisco).
The AP’s RADIUS client implementation is characterized not only by carrier-class redundancy, but also by an
innovative implementation of new features improving:
• Authentication security (e.g. SSL)
• Authentication accuracy (e.g. MAC address transmission)
• Accounting accuracy (e.g. accurate time stamps and bytes sent/received information even during network
maintenance)
• Accounting flexibility (interim accounting messages)
• User convenience to maximize revenues (e.g. ability to dynamically change service plan and update
accounting records in real time)
Unique AP-2500 RADIUS Client Features
The AP-2500 provides a number of unique RADIUS-driven features that improve the customer experience.
Dynamic Service Plan Change via ICC
The AP allows the end-user to dynamically change his service plan without contacting a system administrator. The
billing records are kept up-to-date via a real-time RADIUS accounting request message. This feature lets you upsell a
premium service plan to premium users with no additional costs. For example, a user may be synchronizing his email
at an airport when he finds that a co-worker has sent him a 20 Mbyte presentation. Since the user only subscribes to
the most cost effective plan at 256 Kbits/sec, it may mean that he has to miss his plane because he cannot exceed this
speed. With the AP-2500, the user can simply choose a faster plan and only get billed for the time he is using the plan.
The ICC JAVA applet also contains a Logout button that allows the end-user to terminate a session (explicit logout).
Upon pressing the Logout button and confirming the explicit session termination request in an additional pop-up
window, the ICC will send an XML command to the AP. The AP then immediately sends an Accounting Stop message
to the RADIUS server. Alternatively, the user can also type http://1.1.1.1/ into his browser to initiate a session
termination. An appropriate confirmation message will be shown in the user's browser to confirm the explicit session
termination. See Information and Control Console (ICC) for more information on the ICC.
Automatic Re-transmission and “Remember Me” Cookie
Most network operators consider it important to implement short idle time-outs to improve network efficiency.
Idle-time-outs can be effectively used to ensure accurate billing for users that either turn off their laptop or lose network
access for any other reason (such as the AP becomes inoperable). Therefore, the user will have to login again after a
period of inactivity. However, the AP supports two features to improve the user experience: RADIUS re-authentication
and the “Remember Me” cookie. Both features allow the user to seamlessly re-authenticate upon entering the network
again without having to type in the user name and password. See Enabling Cookie Support for more information on
the “Remember Me” option.