|
Table Of Contents
About the SCE-Sniffer RADIUS LEG
Information About the SCE-Sniffer RADIUS LEG
About the SCE-Sniffer RADIUS LEG
This module describes the SCE-Sniffer RADIUS LEG software module, and terms and concepts
The SCMS SM SCE-Sniffer RADIUS LEG is a software module that receives RDR (Raw Data Record) messages containing RADIUS information from SCE devices configured with a RADIUS Sniffer service. The SCE-Sniffer RADIUS LEG is an extension of the Subscriber Manager (SM) software and runs as part of the SM process.
• Information About the SCE-Sniffer RADIUS LEG
Information About the SCE-Sniffer RADIUS LEG
The SCE device analyzes RADIUS traffic that traverses it (1), and reports the RADIUS transactions to the LEG using the RDR protocol (2). The LEG associates the RDR data to subscriber properties (name, subscriber IP, domain, and policies), and triggers a login or logout operation to the SM (3).
Figure 1-1 SCE-Sniffer RADIUS LEG Operation
RADIUS Integration Overview
This implementation of the SCE-Sniffer RADIUS LEG supports RFC 2865 (RADIUS protocol) and RFC 2866 (RADIUS Accounting).
The LEG uses the following packet types:
•Accounting-Start—Initiates login operations (with subscriber IP, domain, and policies)
•Accounting-Interim-Update—Initiates login operations (with subscriber IP, domain, and policies)
•Accounting-Stop—Initiates logout operations
•Access-Request—Initiates domain and policies associations
•Access-Accept—Initiates login operations (with subscriber IP and policies)
The LEG uses the following attributes:
•User Name (Attribute #1)—Default attribute for subscriber ID
•NAS-IP-Address (Attribute #4)—Associates the NAS IP address as the subscriber's domain (optional)
•Framed-IP-Address (Attribute #8)—Associates an IP address to the subscriber
•Framed-IP-Netmask (Attribute #9)—Associates an IP netmask to the subscriber
•Framed-Route (Attribute #22)—Associates an IP/IP-range to the subscriber
•NAS-Identifier (Attribute #32)—Associates the NAS identifier as the subscriber's domain (optional)
•Acct-Status-Type (Attribute #40)—Distinguishes between the different accounting transactions.
To associate policies to the subscribers, configure the LEG with the attribute that contains the policy information. The Vendor Specific attribute (Attribute #26) can be used to associate policies to the subscribers in addition to all other RADIUS attributes of type string or integer.
To determine the subscriber ID, configure the LEG with the attribute that contains the subscriber ID information. The Vendor Specific attribute (Attribute #26) can be used to determine the subscriber ID in addition to all other RADIUS attributes of type string. By default, the User-Name (Attribute #1) is configured to hold the subscriber ID.
Terms and Concepts
The following list of terms and concepts are necessary to understand the SCE-Sniffer RADIUS LEG, configuration, and operation. Additional information regarding other various issues can be found in the Cisco SCMS Subscriber Manager User Guide .
• RADIUS Authentication Transactions
• RADIUS Accounting Transactions
LEG (Login Event Generator)
A software component that performs subscriber login and logout operations on the SM, which is used to handle dynamic subscriber integration.
RDR (Raw Data Record)
A client/server data protocol that enables the SCE devices to export network transactions reports to external collectors. This is a Cisco proprietary protocol.
NAS (Network Access System)
A network device that serves as an access point for a remote user. It initiates RADIUS transactions to the RADIUS server to authenticate a remote user.
RADIUS Authentication Transactions
The RADIUS transactions are used for authenticating a remote user, and authorizing access to the network's resources. The LEG supports RADIUS authentication based on RFC 2865. The authentication RADIUS packets used by the LEG are ACCESS-REQUEST and ACCESS-ACCEPT.
RADIUS Accounting Transactions
The RADIUS accounting transactions are used to keep track of the services used by the user for administrative purposes. The LEG supports RADIUS accounting based on RFC 2866. The only RADIUS accounting packet the LEG uses is ACCOUNTING-REQUEST.
Accounting-Start Packet
An abbreviated term used in this document to describe an ACCOUNTING-REQUEST packet with the ACCT-STATUS-TYPE attribute set to start. The NAS sends this packet to the RADIUS server when the remote user starts using a network service. The LEG uses it to initiate a login operation on the SM.
Accounting-Stop Packet
An abbreviated term usedin this document to describe an ACCOUNTING-REQUEST packet with the ACCT-STATUS-TYPE attribute set to stop. The NAS sends this packet to the RADIUS server when the remote user stops using a network service. The LEG uses it to initiate a logout operation on the SM.
RADIUS Sniffer
The software logic inside the SCE device that analyzes RADIUS traffic and sends the information to the SCE-Sniffer RADIUS LEG using the RDR protocol.
Subscriber ID
The Service Control solution requires a unique identifier for each subscriber. A subscriber ID represents a logical subscriber entity from the service provider perspective.
Subscriber Mappings
The SCE platform requires mappings between the network IDs (IP addresses) of the flows it encounters and the subscriber IDs. The SM database contains the network IDs that map to the subscriber IDs. The SCE network-ID-to-subscriber mappings are constantly updated from the SM database.
Subscriber Domain
The SM provides the option of partitioning SCE platforms and subscribers into subscriber domains. A subscriber domain is a group of SCE platforms that share a group of subscribers. Subscriber domains can be configured using the SM configuration file and can be viewed using the SM Command-Line Utility (CLU).
For additional information about domains and domain aliases, see the Cisco SCMS Subscriber Manager User Guide .
Subscriber Policy
A subscriber policy package usually defines the policy enforced by Cisco SCMS solutions on each subscriber. The SCE-Sniffer RADIUS LEG can handle the policy in any of the following ways:
•Set the policy according to configurable attributes of the RADIUS transactions
•Set the policy using a constant default value
•Leave the package ID unset
For additional information, see the Cisco Service Control Application for Broadband User Guide .
Posted: Tue Jan 22 00:16:32 PST 2008
All contents are Copyright © 1992--2008 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.