Table of Contents
Advertisement
User session disconnection by system
The following three types of user disconnections are supported:
•
When the RADIUS requests disconnection, the system does not send an
accounting stop message. The system sends a failure message to the first
authenticated user on the port and initiates the authentication of other users on the
port.
•
When the maximum session duration is expired. The system sends a failure
message to the first authenticated user on the port and initiates other users on the
port to start authentication.
•
When there is a request to disable or delete a user port, the system gracefully
terminates the user sessions on the port before the port is disabled or deleted. User
session accounting data is sent to the RADIUS accounting servers when the
session is terminated.
Re-authentication
To ensure that there is no service interruption during re-authentication, it is required
re-authentication of the supplicant must occur before the session expires. The
supplicant does not cause any service interruption during re-authentication. New
accounting-stop or accounting-start messages are not sent due to re-authentication.
The P-OLT supports the re-authentication state. The configuration of the
re-authentication function is made on a port basis and includes enabling or disabling
re-authentication and setting the re-authentication period.
The RADIUS Termination Action attribute is supported. If a Termination Action is
received, re-authentication is performed only at the request of the RADIUS server.
The RADIUS server overrides local configuration of re-authentication in the P-OLT.
If re-authentication is enabled on a port, the Session Timeout value returned by
RADIUS service is used as the re-authentication period. If the RADIUS server does
not return a Session Timeout value, the re-authentication timer for the port that is
configured by the management system is used.
If there is no response from an RADIUS server for re-authentication due to an NT
card switchover, the P-OLT treats the re-authentication as a successful one for 30
min.
If re-authentication is disabled for a port, the Session Timeout value returned by
RADIUS server is used to terminate the sessions. Re-authentication initiated by the
management system is not required.
During re-authentication, traffic to and from the user is not interrupted. The port
forwards bidirectional traffic until re-authentication is completed. If
re-authentication fails, the port is changed to unauthorized state.
An EAP Request Identity message is sent to the port when the re-authentication timer
expires.
Alcatel-Lucent 7342 ISAM FTTU ONT R04.05.06
3FE 51892 AAAA TCZZA
July 2008
Edition 01 ONT Product Information Manual
4 — ONT software and security features
4-9
Advertisement
Table of Contents
