Tunnel Negotiation Message Sequence - Bay Networks Baystream 7 Configuration And Troubleshooting Manual

The NAS uses RADIUS accounting messages to determine when the TMS tunnel
to the local RADIUS server starts and stops. The NAS logs these occurrences and
uses the information to confirm and decrement tunnel usage counts.
The NAS security parameter settings that control RADIUS also control RADIUS
support for tunneling.

Tunnel Negotiation Message Sequence

Figure 6-2
customer's home network when the RADIUS server on the service provider's
network maintains the TMS database.
In this dialogue, the Access-Request message from the NAS is the standard access
request for an incoming call. The provider RADIUS (TMS) server detects whether
this is a tunnel candidate by parsing the Username and Called-Number attributes.
If it does not find a valid domain or user name in the database, the TMS server to
return an Access-Reject message to the NAS.
Note: The user session's authorization information flows from the remote
customer RADIUS return message. The local tunnel client does not have the
validated user identification until after the tunnel is formed.
115623B Rev. 00
shows the flow of messages between the remote node and the
BayStream Multiservice Software Version 7.2
Configuring TMS Using Local RADIUS
6-3