Hotlining/Dynamic Radius Attributes - Cisco ASR 5000 series Product Overview

▀ Supported Features
This feature provides a policy mechanism so you can enable user entitlements and provision treatments for native users
and applications relative to roaming subscribers, Mobile Virtual Network Operators (MVNOs), and offnet P2P traffic.

Hotlining/Dynamic RADIUS Attributes

WiMAX is an all IP-based networking technology in which mobile operators seek a more profitable business model.
One way to do this is to avoid traditional device subsidization that accompanies the sale of locked devices that restrict
access to provisioned subscribers of an operator's network. The WiMAX Forum has proposed remote Over-the-Air
(OTA) activation protocols such as Open Mobile Alliance Device Management (OMA DM) to enable self-provisioned,
self-configured, retail subscription models.
The ASN GW supports hotlining on a session basis. This capability is enabled by default. The rule-based hotlines use an
IP redirection rule with the standard attribute Filter-ID. The server sends the ACL names in the Filter-ID attribute,
which in turn, locates the rules.
Upon receiving a RADIUS Access-Accept message containing the Filter-ID attribute, the ASN GW locates the rule list,
using the name contained in Filter-ID, and applies them to the session.
Configure the rules locally on the ASN GW under ACL groups.
In this scenario:
A user with an unprovisioned access device registers with a special decorated NAI that represents him/her as a
non-subscriber to the AAA.
The AAA grants limited network access by returning a hotlining filter rule to the ASN Gateway. ASN GW
hotlining support uses the standard attribute Filter-ID, along with the session identification parameters User-
Name, Calling-Station-ID, and AAA-Session-ID.
An IP address is assigned during initial network entry. The ASN Gateway uses the redirect address associated
with the filter rule to hotline the call to a web activation portal.
The user profile and subscription activation process is completed. The call is forwarded to the OMA DM server.
The OMA DM server triggers a network-initiated bootstrapping session with the OMA DM client on the user
access device.
The OMA DM uses XML messaging over a secure OTA connection to remotely configure the access device.
If a session and an ACL list are located, the rules are applied to the session and a COA-ACK is returned. The
AAA server transmits a RADIUS message to the ASN Gateway instructing it to ―unhotline‖ the session.
At this point, the user is a known subscriber to the back-end subscription database and is granted unrestricted
access to the network.
This feature facilitates a non-subsidized retail activation model through over-the-air user-driven subscription and remote
device configuration. It also prevents unprovisioned users unrestricted access to the wireless operator's network. This is
a complementary technique you can use with operator fraud prevention systems by quarantining fraudulent user sessions
or redirecting them to a billing/web portal.
Multi-flow QoS
Within a WiMAX ASN, QoS enforcement is administered by the Service Flow Authorization (SFA) component in the
ASN Gateway (also referred to as Anchor Policy Charging Enforcement Function, or A-PCEF). SFA provides traffic
management and QoS policy management for subscriber service flows.
▄ Cisco ASR 5000 Series Product Overview
ASN Gateway Overview
OL-22938-02