Authentication And Addressing; Accounting; Table 47: Required Radius Access-Request Attributes - Juniper JUNOSE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-4-2010 Configuration Manual

You can also use an optional RADIUS proxy server to provide additional enhancements
to the 802.1x-based environment. For example, the RADIUS proxy server enables
subscribers to be multiplexed to multiple Internet service providers (ISPs) that are
customers of the same carrier. The server performs one of the following actions:

Authentication and Addressing

The WAP initiates the authentication and authorization request by sending a standard
RADIUS Access-Request to the RADIUS relay server. The Access-Request must include
the attributes listed in Table 47 on page 253. The attributes uniquely identify the
wireless subscriber.

Table 47: Required RADIUS Access-Request Attributes

When the RADIUS server authenticates the subscriber, the router's RADIUS relay
server creates a RADIUS Access-Accept message and sends the message back to the
subscriber. The router's DHCP server (either the router's DHCP local server or an
external DHCP server) assigns an IP address to the subscriber and creates the
subscriber interface.
For information about using the optional SRC software with the RADIUS relay server
to assign IP addresses, see "RADIUS Relay Server and the SRC Software" on page 254.
The WAP might periodically reauthenticate a subscriber. For example, reauthentication
is necessary to renegotiate a new Wired Equivalent Privacy (WEP) key. The RADIUS
relay server ignores any new RADIUS attributes that are sent during a renegotiation
operation.

Accounting

The RADIUS relay server's clients (the WAPs) send standard accounting request
messages to the RADIUS relay server. The accounting server processes the request
and sends the results back to the RADIUS relay server, which then creates a RADIUS
accounting response message and forwards the information to the client WAP.
For tracking purposes, the forwarding RADIUS relay server adds the
Radius-Client-Address vendor-specific attribute (VSA 26-52) to the forwarded
accounting request messages. The VSA indicates the RADIUS relay server's IP address.
If the ISP's RADIUS server supports EAP, the RADIUS proxy server extends the
EAP session to the RADIUS server.
If the ISP's RADIUS server does not support EAP, the RADIUS proxy server
translates the EAP session into a legacy RADIUS session for the RADIUS server.
Attribute Name
Called-Station-id [30]
Calling-Station-id [31]
Chapter 5: Configuring RADIUS Relay Server
Description
Subscriber's WAP
Subscriber's media access control (MAC) address
How RADIUS Relay Server Works
253