Authentication And Addressing; Accounting; Table 47: Required Radius Access-Request Attributes - Juniper JUNOSE SOFTWARE 11.2.X - BROADBAND ACCESS CONFIGURATION GUIDE 7-20-2010 Configuration Manual

Authentication and Addressing

Accounting

Copyright © 2010, Juniper Networks, Inc.
You can also use an optional RADIUS proxy server to provide additional enhancements
to the 802.1x-based environment. For example, the RADIUS proxy server enables
subscribers to be multiplexed to multiple Internet service providers (ISPs) that are
customers of the same carrier. The server performs one of the following actions:
If the ISP's RADIUS server supports EAP, the RADIUS proxy server extends the EAP
session to the RADIUS server.
If the ISP's RADIUS server does not support EAP, the RADIUS proxy server translates
the EAP session into a legacy RADIUS session for the RADIUS server.
The WAP initiates the authentication and authorization request by sending a standard
RADIUS Access-Request to the RADIUS relay server. The Access-Request must include
the attributes listed in Table 47 on page 243. The attributes uniquely identify the wireless
subscriber.

Table 47: Required RADIUS Access-Request Attributes

Attribute Name
Called-Station-id [30]
Calling-Station-id [31]
When the RADIUS server authenticates the subscriber, the router's RADIUS relay server
creates a RADIUS Access-Accept message and sends the message back to the subscriber.
The router's DHCP server (either the router's DHCP local server or an external DHCP
server) assigns an IP address to the subscriber and creates the subscriber interface.
For information about using the optional SRC software with the RADIUS relay server to
assign IP addresses, see "RADIUS Relay Server and the SRC Software" on page 244.
The WAP might periodically reauthenticate a subscriber. For example, reauthentication
is necessary to renegotiate a new Wired Equivalent Privacy (WEP) key. The RADIUS relay
server ignores any new RADIUS attributes that are sent during a renegotiation operation.
The RADIUS relay server's clients (the WAPs) send standard accounting request messages
to the RADIUS relay server. The accounting server processes the request and sends the
results back to the RADIUS relay server, which then creates a RADIUS accounting response
message and forwards the information to the client WAP.
For tracking purposes, the forwarding RADIUS relay server adds the Radius-Client-Address
vendor-specific attribute (VSA 26-52) to the forwarded accounting request messages.
The VSA indicates the RADIUS relay server's IP address.
For information about using the SRC software with the RADIUS relay server to provide
accounting, see "RADIUS Relay Server and the SRC Software" on page 244.
Chapter 5: Configuring RADIUS Relay Server
Description
Subscriber's WAP
Subscriber's media access control (MAC) address
243