Authorization During Accounting-Request - AMIGOPOD PowerConnect W Clearpass 100 Software Manual

Guest
Traffic less than limit
Complete login form
Traffic over limit
Complete login form
Returned to login form
States:
Diagram 2: Sequence diagram for traffic limited authorization
If the guest has not previously logged in today, or if the guest's total traffic consumption
for today is less than the configured limit, then the guest is authorized
Accept response is sent [2].
To limit the guest's traffic, if the guest's total traffic from previous sessions today exceeds
the configured limit (200 MB) then this is determined during the authorization process
and an Access-Reject response will be sent [4].
Because the Amigopod Visitor Management Appliance uses role-based access control for
visitor accounts, the authorization rules above should be defined as part of the role that
the visitor accounts are using; in this example, the role is the "Traffic Limited Guest role".

Authorization during Accounting-Request

Because of the authorization rules applied at login time, if the guest is able to successfully
log in then it is known at that time that the guest's current traffic usage is below the
allowed quota.
Once a guest is authorized, then, how are they prevented from consuming more than their
allowed traffic quota?
8| Implementing Accounting-Based Authorization
Automated NAS login
Automated NAS login
Unauthorized
NAS
Submit form
Login Message page
Access-Request
Access-Accept
Traffic Limited Guest
l
Submit form
Login Message page
Access-Request
Access-Reject
Traffic Limited Guest
l
Authenticating
Amigopod VMA
Web login
Authentication
[2]
Authorization
[1]
Web login
Authentication
[4]
Authorization
[3]
Authorized
[1] and an Access-
Amigopod |Technical Note
[3]