Authentication and accounting attributes – Proxim AP-4000 User Manual

Advanced Configuration

AP-4000 Series User Guide

Radius Profiles

111

NOTE: This feature requires RADIUS authentication using MAC Access Control or 802.1x. Wireless clients configured in

the Access Point’s static MAC Access Control list are not tracked.

Authentication and Accounting Attributes

Additionally, the AP supports a number of Authentication and Accounting Attributes defined in RFC2865, RFC2866,
RFC2869, and RFC3580.

Authentication Attributes

• State: Received in Access-Accept Packet by the AP during Authentication and sent back as-is during

Re-Authentication.

• Class: Received in Access-Accept Packet by the AP during Authentication and back as in Accounting Packets.
• Session-Timeout

–

If the RADIUS server does not send a Session-Timeout, the AP will set the subscriber expiration time to 0, which
means indefinite access.

–

The Termination Action attribute defines how the Session-Timeout attribute will be interpreted. If the Termination
Action is DEFAULT, then the session is terminated on expiration of the Session-Timeout time interval. If
Termination Action is RADIUS-Request, then re-authentication is done on expiration on the session.

–

If the RADIUS server sends a Session-Timeout, the value specified by the Session-Timeout attribute will take
precedence over the configured Authorization Lifetime value.

• Termination-Action

–

Valid values are: Default (0), RADIUS-Request (1). When the value is “default,” the Termination-Action attribute
sends an accounting stop message and then reauthenticates. If the value is “RADIUS-Request,” the
Termination-Action attribute reauthenticates without sending an accounting stop.

• Idle Timeout

–

The AP internally maintains the Idle-Timeout attribute obtained for each of the users during their authentication
process, and uses this time interval in place of accounting inactivity time for timing out clients.

• Calling Station Id

–

MAC address of the client getting authenticated.

• Called Station Id

–

The AP sends the MAC address of its own wireless interface with which the client getting authenticated is getting
associated, appended with the SSID. If VLAN is enabled, the SSID and corresponding VLAN ID get appended.

• Acct-Interim-Interval

–

Obtained during the Authentication process and used for determining the time interval for sending Accounting
Update messages.

–

This attribute value takes precedence over the value of the Accounting Update Interval.

Accounting Attributes

• Acct-Delay-Time

–

Indicates how many seconds the AP has been trying to send a particular packet related to a particular user. This
time can be used at the server to determine the approximate time of the event generating this accounting request.

• Acct-Session-Id

–

Unique accounting ID that aids in tracking client accounting records. This attribute is sent in Start and Stop
RADIUS accounting messages, and contains the client MAC address appended with the unique session ID.

• Acct-Session-Time

–

Acct-Session-Time is calculated the following way (for each transmitted/retransmitted Acct-Stop):
Acct-Session-Time = time of last sent packet - subscriber login time.

• Acct-Input-Octets