Categorizing the Access-Requests from Different Devices
Within a WiMAX network, Steel-Belted Radius Carrier may communicate with several types of clients including an ASN-GW, HA, DHCP server or something else. Steel-Belted Radius Carrier must determine what type of client it is communicating with in order to process the request and send the appropriate response. Access-Requests from each client type must be handled differently and reply attributes on the Access-Accept may differ based on client type. For example, the Access-Request from the HA contains the User-Name attribute, which identifies a mobile IP session instead of a user. However, the mobile IP session is associated (paired) with the user. Therefore, when the Access-Request from the HA arrives, the username is looked up and the reply attributes are processed correctly.
The [RADIUS client-Access-Request-Required-Attributes] section of the wimax.ini file list the attributes that must be present in an Access-Request to classify the RADIUS client as a WiMAX ASN-GW, HA, DHCP server, or something else (Other).
Access-Request from the ASN-GW
An Access-Request from the ASN-GW is a device or user EAP authentication request. This request may contain attributes that indicate, for example, whether the VAAA is assigning the HA or whether the device authentication phase of EAP has succeeded. Returned attributes may contain, for example: Session-Timeout, Packet-Flow-Descriptor, and QoS-Descriptor.
Access-Request from the HA
An Access-Request from the HA is a device request, not an authentication request. However, if no mobile session has been established for the pseudo-identifier, then this request is rejected. The RRQ-HA-IP attribute may be received, and if so, then the RRQ-MN-HA-KEY is returned. The Framed-IP-Address attribute may also be returned to the HA.
Access-Request from the DHCP Server
An Access-Request from the DHCP server is a device request, not an authentication request. However, if no mobile session has been established for the pseudo-identifier, then this request is rejected. The DHCP-RK attribute is returned to the DHCP server.
Categorization Rules
To determine the WiMAX client type, the Access-Request categorization rules are as follows:
- If the Access-Request contains all mandatory attributes and no attributes that can only be attached to either a HA or DCHP server, then the WiMAX client type is ASN-GW.
- If the Access-Request contains all mandatory attributes and no attributes that can only be attached to either a ASN-GW or DCHP server, then the WiMAX client type is HA.
- If the Access-Request contains all mandatory attributes and no attributes that can only be attached to either a ASN-GW or HA, then the WiMAX client type is DHCP server.
- If the Access-Request comes from some other client type, it may or may not be allowed. If the Access-Request is allowed, then the WiMAX client type is Other. However if the Access-Request is not allowed, then it is rejected.
For more details about configuring the list of required attributes based on client type, see "[RADIUS client-Access-Request-Required-Attributes] Sections" in the Steel-Belted Radius Carrier Reference Guide.