Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Categorizing Access-Requests from Different Devices

 

Within a WiMAX network, Steel-Belted Radius Carrier may communicate with several types of clients including an ASN-GW, home agent, DHCP server or something else. Steel-Belted Radius Carrier must determine what type of client it is communicating with in order to process the request and send the appropriate response. Access-Requests from each client type must be handled differently and reply attributes on the Access-Accept may differ based on client type. For example, the Access-Request from the home agent contains the User-Name attribute, which identifies a Mobile IP session instead of a user. However, the Mobile IP session is associated (paired) with the user. Therefore, when the Access-Request from the home agent arrives, the username is looked up and the reply attributes are processed correctly.

The [RADIUS client-Access-Request-Required-Attributes] section of the wimax.ini file list the attributes that must be present in an Access-Request to classify the RADIUS client as a WiMAX ASN-GW, home agent, DHCP server, or something else (Other).

Access-Request from the ASN-GW

Access-Request from the ASN-GW

An Access-Request from the ASN-GW is a device or user EAP authentication request. This request may contain attributes that indicate, for example, whether the VAAA is assigning the home agent or whether the device authentication phase of EAP has succeeded. Returned attributes may contain, for example: Session-Timeout, Packet-Flow-Descriptor, and QoS-Descriptor.

Access-Request from the Home Agent

Access-Request from the Home Agent

An Access-Request from the home agent is a device request, not an authentication request. However, if no mobile session has been established for the pseudo-identifier, then this request is rejected. The RRQ-HA-IP attribute may be received, and if so, then the RRQ-MN-HA-KEY is returned. The Framed-IP-Address attribute may also be returned to the home agent.

Access-Request from the DHCP Server

Access-Request from the DHCP Server

An Access-Request from the DHCP server is a device request, not an authentication request. However, if no mobile session has been established for the pseudo-identifier, then this request is rejected. The DHCP-RK attribute is returned to the DHCP server.

Categorization Rules

Categorization Rules

To determine the WiMAX client type, the Access-Request categorization rules are as follows:

  • If the Access-Request contains all mandatory attributes and no attributes that can only be attached to either a home agent or DCHP server, then the WiMAX client type is ASN-GW.

  • If the Access-Request contains all mandatory attributes and no attributes that can only be attached to either an ASN-GW or DCHP server, then the WiMAX client type is home agent.

  • If the Access-Request contains all mandatory attributes and no attributes that can only be attached to either an ASN-GW or home agent, then the WiMAX client type is DHCP server.

  • If the Access-Request comes from some other client type, it may or may not be allowed. If the Access-Request is allowed, then the WiMAX client type is Other. However if the Access-Request is not allowed, then it is rejected.

For more details about configuring the list of required attributes based on client type, see the [RADIUS client-Access-Request-Required-Attributes section in the SBR Carrier Reference Guide.