RADIUS Authentication/Authorization and Accounting Data Flow

Following is an overview of the SIC authentication, dynamic authorization, and accounting data flow processes. Figure 68 depicts the various functions involved in these processes.

Figure 68: Data Flow

 Data Flow

The SIC internal functions include:

COA Authentication Data Flow

The SIC needs to be in the RADIUS authentication path to insert the RADIUS class attribute in the Access-Accept response. The class attribute contains the encoded Diameter session ID as well as other information. The Diameter session ID is used to correlate service accounting requests to the SAE user session.

The numbers in the following procedure correlate to the numbers in Figure 68.

COA Accounting Data Flow

After a subscriber is authenticated, the NAS sends an Accounting-Request (ACR) message for the user session and for every service that is activated. The accounting requests must contain the class attribute returned with the Access-Accept response.

The numbers in the following procedure correlate to the numbers in Figure 68.

SIC Accounting Data Flow (Accounting Target=SSR)

Note: If SRC routes configured under [shared network nas-group name routes] for the SRC nas-group, and the SIC accounting routes are configured properly, the SIC can process accounting requests by using either a downstream AAA server or the SSR.

Related Documentation