ADC SG-1 USER GROUP

Appendix A: SG-1 Vendor-Specific Attributes June 30, 2006

A-6 SG1-UM-8500-03

Hierarchical Attribute Mode

Most of the EDS attributes are operated in hierarchy mode. In this mode, each session includes per each attribute 3

hierarchy-operating level spaces. The first level space is the system default that is being configured, either by

management or statically. The second is the user space that is initially being filled in the user authentication phase,

and the third is the service space that is being re-filled on each user service change.

The user space level defines the session's “basic” configuration; whereas the service space level is “layered” above

it upon a successful dynamic service change. In each level space, the system keeps a set of relevant configurations

for that level. The “lifetime” of operation in a service level space is from a successful authentication of that service

until a successful authentication of a new service. The “lifetime” of operation in a user level space is the entire

period in which the user is authenticated for the session. The effective value of a hierarchy attribute is the most

updated value in the highest level space (the highest level for which there is a value defined for the attribute).

USER GROUP

user:accounting sub-attribute

The user:accounting sub-attribute defines the session accounting operation mode and allows the operator to define

per each user the accounting methodology. The attribute may be included more than once in request or accept

messages. The following operation may be configured:

•disable – some operations like symmetric multilink, VPN, or unbilled services do not need the accounting

information sent to the RADIUS. This accounting operation mode disables the sending of the accounting

information.

The user:accounting sub-attribute is sent as a response to service authentication. It configures the accounting

behavior on the received respond. The service default behavior is not to send any accounting records unless

the respond includes the enable accounting option.

Accounting information is sent as followed:

Authentication Response Type Accounting Behavior

Session Authentication

Access Accept message includes the

user:accounting=disable sub-attribute

Accounting Start and Stop are disabled

Service Authentication

Access Accept message does not include the

user:accounting sub-attribute

Accounting On and Off are disabled