Chapter 2 Setting Up BBSM Hotspot
Feature Considerations
Although BBSM Hotspot officially supports the Cisco ACS, Microsoft IAS, and Navis RADIUS server protocols, it is compatible with any RADIUS server that complies with RFCs 2865 and 2866 and allows configuration of vendor-specific attributes.
BBSM Hotspot stores accounting and activation/deactivation information in the
RADIUS_SessionHistory table in the BBSM Hotspot database. This table provides independent auditing of end-user sessions. Session data can be viewed in the RADIUS Session History report or by direct SQL query.
The RADIUS Session History report shows session activation and deactivation entries:
•Session activation entries—When the end user authenticates through the RADIUS authentication server and gains Internet access
•Session deactivation entries—When the end user’s Internet access is terminated
The report shows Start and Stop accounting requests and whether or not an accounting response was received. If BBSM Hotspot is configured to send Interim-Update packets, the report displays the first Interim-Update accounting request made for each session. Subsequent Interim-Update requests are reported only if an error occurs during the packet transmission.
RADIUS Authentication, Authorization, and Accounting
Each time the end user connects to the BBSM Hotspot service, BBSM Hotspot prompts the user for a username and password. These values are sent in the Access-Request packet to the RADIUS authentication server. These authentication servers can be configured by administrators by order of rank using the RADIUS Server web page in Hotspot Configuration. (Servers are ranked in ascending order, so the primary RADIUS server is rank = 1, secondary server is rank = 2, and so on.) When sending the Access-Request packets, BBSM Hotspot begins authenticating servers in ascending order by using all configured RADIUS authentication servers until an Access-Accept packet is received:
•If a server does not respond within the specified time, BBSM Hotspot attempts to contact that server up to three times before moving to the next highest ranked server.
•If a server responds with an Access-Reject packet, BBSM Hotspot immediately attempts to authenticate using the next highest ranked server. (A RADIUS user can have a session active on more than one computer on the BBSM Hotspot network at the same time if this option is configured.)
When a RADIUS server sends a vendor-specific attribute that contains a bandwidth kbps value, BBSM Hotspot throttles the bandwidth of the end-user session to the specified kbps value (if bandwidth throttle is configured on BBSM Hotspot). To use this feature, administrators need to configure their RADIUS server to send the vendor-specific attribute to transmit the following:
•A vendor ID of 5263
•A vendor type of 1
•The integer value of the bandwidth kbps desired for the user account
RADIUS accounting provides administrators with end-user session information when Internet access is granted and terminated. This end-user information can then be retrieved from RADIUS accounting servers, and independent billing can be performed. Administrators can choose flat-rate or per-minute billing by using the information that BBSM Hotspot sends to the RADIUS accounting server in Start and Stop Accounting-Request packets. If configured, BBSM Hotspot also sends Interim-Update packets to the RADIUS accounting server at intervals set by the administrator.
Cisco BBSM Hotspot 1.0 User Guide
