| Since the mid 90's, the portfolio increase of Internet has become the main increase factor of the data business. It is actually a fact that the IP network will become the telegraphy network. However, IP network was not a network of telegraphy at that time. Compared to PSTN, there is a huge margin to the IP network in the field of opertation and management.At present, the authentication methods which telcommunication operators and service provider take are local authentication, RADIUS authentication and non-authentication. And there are also many type of accouting strategy such as accounting by month, by session time, by flowmeter, by port, etc. And the centralized authentication and accounting method through the RADIUS server is widely used.However, there are many instances in which it is desirable for changes to be made to session characteristics, without requiring the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate a user session in progress. Alternatively, if the user changes authorization level, this may require that authorization attributes be added/deleted from a user session.To overcome these limitations, additional RADIUS attributes have been implemented, in order to be able to support unsolicited messages sent from the RADIUS server to the NAS. These extended attributes provide support for disconnect and change-of-authorization (CoA) messages. Disconnect messages cause a user session to be terminated immediately, whereas CoA messages modify session authorization attributes such as bandwidth.In article, the configration, packet format and packet types of the new extended attributes are presented. Related tests have been taken, and reached a decent result.Finally, some advice is presented for the security confiderations related to the new extended attributes. |
PDF Full Text Request