Cisco Service Control Subscriber Manager LEGs User Guide, Release 5.0.x

RADIUS Integration Overview

This implementation of the Cisco SCE-Sniffer RADIUS LEG supports RFC 2865 (RADIUS Protocol) and RFC 2866 (RADIUS Accounting).

The LEG uses the following packet types:

• Accounting-Start—Initiates login operations (with subscriber IP, domain, and policies).
• Accounting-Interim-Update—Initiates login operations (with subscriber IP, domain, and policies).
• Accounting-Stop—Initiates logout operations.
• Access-Request—Initiates domain and policies associations.
• Access-Accept—Initiates login operations (with subscriber IP and policies).

The LEG uses the following attributes:

• User Name (Attribute no. 1)—Default attribute for subscriber ID.
• NAS-IP-Address (Attribute no. 4)—Associates the NAS IP address as the subscriber's domain (optional).
• Framed-IP-Address (Attribute no. 8)—Associates an IP address to the subscriber.
• Framed-IP-Netmask (Attribute no. 9)—Associates an IP netmask to the subscriber.
• Framed-Route (Attribute no. 22)—Associates an IP/IP-range to the subscriber.
• NAS-Identifier (Attribute no. 32)—Associates the NAS identifier as the subscriber's domain (optional).
• Acct-Status-Type (Attribute no. 40)—Distinguishes between the different accounting transactions.
• Framed-IPv6-Prefix (Attribute no. 97)—Associates an IPv6 address to a subscriber.
• Framed-IPv6-Route (Attribute no. 99)—Associates an IPv6 route to a subscriber.

To associate policies to the subscribers, configure the LEG with the attribute that contains the policy information. The Vendor-Specific attribute (Attribute no. 26) can be used to associate policies to the subscribers in addition to all other RADIUS attributes of type string or integer.

To determine the subscriber ID, configure the LEG with the attribute that contains the subscriber ID information. The Vendor-Specific attribute (Attribute no. 26) can be used to determine the subscriber ID in addition to all other RADIUS attributes of type string. By default, the User-Name (Attribute no. 1) is configured to hold the Subscriber ID.

Fair Usage Policy

When a subscriber logs in through the SCE-Sniffer RADIUS LEG, that subscriber is mapped to an appropriate package ID based on the mapping defined in the SCE-Sniffer RADIUS LEG configuration file. If the Cisco SCMS Quota Manager is used to define quota for each subscriber, at some point of time, the subscriber may move to a penalty package based on the usage, as defined in the Quota Manager configuration.

RADIUS LEG does not change the package ID if the subscriber is in a penalty package.

To use this feature, you must add the list of penalty packages to the SCE-Sniffer RADIUS LEG configuration file by using the ignore_policy_list parameter. For details on the ignore_policy_list parameter, see the “Configuring the General Settings” section.

If the penalty packages are added to the configuration file, the Subscriber Manager checks whether the subscriber is in any of the penalty package defined in the ignore policy list. If the subscriber is in any of the penalty package, the Subscriber Manager will not update the new package and continue with the existing penalty package until the penalty period is over.

If you have configured the default_policy parameter, do not use the same value in the ignore_policy_list parameter.