The RADIUS Timeout Set During Pre-Authentication feature was developed for ISPs that want to bill dial-in subscribers for
call setup time and the entire duration of the call session. These subscribers are billed through AAA messages in a prepaid
time model. When the subscribers are preauthenticated, a RADIUS server checks for any remaining credit in the prepaid time
model and sets a session timeout (in minutes or seconds) based on the credit available. This time can range from a few seconds
for ISDN users, to much longer for asynchronous dial-up subscribers.
Until the RADIUS Timeout Set During Pre-Authentication feature was developed, the value of RADIUS attribute 27, which is returned
during the preauthentication phase of a call, was either ignored or overwritten during the PPP authentication phase. Even
when the PPP authentication phase did not return a value for attribute 27, the old value obtained during the preauthentication
phase was being ignored.
With the RADIUS Timeout Set During Pre-Authentication feature introduced for Cisco IOS Release 12.2(15)T, if the PPP authentication
phase does not return a value for attribute 27, the old value that was returned during the preauthentication phase is saved
and used to time out the session; attribute 27 is saved in a preauthentication database for future use. However, if the PPP
authentication user profile has a session timeout configured and PPP authentication succeeds, the new value downloaded during
PPP authentication overwrites the old attribute 27 value. By setting the session timeout value in the preauthentication phase
itself, the service provider can bill the subscriber for the call setup time and the call duration.