ACCESS GATEWAY
126 System Administration
Realm-Based (for Realm routing)
Fixed (for routing to predefined RADIUS servers)
3.
Select the Default RADIUS Service Profile from the pull-down menu.
4.
Enter a Local Authentication Port and a Local Accounting Port.
5.
Select whether Later Login Supersedes Previous. This will allow a secondary form of authentication to
override the original authentication if necessary, and use the credentials of the last login to succeed.
Miscellaneous Options
1.
In the “Miscellaneous Options” category, Enter a value for the time (in seconds) in the
Default User
Idle Timeout
field. This value determines how much “idle” time elapses before the subscriber’s
session times out and they must login again.
2.
The Access Gateway can reauthenticate “repeat” subscribers who return to the system
within a
specified amount of time. To enable this feature, click on the check box for
Enable Automatic
Subscriber Reauthentication, and provide a time-out value (in minutes) in the Automatic
Subscriber Reauthentication Timeout
field.
3.
You can limit automatic reauthentication to the subscriber’s original zone. To do this, check
Restrict Reauthentication to Originally Authenticated Zone.
4.
If you want to enable the URL redirection feature, click on the check box for Enable URL
Redirection
.
5.
For a Network Access Server (NAS), if you want to send a NAS identifier with your
account access
request, click on the check box for
Send NAS identifier, then define the NAS identifier in the NAS
identifier field.
6.
To send the NAS IP address with your account request, click on the check box for Send
NAS IP
.
7.
To send a NAS port type with your account request, click on the check box for Send NAS
Port type,
then
define the NAS port in the NAS Port Type field.
8.
To send the Framed IP address with your account request, click on the check box for Send
Framed IP
.
9.
To enable RADIUS termination action enhancement, click on the check box for Enable Termination
Action Radius Attribute, then select the percentage (100% - 75%) of the maximum data volume
threshold for which term-action will be enforced (volume-based sessions only).
This option provides support for Radius Termination-Action for time- and volume-based subscribers
working in conjunction with an external Radius server. Enforcement of this attribute will result in
either:
logout of the subscriber
re-authentication of the subscriber through issuance of a new Radius Access-Request that contains
a new Acct-Session ID.
The Radius re-authentication that occurs due to term-action enforcement will be transparent to the subscriber.
This is also true for time based sessions that expire. Radius accounting augmentation will take place as a
result of a successful re-authentication.
To Next Page
