Professional Documents
Culture Documents
Nokia Radius PDF
Nokia Radius PDF
06
Nokia Siemens Networks Flexi ISN, Rel.
4.0
Issue 5-3 en
RADIUS Interface, Interface Description
The information in this document is subject to change without notice and describes only the
product defined in the introduction of this documentation. This documentation is intended for the
use of Nokia Siemens Networks customers only for the purposes of the agreement under which
the document is submitted, and no part of it may be used, reproduced, modified or transmitted
in any form or means without the prior written permission of Nokia Siemens Networks. The
documentation has been prepared to be used by professional and properly trained personnel,
and the customer assumes full responsibility when using it. Nokia Siemens Networks welcomes
customer comments as part of the process of continuous development and improvement of the
documentation.
The information or statements given in this documentation concerning the suitability, capacity,
or performance of the mentioned hardware or software products are given "as is" and all liability
arising in connection with such hardware or software products shall be defined conclusively and
finally in a separate agreement between Nokia Siemens Networks and the customer. However,
Nokia Siemens Networks has made all reasonable efforts to ensure that the instructions
contained in the document are adequate and free of material errors and omissions. Nokia
Siemens Networks will, if deemed necessary by Nokia Siemens Networks, explain issues which
may not be covered by the document.
Nokia Siemens Networks will correct errors in this documentation as soon as possible. IN NO
EVENT WILL Nokia Siemens Networks BE LIABLE FOR ERRORS IN THIS DOCUMENTA-
TION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDI-
RECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED
TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY
OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION
IN IT.
This documentation and the product it describes are considered protected by copyrights and
other intellectual property rights according to the applicable laws.
The wave logo is a trademark of Nokia Siemens Networks Oy. Nokia is a registered trademark
of Nokia Corporation. Siemens is a registered trademark of Siemens AG.
Other product names mentioned in this document may be trademarks of their respective
owners, and they are mentioned for identification purposes only.
Copyright Nokia Siemens Networks 2010. All rights reserved
2 Id:0900d80580804d96 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description
Table of Contents
This document has 96 pages.
2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1 About . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 RADIUS license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 Data elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.1 RADIUS interface data format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.1.1 Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.1.2 Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.1.3 Length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.1.4 Authenticator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.2 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.2.1 Vendor-specific attribute encoding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
5.2.2 Attributes sent and received by Flexi ISN . . . . . . . . . . . . . . . . . . . . . . . 54
5.2.2.1 Access Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.2.2.2 Access Accept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.2.2.3 Accounting Request Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.2.4 Accounting Request Interim-Update . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5.2.2.5 Accounting Request Stop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
5.2.2.6 Accounting Request On/Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.2.2.7 Disconnect Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.2.2.8 Disconnect ACK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
5.2.2.9 Disconnect NAK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
5.2.2.10 Change of Authorisation (CoA) Request . . . . . . . . . . . . . . . . . . . . . . . . 64
5.2.2.11 Change of Authorisation (CoA) ACK . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
5.2.2.12 Change of Authorisation (CoA) NAK . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6 Additional features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
DN70119375 Id:0900d80580804d96 3
Issue 5-3 en
RADIUS Interface, Interface Description
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
9 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4 Id:0900d80580804d96 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description
List of Figures
Figure 1 RADIUS message flow, basic case . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Figure 2 RADIUS message flow, change PDP context parameters . . . . . . . . . . 28
Figure 3 RADIUS message flow, disconnect by RADIUS server. . . . . . . . . . . . . 29
Figure 4 RADIUS proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
DN70119375 Id:0900d80580804d96 5
Issue 5-3 en
RADIUS Interface, Interface Description
List of Tables
Table 1 Common RADIUS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Table 2 RADIUS authentication configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Table 3 RADIUS Accounting configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Table 4 RADIUS Disconnect configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Table 5 Summary of RADIUS data format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Table 6 Attribute format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 7 Attributes used by Flexi ISN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Table 8 Determined values in a RADIUS message . . . . . . . . . . . . . . . . . . . . . . . 84
Table 9 Specific attribute format for Nokia vendor-specific service attributes . . . 86
Table 10 Nokia-Service-Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Table 11 Nokia-Service-ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Table 12 Nokia-Service-Username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Table 13 Nokia-Service-Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Table 14 Nokia-Service-Primary-Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Table 15 Nokia-Service-Charging-Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Table 16 Nokia-Service-Encrypted-Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
6 Id:0900d80580804d96 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Changes in RADIUS Interface Description
Changes in documentation
Section Transmission window has been updated regarding the Capacity Extender con-
figuration.
The new 3GPP-IMSI-MCC-MNC vendor specific attribute has been in Section Vendor-
specific attribute encoding. The same attribute has been added in the tables of the
Access Request, Accounting Request Start, Accounting Request Interim-Update and
Accounting Request Stop Sections.
The descriptions of the following parameters have been updated in Section RADIUS in
the Flexi ISN environment:
Numeric ID
Encode Vendor-Specific Attributes Separately
User Authentication Method
Override User Name Containing APN/MSISDN
IP Address Generation Method
Dynamic Tunnels
Secondary Account Server Mode
RADIUS Accounting Mode
Section RADIUS in the Flexi ISN environment has been updated with a Note.
The lengths value of the attribute NSN-Tunnel-Override-Username in Section Tunnel-
ling attributes related to user authentication has been changed from 12 to 10.
Changes in documentation
Table RADIUS authentication configuration has been updated.
Changes in documentation
Section Configuration parameters has been updated with values for the RADIUS
Accounting configuration.
DN70119375 Id:0900d805807522e4 7
Issue 5-3 en
Changes in RADIUS Interface Description RADIUS Interface, Interface Description
Section RADIUS license has been updated with information about the Optional Radius
Accounting in 3GPP mode feature.
Changes in documentation
Section Transmission window has been updated with values for the Dual-Chassis con-
figuration.
Changes in documentation
Section RADIUS in the Flexi ISN environment: Added the two above mentioned modes.
Section Configuration parameters: In Table 3, the modes Redundancy and Semi
Redundancy have been added to the RADIUS Accounting configuration.
Section Vendor-specific attribute encoding: Added the above mentioned Vendor-Id and
attributes.
Section Attributes sent and received by Flexi ISN: Added the above mentioned attri-
butes to table Access Accept.
Section Tunnelling attributes related to user authentication: This new section describes
the new vendor-specific attributes.
Section Additional requirements related to dynamic tunnelling of APN: This section has
been renumbered from 6.5.2.
Section RADIUS in the Flexi ISN environment: Clarification added about switching back
to the primary server from the secondary server. Information added about the Account-
ing To Authentication Server option.
Section Configuration parameters: Added parameters Server switchover time and
Accounting To Authentication Server. Removed parameters Tunnelling in Authentica-
tion, Tunnelling in Accounting.
Section Vendor-specific attribute encoding: The definitions for the following attributes
have been updated: 3GPP-Charging-Id, 3GPP-GGSN-Address.
8 Id:0900d805807522e4 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Changes in RADIUS Interface Description
Changes in documentation
Section Configuration parameters: a new tunnelling parameter have been added (Client
tunnelling IP Address).
Section Message flow: the text has been updated.
Section Attributes: in Table Attributes used by Flexi ISN the descriptions of the Acct-
Input-Octets and Acct-Output-Octets attributes have been modified.
Section Attributes sent and received by Flexi ISN: the structure has been modified and
the tables have been updated.The following new sections have been added:
DN70119375 Id:0900d805807522e4 9
Issue 5-3 en
Changes in RADIUS Interface Description RADIUS Interface, Interface Description
Acct-Terminate-Cause
Values and profiles determined through RADIUS
Section RADIUS in the Flexi ISN environment: Clarification about switching back to the
primary server from the secondary Information added about the Accounting To Authen-
tication Server option.
Section Authentication operations: validation information has been updated.
Section Configuration parameters: the following parameters have been added: Switcho-
ver time, Tunneling in Authentication, Tunneling in Accounting, and Accounting To
Authentication Server.
Section Message flow: the figures have been modified.
Changes in documentation
The ID number for this document is now DN70119375 (previously DN04134636).
10 Id:0900d805807522e4 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Introduction
2 Introduction
This document specifies the interface between the Flexi ISN and its counterpart server
for delivering subscriber identification, the remote authentication dial-in user service
(RADIUS) server. This document is mainly based on RFC 2865 [6] and RFC 2866 [7],
together with 3GPP standard TS 29.061 [3].
2.1 About
The main sections of this document are:
Overview
This specifies the delivery of subscriber identification, the reference model, and the
interfaces between the Flexi ISN and the RADIUS server.
Data elements
This specifies the data elements for RADIUS authentication and accounting sup-
ported by the Flexi ISN.
Additional features
This specifies some new attributes and additional features supported by the Flexi
ISN.
Retrieving service components
This specifies the service aware features in RADIUS; user profile fetching during
authentication and dynamically by using the CoA message.
It is not within the scope of this document to specify the Nokia proprietary RADIUS spec-
ification between the Flexi ISN and Nokia Online Service Controller (OSC), used in the
Intelligent Content Delivery (ICD) system.
2.2 Audience
Users of this document should have a basic knowledge of the Flexi ISN, wireless net-
works, the Internet, RADIUS, and RADIUS accounting and authentication protocol.
DN70119375 Id:0900d805806888ed 11
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
12 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 13
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
missions to the other server until it receives a response or the retransmission timeout
setting expires. In case of no response, an alarm is raised indicating that this server is
out of service. Flexi ISN will continue to send requests to both RADIUS servers on sub-
sequent PDP Context Activations. Alarms are raised for both servers if they are out of
service.
There are five extra RADIUS accounting servers (also known as 'fire and forget' servers)
to which accounting messages are sent if those servers are configured in the accounting
profile that the access point in use is pointing. It is important to note that the primary and
secondary servers have different characteristics and supported features than the fire
and forget servers. All accounting messages that are sent to the primary or secondary
accounting server are sent to these servers only once, after a response from the pri-
mary/secondary server has been received. This means that there is no retransmission
to these servers. Note that if there is no reply to an Accounting Start message for a PDP
context from the primary or secondary accounting servers, nothing will be sent to
accounting servers 3 to 7 for the PDP context. The content of the accounting messages
is slightly different for fire and forget messages. The Accounting To Authentication
Server functionality does not cover fire and forget servers.
The Flexi ISN does not expect any Accounting-Response messages from the extra
RADIUS accounting servers for the sent Accounting-Requests. Note that if there is no
reply to an Accounting Start message for a PDP context from the primary or secondary
accounting servers, nothing will be sent to the extra RADIUS accounting servers regard-
ing the PDP context.
g Accounting messages are sent to 'fire and forget' servers, after the response of
either the primary or the secondary server, as described above, but only for the "pri-
mary" connection of the primary PDP context. On the other hand, in case of "sec-
ondary" connections the accounting messages are not forwarded to 'fire and forget'
servers, so this functionality cannot be used in Service Access Points.
14 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
Flexi ISN does not support the challenge/ response, and treats this challenge as though
it received an Access-Reject and sends a new Access-Request. Flexi ISN does not
support this, because there is no way the Flexi ISN can communicate with the user.
If all conditions are met, the list of configuration values for the user is placed into an
Access-Accept response. These values include the type of service (for example: SLIP,
PPP, Login User) and all the necessary values to deliver the desired service.
DN70119375 Id:0900d80580773b2c 15
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
16 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 17
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
18 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 19
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
20 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 21
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
22 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 23
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
24 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 25
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
26 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 27
Issue 5-3 en
Overview of RADIUS interface RADIUS Interface, Interface Description
g When CoA contains a Nokia-TREC-Index that results to a new QoS for the PDP
context, Flexi ISN triggers an Update PDP Context Request with the new QoS (see
Section Determining TREC through RADIUS).
28 Id:0900d80580773b2c DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Overview of RADIUS interface
DN70119375 Id:0900d80580773b2c 29
Issue 5-3 en
RADIUS license RADIUS Interface, Interface Description
4 RADIUS license
Some RADIUS features require a valid license to be enabled.The following configuration
options require the RADIUS addition license:
Authentication Operation IMSI-SGSN and IMSI-SGSN-3GPP and Account Server
Operation 3GPP, and 3GPP, server optional
Without a license RADIUS authentication works in the SIMPLE Authentication Oper-
ation mode and a Flexi ISN 4.0 configured to use 3GPP or 3GPP server optional
Account Server Operation will not use RADIUS accounting at all.
Mainly this means that all the vendor-specific and Nokia vendor-proprietary attri-
butes require a license. The only exception is the Account Server Operation modes
WAP Gateway and WAP Gateway, server optional, which use the Nokia Siemens
Networks vendor-proprietary attributes.
Interim Accounting
Without a license Interim Accounting is disabled.
Dynamic Tunnels
Without a license Dynamic Tunnels is disabled.
RADIUS Disconnect
Without a license the Flexi ISN silently discards Disconnect Requests.
RADIUS Change-of-Authorization
Without a license the Flexi ISN silently discards Change-of-Authorization Requests.
A proper license is required to be able to choose between the encoding methods
that are available for vendor-specific attributes.
A license is required for receiving Accounting Stop messages when disabling an
access point. Also the option to receive both Accounting Stop and On/Off messages
when disabling or enabling an access point requires a license.
The following functionalities require the Network Based QoS Control license:
Handle the TREC AVP received in the CoA message
Apply the TREC AVP received the Access-Accept message for all traffic classes
(also real-time)
30 Id:0900d8058068af46 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
5 Data elements
The attributes defined in this section comply with the same basic attribute formats given
in RFC 2865 [6] and RFC 2866 [7].
5.1.1 Code
The code (the field in the first octet of a packet) identifies the type of the RADIUS packet.
If a packet is received with an invalid code field, it is discarded (length, 1 octet).The
codes are the following:
Code 1: Access-Request
The Access-Request code (1) is sent by the Flexi ISN to the RADIUS server. It conveys
the information used to determine whether a user is allowed to access a specific network
access server and if there are any special requests for that user. The Access-Request
code must be transmitted when wishing to authenticate a user and must contain a
User-Name attribute and either a User-Password or CHAP-Password attribute.Upon
receipt of an Access-Request from a valid client, an appropriate reply must be transmit-
ted.
Code 2: Access-Accept
The Access-Accept code (2) is sent by the RADIUS server and provides the specific
configuration information necessary to begin the delivery service to the user.If all the
attribute values received in an Access-Request are acceptable, the RADIUS implemen-
tation must transmit a packet with the Code field set to 2 (Access-Accept).On reception
of an Access-Accept, the Identifier field is matched with a pending Access-Request.
Additionally, the Response Authenticator field must contain the correct response for the
pending Access-Request.
Code 3: Access-Reject
The RADIUS server transmits the Access-Reject code (3) if any value for the received
attributes is not acceptable.
Code 4: Accounting-Request
The Accounting-Request code (4) is sent by the Flexi ISN to the RADIUS server and
conveys information used to provide accounting for a service.The server must transmit
DN70119375 Id:0900d8058068b02b 31
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
Code 5: Accounting-Response
The Accounting-Response code (5) is sent by the RADIUS server to the client to
acknowledge that the Accounting-Request has been received and recorded success-
fully. There are no required attributes in this package.
5.1.2 Identifier
The identifier aids in matching requests and replies (length, 1 octet).
5.1.3 Length
The length indicates the length of the packet, including the Code, Identifier, Length,
Authenticator, and Attributes (length, 2 octets). The minimum length is 20 and the
maximum is 4096.The Flexi ISN silently discards packets received with an invalid
length.
5.1.4 Authenticator
The authenticator is used to authenticate the reply from the RADIUS server and to
authenticate the messages between the Flexi ISN and the RADIUS server (length, 16
octets, the most significant octet is transmitted first).There are two types of authentica-
tors:
32 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
Request Authenticator
In Access-Request packets, the authenticator value is a 16 octet random number called
the Request Authenticator. The value should be unpredictable and unique in the lifetime
of a secret (the password shared by the client and the RADIUS server). Since it is
expected that the same secret may be used to authenticate the servers in different geo-
graphic regions, the Request Authenticator field should display global and temporal
uniqueness (RFC 2865 [6]).In Accounting-Request packets, the authenticator value is a
16-octet MD5 checksum, called the Request Authenticator (RFC 2866 [7]).The authen-
ticator value in Disconnect-Request packets and the Change-of-Authorization-Request
packets is encoded the same way as the authenticator value in Accounting-Request
packets (RFC 3576 [12]).
Response Authenticator
The Authenticator field in Access-Accept, Access-Reject, and Access-Challenge
packets is called the Response Authenticator, and contains a one-way MD5 hash cal-
culated over a stream of octets consisting of:
the RADIUS packet, beginning with the Code field, including the Identifier, the
Length, the Request Authenticator field from the Access-Request packet
the response attributes, followed by the shared secret (RFC 2865 [6]).
The Authenticator field in an Accounting-Response packet is called the Response
Authenticator, and it contains a one-way MD5 hash calculated over a stream of octets
consisting of the Accounting-Response Code, Identifier, Length, the Request Authenti-
cator field from the Accounting-Request packet being replied to, and the response attri-
butes (if any) followed by the shared secret. The resulting 16 octets MD5 hash value is
stored in the Authenticator field of the Accounting-Response packet (RFC 2866 [7]).The
Authenticator value in Disconnect-Ack, Disconnect-Nak, Change-of-Authorization-ACK,
and Change-of-Authorization-NAK packets is encoded the same way as the Account-
ing-Response packet's Authenticator value (RFC 3576 [12]).
5.2 Attributes
RADIUS attributes carry the specific authentication, authorisation, information, and con-
figuration details for the request and reply.The attribute format is shown in Table 6:
Type
The Type field is one octet. The Flexi ISN ignores attributes with an unknown type.
Length
The Length field is one octet, and it indicates the length of this attribute including the
Type, Length, and Value fields.The Flexi ISN ignores attributes with an invalid
length.
Value
The Value field is zero or more octets and contains information specific to the attri-
bute. The Type and Length field determine the format and length of the Value field.
DN70119375 Id:0900d8058068b02b 33
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
g None of the types in RADIUS terminate with a null character (NUL, /0, hex00). In
particular, the types 'text' and 'string' in RADIUS do not terminate with a NUL. The
Value field's length is determined by the Length field and does not use a terminator.
The format of the Value field is one of the five data types:
Text
1-253 octets containing UTF-8 encoded 10646 characters. Texts of zero length must
not be sent.
String
1-253 octets containing binary data (values 0 through 255 decimal, inclusive).
Strings of zero length must not be sent.
Address
A 32 bit value, the most significant octet first.
Integer
A 32 bit unsigned value, the most significant octet first.
Time
A 32 bit unsigned value, the most significant octet first - in seconds since 00:00:00
UTC, January 1, 1970.
Table 7 shows the list of attributes used by the Flexi ISN, the Type number, Length,
Value format, and a short description.
34 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 35
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
36 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 37
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
38 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 39
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
40 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 41
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
42 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 43
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
Some RADIUS servers may require configuration or patching before being able to
support this encoding.It is, however, configurable in the Flexi ISN to choose how the
sub-attributes should be encoded. The configuration parameter Encode Vendor-
Specific Attributes Separately is described in Section Configuration parame-
ters. When this option is chosen each vendor-specific sub-attribute is encoded into a
separate vendor-specific attribute. The encoding looks like the following:
44 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
1 octet Vendor-Type
1 octet Vendor-Length = n + 2
n octet(s) Vendor-Value
DN70119375 Id:0900d8058068b02b 45
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
46 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
0, IPv4
DN70119375 Id:0900d8058068b02b 47
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
48 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 49
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
50 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 51
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
52 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 53
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
54 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 55
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
1. The User-Password is not sent when using CHAP as the authentication type.
2. Sent only when using CHAP as the authentication type.
3. Sent only if the PDP context request contained the RAI.
4. Sent only if received from the SGSN.
ID Attribute name
8 Framed-IP-Address
25 Class
27 Session-Timeout
28 Idle-Timeout
64 Tunnel-type
66 Tunnel-Client-Endpoint
67 Tunnel-Server-Endpoint
69 Tunnel-Password
82 Tunnel-Assignment-Id
83 Tunnel-Preference
90 Tunnel-Client-Auth-Id
135 Primary-DNS-Server
136 Secondary-DNS-Server
26/94/2 Nokia-UserProfile
26/94/3 Nokia-Service-Name
26/94/4 Nokia-Service-ID
26/94/5 Nokia-Service-Username
56 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
ID Attribute name
26/94/6 Nokia-Service-Password
26/94/7 Nokia-Service-Primary-Indicator
26/94/8 Nokia-Service-Charging-Type
26/94/9 Nokia-Service-Encrypted-Password
26/94/11 Nokia-Session-Charging-Type
26/94/12 Nokia-OCS-ID1
26/94/13 Nokia-OCS-ID2
26/94/14 Nokia-TREC-Index (1)
26/311/28 MS-Primary-DNS-server
26/311/29 MS-Secondary-DNS-Server
26/28458/1 NSN-Tunnel-User-Auth-Method
26/28458/2 NSN-Tunnel-Override-Username
The particular application of this AVP depends on the Network Based QoS Control
license. Without this license this AVP applies only for non real-time traffic classes (since
it replaces the default TREC id configured in the Flexi ISN Access Point). With this
license it applies for all traffic classes.
DN70119375 Id:0900d8058068b02b 57
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
58 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 59
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
60 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
DN70119375 Id:0900d8058068b02b 61
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
62 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
ID Attribute name
1 User-Name
DN70119375 Id:0900d8058068b02b 63
Issue 5-3 en
Data elements RADIUS Interface, Interface Description
ID Attribute name
4 NAS-IP-Address
6 Service-Type
32 NAS-Identifier
33 Proxy-State
44 Acct-Session-Id *
50 Acct-Multisession-Id *
55 Event-Timestamp
ID Attribute name
33 Proxy-State (1)
49 Acct-Terminate-Cause
55 Event-Timestamp
ID Attribute name
33 Proxy-State (1)
55 Event-Timestamp
ID Attribute name
1 User-Name
4 NAS-IP-Address
6 Service-Type
32 NAS-Identifier
33 Proxy-State
44 Acct-Session-Id *
50 Acct-Multisession-Id *
55 Event-Timestamp
26/94/3 Nokia-Service-Name
64 Id:0900d8058068b02b DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Data elements
ID Attribute name
26/94/4 Nokia-Service-ID
26/94/5 Nokia-Service-Username
26/94/6 Nokia-Service-Password
26/94/7 Nokia-Service-Primary-Indicator
26/94/8 Nokia-Service-Charging-Type
26/94/9 Nokia-Service-Encrypted-Password
26/94/14 Nokia-TREC-Index **
* : The request must contain at least one of these attributes.**: This AVP requires Acct-
Session-Id to be present in CoA. Otherwise Nokia-TREC-Index is ignored by Flexi ISN.
ID Attribute name
33 Proxy-State (1)
55 Event-Timestamp
ID Attribute name
33 Proxy-State (1)
55 Event-Timestamp
101 Error-Cause
DN70119375 Id:0900d8058068b02b 65
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
6 Additional features
Flexi ISN supports a few features not specified in the basic RADIUS documents RFC
2865 [6] and RFC 2866 [7]. This section provides a list of those features and information
about attributes related to the features.
The 3GPP standard TS 29.061 [3] requires that the DNS server addresses are specified
according to RFC 2548 [5].
66 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
6.2.1 Disconnect-Request
The Authenticator field of the Disconnect-Request packet is calculated in the same way
as for an Accounting-Request packet. For more information, see Section Authenticator.
The Disconnect-Request must contain at least one of the following attributes (TS 29.061
[3]):
Acct-Session-Id. The user session identifier. The GGSN IP address and
charging ID concatenated in a UTF-8 encoded hexadecimal.
Acct-Multi-Session-Id. An identifier for multiple related sessions.
When the Flexi ISN sends a disconnect message (that means that it is acting as a NAS
server), it includes only the Acct-Session-Id attribute and not the Acct-Multi-
Session-Id. But when the Flexi ISN (acting either as a NAS server or NAS client)
receives a Disconnect-Request, it can handle it properly when either the Acct-
DN70119375 Id:0900d805807522ee 67
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
6.2.2 Disconnect-ACK
The Disconnect-ACK packet is sent when the Disconnect-Request has been received
and the whole session or the PDP context was terminated. The Flexi ISN sends the
packet as soon as the Delete PDP Context Request has been sent to the SGSN. There
is no need to wait for the response from the SGSN before Disconnect-ACK is sent to the
RADIUS server. TS 29.061 [3] and RFC 3576 [12] do not specify the content of the Dis-
connect-ACK. The Flexi ISN implementation sends the Event-Timestamp attribute for
security reasons and the Acct-Terminate-Cause attribute with the value 6 (Admin-
Reset) in this message.
6.2.3 Disconnect-NAK
The Disconnect-NAK packet is sent when the Disconnect-Request has been received
and the PDP context was not terminated (for example, the PDP context was not found).
TS 29.061 [3] and RFC 3576 [12] do not specify the content of the Disconnect-NAK. The
Flexi ISN implementation sends the Event-Timestamp attribute in this message.
68 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
included in the Accounting Stop message, it should also be included in the interim
update message.
Although TS 29.061 [3] does not use these two attributes, they are clearly needed
whenever the above-mentioned counters wrap around. The Flexi ISN uses these two
attributes.
Tunnel-Type
The main RADIUS attribute is Tunnel-Type.
DN70119375 Id:0900d805807522ee 69
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
Tunnel-Server-Endpoint
This attribute indicates the address of the server end of the tunnel. The Tunnel-
Server-Endpoint must be included in the Access-Accept packet if the initiation of a
tunnel is desired. The Flexi ISN supports the attribute.
If for some reason the Flexi ISN does not accept the received IP address, the Flexi ISN
behaves as though an Access-Reject had been received.
Tunnel-Client-Endpoint
This attribute indicates the address of the initiator end of the tunnel. The Tunnel-
Client-Endpoint is not mandatory in the Access-Accept packet, so the Flexi ISN is
prepared for the case where the attribute is missing.
70 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
If for some reason the Flexi ISN does not accept the received IP address, the Flexi ISN
behaves as though an Access-Reject had been received.
Tunnel-Assignment-ID
Some tunnelling protocols, such as L2TP, allow for sessions between the same two
tunnel endpoints to be multiplexed over the same tunnel, and also for a given session
to use its own dedicated tunnel. This attribute provides a mechanism for RADIUS to be
used to inform the tunnel initiator (for example, LAC) whether to assign the session to a
multiplexed tunnel or to a separate tunnel. Furthermore, it allows for sessions sharing
multiplexed tunnels to be assigned to different multiplexed tunnels. The Tunnel-
Assignment-ID attribute is of significance only to RADIUS and the tunnel initiator. The
ID assigned by the tunnel initiator, the Flexi ISN, is not conveyed to the tunnel
peer.When the Tunnel-Assignment-ID attribute is received, the Flexi ISN should
assign a session to a tunnel in the following manner:
If this attribute is present and a tunnel exists between the specified endpoints with
the specified ID, the session should be assigned to that tunnel. An existing tunnel
can be re-used only if the same service blade is used.
If this attribute is present and no tunnel exists between the specified endpoints with
the specified ID, a new tunnel should be established for the session and the speci-
fied ID should be associated with the new tunnel.
DN70119375 Id:0900d805807522ee 71
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
If this attribute is not present, then the session is assigned to an unnamed tunnel. If an
unnamed tunnel does not yet exist between the specified endpoints, it is established and
used for this and subsequent sessions established without the Tunnel-Assignment-
ID attribute. The Flexi ISN must not assign a session for which a Tunnel-
Assignment-ID attribute was not specified to a named tunnel (that is, one that was
initiated by a session specifying this attribute).
Tunnel-Preference
If more than one set of tunnelling attributes is returned by the RADIUS server to the Flexi
ISN, this attribute should be included in each set to indicate the relative preference
assigned to each tunnel. Accordingly, when there are multiple dynamic tunnelling con-
figurations sets and the highest priority fails, the second highest will be tried.Note:
Tunnel failure can only be detected on L2TP tunnels. For IPIP and GRE the highest
priority is always used unconditionally.
72 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
Tunnel-Client-Auth-ID
The attribute specifies the name used by the tunnel initiator during the authentication
phase of tunnel establishment.
DN70119375 Id:0900d805807522ee 73
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
NSN-Tunnel-Override-Username
The attribute changes the user authentication in dynamic tunnels when credentials are
received from the terminal. When the attribute is set to Enabled (1) the credentials from
the terminal override the ones previously used. The authentication fails if the received
password is "password".
74 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
DN70119375 Id:0900d805807522ee 75
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
76 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
Nokia-OCS-ID2
6.10 Nokia-Requested-APN
Usage of this attribute requires a licence.The Nokia-Requested-APN attribute indi-
cates the name of the access point to which the user equipment requested connecting.
DN70119375 Id:0900d805807522ee 77
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
The value is copied from the access point name (APN) that is received from the SGSN
in the Create PDP Context request. Note that the requested APN may be different from
the negotiated APN (that is sent in the Called-Station-Id attribute). When the
requested APN is an alias to a physical access point, the negotiated APN contains the
name of the physical access point. Also the user profile may override the requested
APN. In this case the negotiated APN contains the name of the access point specified
in the user profile.The Nokia-Requested-APN attribute is encoded as follows:
78 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
For a RADIUS connection to get its own transmission window, the value for at least one
of the above listed parameters must be different from those in other existing configura-
tions. The parameters are defined mainly in the access point configuration. If two or
more configurations end up being the same, the RADIUS request message for those
access points will use a shared transmission window (to the same shared RADIUS
server). Each service blade of the Flexi ISN uses a fixed unique source port (the client
port) for an outgoing request. This means that there is a separate transmission window
from each service blade to a given destination. The number of the simultaneous
requests depends on the configuration:
In the Flexi ISN basic configuration there are: 2 service blades x 256 = 512 simulta-
neous requests to the same destination.
In the full Flexi ISN configuration there are: 4 service blades x 256 = 1024 (in the
one-blade GGSN the number was 256).
In the Capacity Extender and Dual-Chassis configurations there are: 13 service
blades x 137 = 1785 (approximately) simultaneous requests to the same destina-
tion.
When the number of requests to be sent is large, the transmission window size limits the
rate at which the requests are sent. On the other hand, some RADIUS servers have dif-
ficulties handling a big burst of simultaneous RADIUS messages, so the transmission
window acts as a protection mechanism as well.If the given transmission window is full
(that is, there are no free IDs left), the RADIUS request will be temporarily stored to one
of the transmission-window-specific waiting queues. Once any of the ongoing proce-
dures is finished, that request is removed from the transmission window and a pending
request is inserted into the transmission window from a waiting queue. The pending
authentication requests have one waiting queue for each transmission window, which is
emptied in FIFO order. The pending accounting requests have multiple waiting queues
for each transmission window. The queues are sorted by the accounting message type
and the access point index, and they are emptied in a round-robin fashion.
DN70119375 Id:0900d805807522ee 79
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
80 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
The Service-Type (6) attribute is used for feature activation (for example, a usage
model similar to that supported in Diameter). The Flexi ISN responds to Disconnect-
or CoA-Request including a unsupported Service-Type attribute with a Discon-
nect- or CoA-NAK.
6.14 Acct-Terminate-Cause
The Acct-Terminate-Cause attribute indicates how the session was terminated. Below
is list of values supported by the Flexi ISN and descriptions of reasons that could have
caused the context termination:
1, User Request
Context termination related to an SGSN or NAS.
the SGSN cannot be reached or is down
the SGSN has been restarted
an update PDP Context request to the SGSN has failed
an SGSN has suddenly changed its GTP version
the SGSN or NAS has created a new PDP context with the same IMSI and
NSAPI as an already existing PDP context
the SGSN assigned the TEID user plane of an already existing PDP context to
a new PDP context
an error indication message from the SGSN
a delete PDP context request from an SGSN
a RADIUS Accounting Stop, Accounting Off (=going down), or Accounting On
(=restarted) message received from NAS
the NAS did not supply an essential attribute
NAS accounting timeout, no accounting message received for the NAS context
the NAS configuration has been changed or deleted
the NAS context has the same accounting session ID as an already existing
context
3, Lost Service
Context termination related to an access point.
an access point was critically reconfigured
an access point was disabled
the access point name does not match any existing and enabled access point
4, Idle Timeout
An idle time-out in the Flexi ISN caused the context termination.
5, Session Timeout
A session time-out in the Flexi ISN caused the context termination.
6, Admin Reset
A Disconnect Request terminated the context.
Disconnect Request message from a standard RADIUS interface.
a Disconnect Request message from the RADIUS-OCS interface.
10, NAS Reset, default value
A network-initiated context termination.
DN70119375 Id:0900d805807522ee 81
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
82 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Additional features
DN70119375 Id:0900d805807522ee 83
Issue 5-3 en
Additional features RADIUS Interface, Interface Description
84 Id:0900d805807522ee DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Retrieving service components
DN70119375 Id:0900d8058068cfe6 85
Issue 5-3 en
Retrieving service components RADIUS Interface, Interface Description
Table 10 Nokia-Service-Name
86 Id:0900d8058068cfe6 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Retrieving service components
Table 11 Nokia-Service-ID
Table 12 Nokia-Service-Username
Table 13 Nokia-Service-Password
DN70119375 Id:0900d8058068cfe6 87
Issue 5-3 en
Retrieving service components RADIUS Interface, Interface Description
Table 14 Nokia-Service-Primary-Indicator
Table 15 Nokia-Service-Charging-Type
88 Id:0900d8058068cfe6 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Retrieving service components
DN70119375 Id:0900d8058068cfe6 89
Issue 5-3 en
Retrieving service components RADIUS Interface, Interface Description
Table 16 Nokia-Service-Encrypted-Password
Nokia vendor-specific attributes can be included in Access-Accept and Change-of-
Authorization messages.The required attributes for retrieving service components suc-
cessfully are:
Nokia-Service-Name or Nokia-Service-Id
Nokia-Service-Primary-Indicator for one service to describe which service
will be used as the primary service.
90 Id:0900d8058068cfe6 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Retrieving service components
7.2.1 CoA-Request
To retrieve service components through the CoA-Request the Nokia vendor-specific
attributes defined in Section User profile fetching, must be used. The CoA-Request must
contain at least one of the following attributes to be successful in service components
retrieving:
Acct-Session-Id. The user session identifier. The GGSN IP address and
charging ID concatenated in a UTF-8 encoded hexadecimal.
Acct-Multi-Session-Id. An identifier for multiple related sessions.
Additionally, the Nokia vendor-specific service attributes must be included in the CoA-
Request. The required service attributes are Nokia-Service-Name or Nokia-
Service-Id. The Nokia-Service-Primary-Indicator must be given to one ser-
vice.Flexi ISN is able to map received attributes to a unique service. This procedure
allows a service to be activated or terminated dynamically. The received attributes in the
Change-of-Authorization message will together contain a new replacing profile. This
makes terminating a service simple; the service that should be terminated is left out of
the replacing profile.
DN70119375 Id:0900d8058068cfe6 91
Issue 5-3 en
Retrieving service components RADIUS Interface, Interface Description
g The charging type (wallet ID and wallet charging type) of an already active service
cannot be changed in the updated user profile. This will lead to session termination.
Example 1
isp_service, default_service, and news_service are activated.news_service will be ter-
minated.A new replacing user profile is sent containing the attributes for isp_service and
default_service.In this case the Nokia-Service-Name or Nokia-Service-Id attri-
bute for the remaining services is enough.
Example 2
isp_service and news_service are activated.A new service, default_service, will be acti-
vated.A new replacing user profile is sent containing attributes for isp_service,
news_service, and default_service.In this case all possible Nokia service attributes for
default_service must be included. Additionally, the Nokia-Service-Name or Nokia-
Service-Id attribute for already active services (isp_service and news_service) are
included in the user profile.
7.2.2 CoA-ACK
The CoA-ACK packet is sent when the CoA-Request has been received and the user
profile was read successfully. The Flexi ISN implementation sends the Event-
Timestamp attribute for security reasons in CoA-ACK.
7.2.3 CoA-NAK
The CoA-NAK packet is sent when the CoA-Request has been received and the service
component retrieving failed (for example, the required attributes are not included in
CoA-Request, the primary indicator is missing, the required service is not found, the
user session is not found, and the RADIUS server is not reliable).The Flexi ISN imple-
mentation sends the Event-Timestamp attribute for security reasons and the Error-
Cause attribute with the value 404 (Invalid Request) in this message.
92 Id:0900d8058068cfe6 DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Retrieving service components
DN70119375 Id:0900d8058068cfe6 93
Issue 5-3 en
References RADIUS Interface, Interface Description
8 References
1. 1.RADIUS Attributes. Cisco web documentation http://www.cisco.com/uni-
vercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt6/scradatb.htm
2. 3GPP TS 29.060 GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface
(Release 6), V6.6.0, (2004-09)
3. 3GPP TS 29.061 Interworking between the Public Land Mobile Network (PLMN)
supporting Packet Based Services and Packet Data Networks (PDN), V5.9.1 (2005-
06)
4. 3GPP TS 32.015 Telecommunications management; Charging management; 3G
call and event data for the Packet Switched (PS) domain, v3.12.0, 2003
5. RFC 2548 Microsoft Vendor-specific RADIUS Attributes, G. Zorn
http://www.ietf.org/rfc/rfc2548.txt
6. RFC 2865 Remote Authentication Dial In User Service (RADIUS). C. Rigney, et al
http://www.ietf.org/rfc/rfc2865.txt
7. RFC 2866 RADIUS Accounting. C. Rigney http://www.ietf.org/rfc/rfc2866.txt
8. RFC 2867 RADIUS Tunnel Accounting Support, G.Zorn et al.
http://www.ietf.org/rfc/rfc2867.txt
9. RFC 2868 RADIUS Attributes for Tunnel Protocol Support, G.Zorn et al.
http://www.ietf.org/rfc/rfc2868.txt
10. RFC 2869 RADIUS Extensions, C. Rigney et al. http://www.ietf.org/rfc/rfc2869.txt
11. RFC 2882 Network Access Servers Requirements: Extended RADIUS Practices, D.
Mitton http://www.ietf.org/rfc/rfc2882.txt
12. RFC 3576 Dynamic Authorization Extensions to Remote Authentication Dial-In User
Service (RADIUS), Murtaza S. Chiba et al. http://www.ietf.org/rfc/rfc3576.txt
94 Id:0900d8058068c3dc DN70119375
Issue 5-3 en
RADIUS Interface, Interface Description Abbreviations
9 Abbreviations
AAA Authentication, Authorization and Accounting
APN Access Point Name
ASCII American Standard Code for Information Interchange
CDR Charging Data Record
CE Capacity Extender
CHAP Challenge Handshake Authentication Protocol
CoA Change-of-Authorization
DC Dual-Chassis
DNS Domain Name Server
FIFO First In First Out
FQDN Fully Qualified Domain Name
G-CDR GGSN CDR
GGSN Gateway GPRS Support Node
GPRS General Packet Radio Service
GRE Generic Routing Encapsulation
GTP GPRS Tunnelling Protocol
HLR Home Location Register
ICD Intelligent Content Delivery
IE Information Element
IMEISV International Mobile Equipment Id and its Software Version
IMSI International Mobile Subscriber Identity
IP Internet Protocol
IP-IP IP in IP Tunnel Protocol
L2TP Layer 2 Tunnel Protocol
LAC Link Access Control
MCC Mobile Country Code
MD5 Message Digest Algorithm
MNC Mobile Network Code
MSISDN Mobile Station ISDN
NAS Network Access Server
OCS Online Charging System
OSC Online Service Controller
PAP Password Authentication Protocol
PCO Packet Configuration Options
PDP Packet Data Protocol
PLMN Public Land Mobile Network
PPP Point-to-Point Protocol
DN70119375 Id:0900d805807522e0 95
Issue 5-3 en
Abbreviations RADIUS Interface, Interface Description
96 Id:0900d805807522e0 DN70119375
Issue 5-3 en