Release Notes

10| Implementing Accounting-Based Authorization Amigopod |Technical Note

message [1]. The session information is updated on the RADIUS server [2], and can be

seen using the Active Sessions view.

If the guest reaches the allowed traffic limit, then on the next accounting update [3] the

authorization will be rechecked. Because the session is no longer authorized to continue,

the Amigopod Visitor Management Appliance will initiate an RFC 3576 Disconnect-Request

[4] to the NAS, which will disconnect the visitor’s session and respond with an

acknowledgment.

Further attempts by the guest to access the network will trigger the NAS captive portal

functionality to redirect the guest to the login form [5].

As shown in Diagram 2, the guest is now over the traffic limit and will be denied access to

the network (Access-Reject) with each subsequent login attempt. This will continue until

the authorization rules permit the guest to login again.

NAS Requirements

Full support for an accounting-based authorization model requires NAS equipment that

supports at least one of the two approaches described below:

1. Support for limiting individual sessions by traffic counters.

2. Support for both RADIUS Interim Accounting (RFC 2869) and the Dynamic

Authorization Extensions to RADIUS (RFC 3576) – specifically, support for the

Disconnect-Request packet.

Without NAS support for either point 1 or point 2 above, accounting-based authorization

cannot be implemented properly in the guest portal.