beautypg.com

Hierarchical attribute mode, User group, User:accounting sub-attribute – ADC SG-1 User Manual

Page 164

background image

Appendix A: SG-1 Vendor-Specific Attributes

June 30, 2006

A-6

SG1-UM-8500-03

Hierarchical Attribute Mode

Most of the EDS attributes are operated in hierarchy mode. In this mode, each session includes per each attribute 3
hierarchy-operating level spaces. The first level space is the system default that is being configured, either by
management or statically. The second is the user space that is initially being filled in the user authentication phase,
and the third is the service space that is being re-filled on each user service change.

The user space level defines the session's “basic” configuration; whereas the service space level is “layered” above
it upon a successful dynamic service change. In each level space, the system keeps a set of relevant configurations
for that level. The “lifetime” of operation in a service level space is from a successful authentication of that service
until a successful authentication of a new service. The “lifetime” of operation in a user level space is the entire
period in which the user is authenticated for the session. The effective value of a hierarchy attribute is the most
updated value in the highest level space (the highest level for which there is a value defined for the attribute).

U

SER

G

ROUP

user:accounting sub-attribute

The user:accounting sub-attribute defines the session accounting operation mode and allows the operator to define
per each user the accounting methodology. The attribute may be included more than once in request or accept
messages. The following operation may be configured:

disable – some operations like symmetric multilink, VPN, or unbilled services do not need the accounting

information sent to the RADIUS. This accounting operation mode disables the sending of the accounting
information.

The user:accounting sub-attribute is sent as a response to service authentication. It configures the accounting
behavior on the received respond. The service default behavior is not to send any accounting records unless
the respond includes the enable accounting option.

Accounting information is sent as followed:

Authentication Response Type

Accounting Behavior

Session Authentication

Access Accept message includes the

user:accounting=disable sub-attribute

Accounting Start and Stop are disabled

Service Authentication

Access Accept message does not include the

user:accounting sub-attribute

Accounting On and Off are disabled