Dell PowerConnect W Clearpass 100 Software Implementing Accounting-Based Autho - Page 10

message [1]. The session information is updated on the RADIUS server [2], and can be seen using the Active Sessions view. If the guest reaches the allowed traffic limit, then on the next accounting update [3] the authorization will be rechecked. Because the session is no longer authorized to continue, the Amigopod Visitor Management Appliance will initiate an RFC 3576 Disconnect-Request [4] to the NAS, which will disconnect the visitor's session and respond with an acknowledgment. Further attempts by the guest to access the network will trigger the NAS captive portal functionality to redirect the guest to the login form [5]. As shown in Diagram 2, the guest is now over the traffic limit and will be denied access to the network (Access-Reject) with each subsequent login attempt. This will continue until the authorization rules permit the guest to login again. NAS Requirements Full support for an accounting-based authorization model requires NAS equipment that supports at least one of the two approaches described below: 1. Support for limiting individual sessions by traffic counters. 2. Support for both RADIUS Interim Accounting (RFC 2869) and the Dynamic Authorization Extensions to RADIUS (RFC 3576) - specifically, support for the Disconnect-Request packet. Without NAS support for either point 1 or point 2 above, accounting-based authorization cannot be implemented properly in the guest portal. 10| Implementing Accounting-Based Authorization Amigopod |Technical Note