Dell PowerConnect W Clearpass 100 Software Implementing Accounting-Based Autho - Page 21

Modifying Accounting-Based Authorization

Get Dell PowerConnect W Clearpass 100 Software PDF manuals and user guides View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals

Page 21 highlights

5 NOTE Modifying Accounting-Based Authorization Adjusting the traffic limit The traffic limit is configured in two places: 1. In the RADIUS User Role as part of an authorization expression - the value is used to compare against the guest's current traffic measurement and determine if the access request should be permitted. 2. In the RADIUS Web Login as part of the landing page - the value is used to determine the guest's remaining quota after subtracting the guest's current traffic measurement. To increase or decrease the traffic quota, change the traffic limit defined in both of the places listed above. Count only uploaded or downloaded traffic The default configuration in this technical note counts both uploaded and downloaded traffic towards the quota. It is possible for the quota to be measured in one direction only, i.e. either guest uploads or downloads. Accounting terminology RADIUS Accounting uses a definition of "input" and "output" octets that corresponds to upload and download. The following discussion assumes that the NAS equipment follows the normal convention that "upload" and "download" are relative to the NAS. In this convention, traffic received from a client (i.e. uploaded by the client) is input traffic, and traffic sent to a client (i.e. downloaded by the client) is output traffic. Certain vendors use the opposite convention, in which case you must reverse the definition of "input" and "output". If in doubt, perform a large download from a client connected to the NAS in question, and check the accounting statistics - if the "Session Download" is the larger number, then the normal convention applies, and "input" is "upload". Otherwise, if the "Session Upload" is the larger number, then the reverse convention applies, and "input" is "download". Session Traffic Guest Upload Guest Download Normal Convention Input Output Reversed Convention Output Input Counting only downloaded traffic Two modifications are required to change the quota measurement. First, use the following condition expression in the RADIUS User Role to count only "output" traffic (in the normal convention, traffic downloaded by a client): return GetUserTraffic('00:00', 'now', 'out') > 200e6 && AccessReject(); Amigopod |Technical Note Implementing Accounting-Based Authorization |21

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
Amigopod
|Technical Note
Implementing Accounting-Based Authorization
|
21
5
Modifying Accounting-Based Authorization
Adjusting the traffic limit
The traffic limit is configured in two places:
1.
In the
RADIUS User Role
as part of an authorization expression – the value is used to
compare against the guest’s current traffic measurement and determine if the access
request should be permitted.
2.
In the
RADIUS Web Login
as part of the landing page – the value is used to
determine the guest’s remaining quota after subtracting the guest’s current traffic
measurement.
To increase or decrease the traffic quota, change the traffic limit defined in both of the
places listed above.
Count only uploaded or downloaded traffic
The default configuration in this technical note counts both uploaded and downloaded
traffic towards the quota.
It is possible for the quota to be measured in one direction only, i.e. either guest uploads or
downloads.
Accounting terminology
RADIUS Accounting uses a definition of “input” and “output” octets that corresponds to
upload and download.
NOTE
The following discussion assumes that the NAS equipment follows the normal convention
that “upload” and “download” are relative to the NAS.
In this convention, traffic
received
from
a client (i.e. uploaded by the client) is
input
traffic, and traffic
sent to
a client (i.e.
downloaded by the client) is
output
traffic.
Certain vendors use the opposite convention,
in which case you must reverse the definition of “input” and “output”.
If in doubt, perform a large download from a client connected to the NAS in question, and
check the accounting statistics – if the “Session Download” is the larger number, then the
normal convention applies, and “input” is “upload”.
Otherwise, if the “Session Upload” is
the larger number, then the reverse convention applies, and “input” is “download”.
Session Traffic
Normal Convention
Reversed Convention
Guest Upload
Input
Output
Guest Download
Output
Input
Counting only downloaded traffic
Two modifications are required to change the quota measurement.
First, use the following condition expression in the RADIUS User Role to count only
“output” traffic (in the normal convention, traffic downloaded by a client):
return GetUserTraffic('00:00', 'now', 'out') > 200e6 &&
AccessReject();