Dell PowerConnect W Clearpass 100 Software Implementing Accounting-Based Autho - Page 8

Guest NAS Amigopod VMA Traffic less than limit Complete login form Automated NAS login Submit form Login Message page Access-Request Access-Accept [2] Traffic Limited Guest l Web login Authentication Authorization [1] Traffic over limit Complete login form Automated NAS login Returned to login form Submit form Login Message page Access-Request Access-Reject [4] Traffic Limited Guest l Web login Authentication Authorization [3] States: Unauthorized Authenticating Authorized Diagram 2: Sequence diagram for traffic limited authorization If the guest has not previously logged in today, or if the guest's total traffic consumption for today is less than the configured limit, then the guest is authorized [1] and an AccessAccept response is sent [2]. To limit the guest's traffic, if the guest's total traffic from previous sessions today exceeds the configured limit (200 MB) then this is determined during the authorization process [3] and an Access-Reject response will be sent [4]. Because the Amigopod Visitor Management Appliance uses role-based access control for visitor accounts, the authorization rules above should be defined as part of the role that the visitor accounts are using; in this example, the role is the "Traffic Limited Guest role". Authorization during Accounting-Request Because of the authorization rules applied at login time, if the guest is able to successfully log in then it is known at that time that the guest's current traffic usage is below the allowed quota. Once a guest is authorized, then, how are they prevented from consuming more than their allowed traffic quota? 8| Implementing Accounting-Based Authorization Amigopod |Technical Note