Table of Contents Table of contents: Radiator® AAA Server Radiator PCRF configuration 4 - Radiator PCRF configuration Radiator OCS configuration 6 - Radiator OCS configuration

5. Radiator RADIUS - Diameter PCEF configuration

The PCEF included in Radiator policy and charging support allows you to use the existing PCRF, OCS and subscriber information for RADIUS AAA network access.
For example, you can authenticate users with SIM (Subscriber Identity Module)/USIM (Universal Subscriber Identity Module) or plain password, authorise the network use from your existing PCRF and use RADIUS accounting to enforce usage with usage monitoring done by PCRF or online charging done by OCS. This enables extending the same policies and charging services that are used for 3G/4G/LTE networks with Wi-Fi and other RADIUS AAA based networks.
See goodies/eap_sim_wx_gx.cfg for an example of EAP-SIM based authentication followed by PCRF based policy control and usage monitoring. Usage monitoring is done based on RADIUS Accounting-Request messages or WiMAX-PPAQ. Dynamic QoS changes can be applied based on CCA and RAR (Reauthentication Request) messages from the PCRF. Prepaid charging with OCS is similar to usage monitoring with PCRF.
WiMAX-PPAQ is described in the WiMAX forum document WMF-T33-002-R010v05 and internet draft draft-lior-radius-prepaid-extensions. The PCEF implementation uses WiMAX prepaid accounting automatically when the attributes are present in RADIUS authentication requests. Radiator PCEF can translate and send WiMAX prepaid accounting to both PCRF and OCS.
For another example that shows how to use both PCRF and OCS with Radiator's PCEF implementation, see goodies/diameter-pcef.cfg.

5.1. Common PCEF parameters

Here is listed the parameters that are common to the both PCEF configuration clauses <AuthBy DiaGx> and <AuthBy DiaGy>.

5.1.1. DiaPeerDef

Each <AuthBy DiaGx> and <AuthBy DiaGy> clause must have one DiaPeerDef parameter which identifies the DiaPeerDef clause that defines the PCRF or OCS the clause uses.

Example 1. DiaPeerDef for AuthBy DiaGx

# Use peer defined by DiaPeerDef with Identifier osc-pcrf
# as our PCRF
DiaPeerDef osc-pcrf

5.1.2. DefaultDestinationRealm

This optional string defines the used Diameter default realm, if the user name does not define the realm already.

5.1.3. DestinationRealm

This optional string defines the used Diameter default realm, regardless if the user name defines it already or not. This also overrides the DefaultRealm.

5.1.4. BindingAttribute

Name of the attribute that can be used to bind authentication requests to the subsequent accounting requests for a session. Defaults to Acct-Session-Id.

5.1.5. IMSIAttribute

Name of the attribute in the RADIUS request object that has the subscriber's IMSI as its value. Typically set by a previous AuthBy, such as AuthBy SIMWX. Defaults to OSC-SIM-IMSI.

5.1.6. TimeThreshold

Threshold value in seconds for requesting new time quota from the PCRF or OCS. When the quota left for the RADIUS session reaches the threshold, new quota must be requested for the session. Defaults to 5 seconds.

Example 2. TimeThreshold

# Make sure we have time to switch over to secondary PCRF
TimeThreshold 10

5.1.7. QuotaThreshold

Threshold value in octets for requesting new octet quota from the PCRF or OCS. When the quota left for the RADIUS session reaches the threshold, new quota must be requested for the session. Defaults to 100 000 octets.

Example 3. QuotaThreshold

# Raise the default value for high speed connections
QuotaThreshold 10000000

5.1.8. CCAInitialHook

This hook is called when Diameter CCA for INITIAL_REQUEST is received during the RADIUS authentication phase.
The following arguments are passed to the hook in the following order:
  • Reference to this AuthBy
  • Reference to a PCEFmsg that provides access to RADIUS and Diameter messages and other information related to session handling

5.1.9. CCAUpdateHook

This hook is called when Diameter CCA for UPDATE_REQUEST is received during RADIUS accounting or WiMAX usage update phase.
The following arguments are passed to the hook in the following order:
  • Reference to this AuthBy
  • Reference to a PCEFmsg that provides access to RADIUS and Diameter messages and other information related to session handling
  • Total volume quota returned with Diameter CCA message
  • Total time quota returned with Diameter CCA message

5.1.10. RARHook

This hook is called when Diameter RAR is received from the PCRF or OCS.
The following arguments are passed to the hook in the following order:
  • Reference to this AuthBy
  • Reference to a PCEFmsg that provides access to RADIUS and Diameter messages and other information related to session handling
  • Reference to the RADIUS dynamic authorization request for sending from the hook

5.1.11. ReAuthenticationHook

This hook is called when a RADIUS Access-Request is received and lookup from the session database with the BindingAttribute indicates there is already an active session. The authentication is consider a reauthentication. The reauthentication is likely caused by a CoA-Request.
The following arguments are passed to the hook in the following order:
  • Reference to this AuthBy
  • Reference to a PCEFmsg that provides access to RADIUS and Diameter messages and other information related to session handling

5.1.12. MonitoringResponseHook

This hook defines the Perl function that is called for the following cases:
  • Accounting-Responses with RADIUS accounting-based monitoring
  • Access-Requests for WiMAX-based prepaid monitoring
The following arguments are passed to the hook in the following order:
  • Reference to this AuthBy
  • Reference to a PCEFmsg that provides access to RADIUS and Diameter messages and other information related to session handling
  • Total time quota returned to the client
  • Total volume quota returned to the client

5.1.13. ValidityTime

ValidityTime defines the quota validity time in seconds. If this option is not defined, Validity-Time attribute is not included in the CCA and the client will use its default value. There is no default value.

Example

# Instruct the client report no later than after 10 minutes
ValidityTime 600

5.1.14. DynauthSender

Identifier of module used for RFC 5176 dynamic authentication requests. %0 is replaced with NAS source address. There is no default value.

Example 4. DynauthSender

# Send Disconnect and Change-of-Authorization messages
# using AuthBy RADIUS with Identifier that has format
# dynauth-sender-nnn.nnn.nnn.nnn
DynauthSender dynauth-sender-%0

5.1.15. DynauthIdentificationAttr

Attributes to copy from RADIUS request to the dynamic authentication request to identify the user session. Defaults to: NAS-IP-Address NAS-IPv6-Address Acct-Session-Id Calling-Station-Id. If the attribute is not present in the request that triggers the dynauth request, the attribute is not used.

Example 5. DynauthIdentificationAttr

# Attributes required by this vendor
DynauthIdentificationAttr Framed-IP-Address Acct-Session-Id
User-Name

5.1.16. DynauthNoMessageAuthenticator

Some implementations do not support Message-Authenticator in dynamic authentication requests. Defaults to not set and Message-Authenticator is sent.

Example 6. DynauthNoMessageAuthenticator

# Dynauth request fails with Message-Authenticator
DynauthNoMessageAuthenticator

5.2. <AuthBy DiaGx>

A DiaGx clause defines a PCEF. <AuthBy DiaGx> implements the PCEF functionality. It receives RADIUS messages from RADIUS clients, processes them, and sends the processed messages to PCRF. <AuthBy DiaGx> uses 3GPP Gx interface for communicating with PCRF.

5.2.1. NoMoreQuotaAction

This string defines the action that is taken when PCRF has previously returned quota and now stops returning it. The only possible value is disconnect. This is not set by default.

5.3. <AuthBy DiaGy>

The <AuthBy DiaGy> clause defines a PCEF. It receives RADIUS messages from RADIUS clients, processes them, and sends the processed messages to OCS. <AuthBy DiaGy> uses 3GPP Gy interface for communicating with OCS.

5.3.1. ServiceIdentifier

This integer defines the service identifier, which is used when requesting quota. This is not set by default.

5.3.2. RatingGroup

This integer defines the rating group, which is used when requesting quota. The default value is 9048.
Table of Contents Table of contents: Radiator® AAA Server Radiator PCRF configuration 4 - Radiator PCRF configuration Radiator OCS configuration 6 - Radiator OCS configuration