[TL-AC1000] implementation process and specification of Portal authentication and billing

Source: Internet
Author: User
Tags port number
In the wireless networking environment, the access terminal needs to be authenticated, billing, in order to meet this demand, the TL-AC1000 in the Portal authentication provides the corresponding authentication, billing interface. Users can access third-party authentication servers as needed, or use the built-in AC authentication server for authentication and billing.
TL-AC1000 uses Portal for authentication billing settings see [TL-AC1000] typical Portal features configuration case
This article describes the authentication and billing procedures and specifications for using Radius and local authentication servers.
Note:The TL-AC1000 is billed only when it is upgraded to version 1.2.0 Build 20151125 Rel.51471.
Radius authentication billing type supported by TL-AC1000: Only billing by time is supported. After a wireless terminal is connected to the wireless network, the process of normal authentication and billing is as follows:
Portal authentication flowchart
Authentication and billing process:
1 , Wireless terminal connection WiFi To access any Internet
After the Authentication Policy is configured and the network is connected, connect the wireless client to the Wi-Fi signal sent by the AP, open the browser to access any Internet, and trigger portal authentication.
2 , AP Intercept wireless clients to access the Internet GET And redirect WEB Server
The GET packet sent from an unauthenticated wireless client to the Internet will be intercepted by the AP, and the AP will return a redirection entry to the client: http://www.abc.com /? Pagetype = xxx & vlan = xxx & staMac = xxx & staIp = xxx & apMac = xxx & apIp = xxx
This entry contains the following valid information:
Parameters
Description
Www.abc.com
WEB server address
Pagetype
Mark different authentication methods
Vlan
VLAN to which the client belongs
StaMac
MAC address of the client
StaIp
Client IP address
ApMac
MAC address of the AP device connected to the client
ApIp
IP address of the AP device connected to the client
3 Wireless terminal access WEB Server
The wireless terminal establishes a connection with the WEB server based on the redirection entry returned in step 2.
4 , WEB The server returns the authentication page to the wireless terminal.
The WEB server returns the authentication logon page to the wireless terminal.
5 , Wireless terminal direction TL-AC1000 Submit user name and password
Enter the user name and password on the authentication login page pushed by the WEB server. Click LoginTo GET the username, password, vlan, staMac, staIp, APMac, apIp and other parameters to the TL-AC1000, AC to record this information.
6 , TL-AC1000 Direction Radius The authentication server submits authentication information
After obtaining the information submitted by the client, the TL-AC1000 determines the device to be authenticated from the vlan, staMac, staIp, APMac, apIp parameters, and then submits all the parameters to the authentication server for authentication, parameters include:
Parameters
Description
User-name
User name
NAS-Identifier
NAS device ID
Calling-station-Id
MAC address of the device requiring authentication
Called-station-Id
MAC and the corresponding SSID of the AP
Framed-IP-Address
IP address of the device requiring authentication
NAS-IP-Address
IP address of the NAS device
NAS-port
User access port number
NAS-port-type
NAS device port type
User-password
Encrypted password
7 , Radius Authentication Server TL-AC1000 Return authentication result
The authentication server checks whether the user passes the authentication based on the information submitted by the TL-AC1000. If the user does not pass the authentication, the Radius reports the illegal information of the NAS user. If the user passes the authentication, the related information of the device is recorded, and return the authentication result to the TL-AC1000, which includes the following parameters:
Parameters
Description
Connect-Info
Radius server information
Framed-IP-Address
IP address provided for the user
Framed-Routing
Routing Method set for the router user
Framed-MTU
Maximum transmission unit configured for the user
Session-timeout
User-available session duration
Idle-timeout
Maximum time allowed for idle online users
Acct-interim-interval
Real-time billing time (AC1000 currently does not support real-time billing at intervals, but is billed only by the total connection time at the time of the last disconnection)
8 , TL-AC1000 Returns the authentication result to the wireless terminal.
The TL-AC1000 returns the corresponding authentication results to the wireless terminal based on the results returned by the authentication server. If the authentication succeeds, the AC will allow the access data of the corresponding device based on the previous vlan, staMac, staIp, APMac, and apIp parameter information.
9 , TL-AC1000 Direction Radius The authentication server sends a billing start request
The TL-AC1000 will be the corresponding device IP, MAC and other information submitted to the Radius authentication server, the request starts billing, submit information includes:
Parameters
Description
Acct-Session-Id
Indicates the unique identifier of the billing.
User-name
User name
NAS-Port-Id
User Access Port ID
Service-type
Service type
Framed-Protocol
Protocol Type
Acct-Authentic
Access authentication protocol
NAS-Identifier
NAS device ID
Acct-status-type
Billing request message type
Calling-station-Id
MAC address of the device requiring authentication
Called-station-Id
MAC and the corresponding SSID of the AP
Framed-IP-Address
IP address of the device requiring authentication
NAS-IP-Address
IP address of the NAS device
NAS-port
User access port number
NAS-port-type
NAS device port type
10 , Radius The authentication server responds to the billing start request.
After receiving the billing request, the Radius authentication server sends a response to the TL-AC1000 and agrees to start billing.
11 Wireless device disconnection AP Wireless connection
The wireless device disconnects the AP.
12 , AP Disconnect the device AC
After the wireless connection is disconnected, the AP uploads the information to the AC.
13 , TL-AC1000 Direction Radius The authentication server sends a stop billing request
The AC sends a stop billing request to the Radius authentication server, including the IP address, MAC address, and total online duration of the corresponding device, as follows:
Parameters
Description
Acct-Session-Id
Indicates the unique identifier of the billing.
User-name
User name
NAS-Port-Id
User Access Port ID
Service-type
Service type
Framed-Protocol
Protocol Type
Acct-Authentic
Access authentication protocol
NAS-Identifier
NAS device ID
Acct-status-type
Billing request message type
Acct-Session-Time
Device online duration
Calling-station-Id
MAC address of the device requiring authentication
Called-station-Id
MAC and the corresponding SSID of the AP
Framed-IP-Address
IP address of the device requiring authentication
NAS-IP-Address
IP address of the NAS device
NAS-port
User access port number
NAS-port-type
NAS device port type
14 , Radius Authentication Server TL-AC1000 Response to billing end request
After receiving the billing end request sent by the AC, the Radius authentication server calculates and stops billing based on the device's online duration.
 
Note:
In addition to the client's active request disconnection, if the user account expires, the server will ActiveInitiate a disconnection request. The process is as follows:
1. When the user's account expires, the server will initiate a disconnection Request Disconnect-Request, which contains information:
Parameters
Description
User-name
Username for disconnection
Framed-IP-Address
User IP address to be disconnected
Note:If the Radius authentication server is on the Internet, Port ING must be performed on the front-end router to open the UDP3799 port of the AC.
2. When the AC1000 receives the disconnection request, it returns the response to the Radius server and disconnects the relevant device.
3. Disconnect related devices from AC1000.
 
With the TL-AC1000 built-in local authentication server, you can set free users and formal users two types:
Free users:Set the free Internet access duration as the billing standard.
Official users:Set the expiration time of your account as the billing standard.
You can use the official user's account expiration time to pay for monthly or yearly subscription. The process is as follows:
Steps 1 to 2 are the same as the process when using Radius to authenticate the server.
6 , Return the authentication result
TL-AC1000 according to the user name and password provided by the client, determine whether the user passes the authentication, if the user records, according to the user's IP address, MAC to the corresponding data access, and return the corresponding results. The free user returns the free duration, and the formal user returns the account validity period and other information.
7 Wireless device disconnection
The wireless device actively disconnects the wireless connection.
8 Wireless device disconnection
After the wireless device is disconnected, the AP uploads the message to the AC, and the AC records the related device information.
9 , TL-AC1000 Disconnect a wireless device.
If the user's account expires or the free duration is consumed during the wireless device's internet access period, the AC will automatically disconnect the wireless device, and the device needs to access the Internet for further authentication.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.