Ming-Ching Tiew wrote: > I shall not name the vendor name here. I just got some info from the > vendor that the WiMAX Access Point does not do 'interim accounting', > 'acctupdate' and so on. Only thing possible right now is authenticate > and start/stop accounting.
That's not nice. Why would they do that? > That being the case, I wonder how one implement stuff like fair-use > policy on a WiMAX user ? If the radius server does not get interim > accounting, the way the users is going to "cheat" is just to power > off the device at the end of his usage !!! The ASN GW will still generate an accounting stop packet in that case. Or it *should*. If it doesn't, return it to the vendor as "horribly broken". > Am I missing something here ? I think there's a need for a RADIUS validation test suite. The vendor should be able to state that they comply with the test suite. When that happens, you can buy equipment that *works*. In fact, I'm working on a test suite right now. It doesn't include a test for this case, but it's on the "to do" list. > The way I see it is that if one have to implement a more intelligent > authentication and accounting, for WiMAX, one has to put a box, > either as a bridge or as a router in front of the APs, where all the > data path goes through the box. And that box will create > session information and accounting on behalf of the APs. Yes. > If one has to introduce this box, using Linux solutions, > what would be the right way to do this, so that the > traffic accounting can be done on each APs ? I'm not sure. I haven't spent much time looking into such a solution. IPtables, and a "cron" job might work. However, it would *also* need to snoop the RADIUS traffic, in order to get Accounting-Session-Id attributes correct. > How does the commercial solutions work ? Anyone care to > share his knowledge on this ? Most WiMAX vendors support RADIUS. So the market for this "snooping" box is pretty small. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
