Cisco Cisco Packet Data Gateway (PDG)
HNB Gateway in Wireless Network
Features and Functionality - Optional Enhanced Feature Software ▀
HNB-GW Administration Guide, StarOS Release 16 ▄
45
Features and Functionality - Optional Enhanced Feature
Software
This section describes the optional enhanced features and functions support with HNB-GW service.
Important:
Some of the following features may require the purchase of an additional license to implement the
functionality with the HNB-GW service.
This section describes following features:
Dynamic RADIUS Extensions (Change of Authorization)
Dynamic RADIUS extension support provide operators with greater control over subscriber PDP contexts by providing
the ability to dynamically redirect data traffic, and or disconnect the PDP context.
the ability to dynamically redirect data traffic, and or disconnect the PDP context.
This functionality is based on the RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User
Service (RADIUS), July 2003 standard.
Service (RADIUS), July 2003 standard.
The system supports the configuration and use of the following dynamic RADIUS extensions:
Change of Authorization: The system supports CoA messages from the AAA server to change data filters
associated with a subscriber session. The CoA request message from the AAA server must contain attributes to
identify NAS and the subscriber session and a data filter ID for the data filter to apply to the subscriber session.
identify NAS and the subscriber session and a data filter ID for the data filter to apply to the subscriber session.
Disconnect Message: The DM message is used to disconnect subscriber sessions in the system from a RADIUS
server. The DM request message should contain necessary attributes to identify the subscriber session.
The above extensions can be used to dynamically re-direct subscriber PDP contexts to an alternate address for
performing functions such as provisioning and/or account set up. This functionality is referred to as Session Redirection,
or Hotlining.
performing functions such as provisioning and/or account set up. This functionality is referred to as Session Redirection,
or Hotlining.
Session redirection provides a means to redirect subscriber traffic to an external server by applying ACL rules to the
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
traffic of an existing or a new subscriber session. The destination address and optionally the destination port of TCP/IP
or UDP/IP packets from the subscriber are rewritten so the packet is forwarded to the designated redirected address.
Return traffic to the subscriber has the source address and port rewritten to the original values. The redirect ACL may be
applied dynamically by means of the Radius Change of Authorization (CoA) extension.
applied dynamically by means of the Radius Change of Authorization (CoA) extension.
Important:
For more information on dynamic RADIUS extensions support, refer CoA, RADIUS, And Session
Redirection (Hotlining) in this guide.