| MMS RADIUS |  Search
|
|
NowSMS Support Forums ⬆ NowSMS Support - SMS Issues ⬆ Archive through December 09, 2003 ⬆ |
◄ ► |
| Author | Message | |||
| ERDEM ÞAHIN |
IN RADIUS, WEE SEE THAT, THERE IS 2 ACCESS REQUEST FOR ONE MMS SESSION TO START AND 2 ACCESS ACCEPT FOR SAME MMS SESSION. WHY WEE SEE 2 ACCESS ACCEPT FOR ONE SESSION? THANKS | |||
| Bryce Norwood - NowSMS Support |
Hi Erdem, I'm not really sure where Radius is involved here ... at least not in a way that is MMS specific. An MMS client does need to make a WAP connection ... and the GGSN (or network access server in a dial-up connection) might use Radius for authenticating the connection. (Certainly, we recommend that it use Radius because then the GGSN can send the Radius accounting packets to the WAP gateway, which allows the WAP gateway to associate an MSISDN with an IP address ... which allows the WAP gateway to provide the MSISDN to the MMSC or other content servers.) I was working on a support issue with a customer in South America where they were seeing a similar issue in communications between their GGSN and their Radius server. Unfortunately, it is something where none of our products are directly involved at that level, so it is difficult to determine why this would occur. My concern is not that there are two "access accepts", but that the GGSN was issuing two separate "access requests". Based upon my understanding of the Radius protocol, since Radius occurs over UDP, this could happen if a UDP packet was lost and the server had to retransmit the request. -bn | |||
| Anonymous |
If I want to use a RADIUS server for Accounting/Authentication, do you know what are the requirements for the GGSN? what is the WAP server expecting from the GGSN? Do you have a dataflow diagram? | |||
| Bryce Norwood - NowSMS Support |
RADIUS is defined in internet RFC 2865, and RADIUS accounting is defined in internet RFC 2866. These are two separate, but related protocols. The core RADIUS protocol handles authentication, so I'll refer to it as RADIUS authentication to distinguish it from the RADIUS accounting protocol. Basically, you configure the GGSN to use a RADIUS server for authentication and/or accounting. Generally, you will configure an IP address and port for both the RADIUS authentication and RADIUS accounting (port 1812 is the default for RADIUS authentication, and port 1813 is the default for RADIUS accounting). Some implementations may not let you configure port numbers, and will only use the default port numbers. Some implementations may not let you separate RADIUS authentication from RADIUS accounting, and only allow a single IP address to be configured which handles both. When a device connects to the GGSN, the GGSN sends a RADIUS Access-request request to the RADIUS authentication server. This request includes a username and password (or a hash of the password), and the RADIUS authentication server replies back to either accept or reject the connection. (The RADIUS server can also set parameters for the session, such as assign an IP address.) After the receiving an Access-accept response for a session, the GGSN sends a RADIUS accounting packet to the RADIUS accounting server to indicate that a session has started. In an MMS and WAP environment, what is important is that the accounting packet provide information about the Calling-station-id (MSISDN) that has connected. This allows other network components (such as the WAP server and MMSC) to be able to associate a phone number with an IP address that is making requests. When a connection drops, there is also a RADIUS accounting packet that is sent to indicate that the connection has dropped. | |||
