Cambium Enterprise access points support several features controlled through a RADIUS server, such as bandwidth quota, VLAN and VLAN pool names. In addition to standard attributes such as Session-Timeout etc, these additional vendor specific attributes help the AP provide very flexible per-user fucntionality in carrier and enterprise networks.
The RADIUS dictionary for these attributes (in a format compatible with freeRADIUS but can be translated to other servers) is:
VENDOR CambiumVendor 17713
BEGIN-VENDOR CambiumVendor
ATTRIBUTE CAMB-Traffic-Quota-Limit-Up 151 integer
ATTRIBUTE CAMB-Traffic-Quota-Limit-Down 152 integer
ATTRIBUTE CAMB-Traffic-Quota-Limit-Up-Gigwords 153 integer
ATTRIBUTE CAMB-Traffic-Quota-Limit-Down-Gigwords 154 integer
ATTRIBUTE CAMB-Traffic-Quota-Limit-Total 155 integer
ATTRIBUTE CAMB-Traffic-Quota-Limit-Total-Gigwords 156 integer
ATTRIBUTE Cambium-Vlan-Pool-Id 157 string
ATTRIBUTE CAMB-Authorize-Classes 158 tlv
ATTRIBUTE CAMB-Traffic-Classes-Acct 159 tlv
ATTRIBUTE CAMB-Walled-Garden-State 160 integer
ATTRIBUTE CAMB-Authorize-Class-Name 158.1 string
ATTRIBUTE CAMB-Authorize-Bytes-Left 158.2 integer64
ATTRIBUTE CAMB-Acct-Class-Name 159.1 string
ATTRIBUTE CAMB-Acct-Input-Octets 159.2 integer
ATTRIBUTE CAMB-Acct-Output-Octets 159.3 integer
ATTRIBUTE CAMB-Acct-Input-Packets 159.4 integer
ATTRIBUTE CAMB-Acct-Output-Packets 159.4 integer
END-VENDOR CambiumVendor
The QUOTA attribtues relate to allowed bandwidth/usage for clients. The APs already support time based restrictions (standard RADIUS session-timeout attribute) and rate-limit (WBA attribtues covered in a separate KB), these new Cambium attributes enhance that control.
Attribute descriptions:
CAMB-Traffic-Quota-Limit-Up|CAMB-Traffic-Quota-Limit-Down:
These attributes take the Upload/Download limit in Bytes and limit the client ability to Upload/Download the amount of data for that given RADIUS session.
CAMB-Traffic-Quota-Limit-Up-Gigwords|CAMB-Traffic-Quota-Limit-Down-Gigwords:
These attributes take the Upload/Download limit in Giga Bytes and limit the client ability to Upload/Download the amount of data for that given RADIUS session. I.e if someone configured 1 and 8 respectively then client would get 1 Giga Bytes of Upload data and 8 Giga Bytes of Download limit.
CAMB-Traffic-Quota-Limit-Total:
This attributes defines the total Bytes data limit to be enforced on the client including the upload/download data.
CAMB-Traffic-Quota-Limit-Total-Gigwords:
This attributes defines the total Giga Bytes data limit to be enforced on the client including the upload/download data.
Cambium-Vlan-Pool-Id:
Define the VLAN Pool name which is defined on the Cambium AP to be used for assigning the VLAN for this client. Cambium AP has a VLAN-Pool configuration which can define range of VLAN to be used client VLAN assignment.
CAMB-Walled-Garden-State:
This is used for setting the guest client into wall garden state or provide full access to it. The values are 1 for restricting it to wall garden state and 2 for providing full access. This is supported for Guest Access enabled WLAN which is configured with mac-authentication as fallback mechanism.
Cambium AP also supports traffic class based quota management for Mac Authentication fallback with Guest-Access enabled WLAN clients where customers can define upto three different traffic class on the AP WLAN configuration and define set of domains/IP address/Network for each traffic class which are allowed for that given traffic class.
CAMB-Authorize-Class-Name:
Takes the given Traffic class name for which you define the Quota Limits in Bytes.
CAMB-Authorize-Bytes-Left:
Takes the Quota Limits in Bytes for corresponding traffic class.
The traffic class stats counters are also reported in RADIUS Accounting packets and following attributes are used for the same:
CAMB-Acct-Class-Name
CAMB-Acct-Input-Octets
CAMB-Acct-Output-Octets
CAMB-Acct-Input-Packets
CAMB-Acct-Output-Packets
WISPr RADIUS attributes supported:
VENDOR WISPr 14122
Standard attribute
BEGIN-VENDOR WISPr
ATTRIBUTE WISPr-Location-Name 2 string
ATTRIBUTE WISPr-Redirection-URL 4 string
ATTRIBUTE WISPr-Bandwidth-Max-Up 7 integer
ATTRIBUTE WISPr-Bandwidth-Max-Down 8 integer
ATTRIBUTE WISPr-Session-Terminate-Time 9 string
END-VENDOR WISPr
WISPr-Location-Name:
AP has a location configuration which is filled in for this attribute while sending the RADIUS Authentication/Accounting packets to the RADIUS server.
WISPr-Redirection-URL:
This attribute is used for supporting Google Captive Portal and provides the redirection URL for the guest clients. This is typically obtained through MAC Authentication response which happens when this Guest client associates in a Google Captive Portal deployment. This is not supported for any other external captive portal types.
WISPr-Bandwidth-Max-Up/WISPr-Bandwidth-Max-Down:
This defines custom data rate limit to be enforced on the client and is defined in bps i.e. 1048576 is for 1Mbps
WISPr-Session-Terminate-Time:
This can be used along with session time attributes which can define when the session time terminates and let AP calculate how much remaining time it can allocate as session time to the client.
Standard RADIUS attribute supported:
RFC 2868
ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag
The above attribute is used to dynamically assign a VLAN to the client.
RFC 2865
ATTRIBUTE Class 25 octets
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Idle-Timeout 28 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
RADIUS COA or dynamic authorization supported RADIUS attributes:
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag
COA supports the WISPr as well as Cambium vendor specific attributes which are supported in RADIUS Authentication method