Device resolver
The device resolver works in conjunction with network access servers (NAS) to uniquely identify devices whenever they connect to the network.
The unique identity of a device is required before the Connection Manager passes the device identity to other web servers and proxies in the network. When you enable the device resolver, the unique identifier is passed from the NAS to the SafeLinx Server. This action is completed upon request in the form of RADIUS authentication or RADIUS accounting messages.
The NAS is configured to distribute an IP address from a pool of addresses as the users connect to the network. The distributed IP address does not uniquely identify a specific user. Devices do not typically use the same address each time they connect to the network. Therefore, the NAS must be configured to also send another identifier that uniquely identifies the device.
The unique identifier sent by the NAS is defined in the device resolver in terms of its RADIUS attribute type. These attribute types are defined in RADIUS authentication RFC 2865 and RADIUS accounting RFC 2866.
When you define the device resolver, you specify which RADIUS attribute type you want to use to uniquely identify the device. The identifier must be unique for each device and must be the same each time a particular device connects to the network.
| RADIUS attribute type | RADIUS attribute name | Description |
|---|---|---|
| 31 | Calling-Station-Id | Device phone number or MSISDN number |
| 1 | User-Name | Device user ID |
| Another attribute type defined in RADIUS RFC 2865 or RADIUS accounting RFC 2866 | RADIUS attribute name | The attribute type that you specify must have an associated RADIUS attribute value that is printable (the value cannot be binary). The attribute value must also be unique for each phone or device that connects to the SafeLinx Server. |
When a device connects to the network, the NAS sends the unique device identifier to the SafeLinx Server in RADIUS authentication or RADIUS accounting messages. The NAS must be configured to send the appropriate RADIUS attribute type. The device resolver extracts the device IP address and the unique device identifier from the RADIUS message, associates one with the other, and stores the information. On all subsequent requests from this device, the device resolver can retrieve this information.
When you are using cluster management, define device resolvers only on the principal node. The principal node uses the clustering protocol to update the appropriate subordinate nodes.
Users who are identified by the device resolver do not display as active users in the SafeLinx Administrator.