VAS Experts documentation VAS Experts documentation-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsBNG/BRASBNG Managementfdpi_ctrl commands

    Table of Contents

    fdpi_ctrl commands

    Management of BRAS L2 properties

    The FastDPI BRAS stores in its internal UDR database additional subscriber IP address properties:

    • MAC address
    • VLAN tags

    In addition, there is one more feature in the fastDPI BRAS that is not stored in UDR, but presents only in memory as a state of the DHCP session (see User session).

    When the BRAS operates normally it retrieves the values of these properties from the DHCP traffic and stores it. But a situation could arise where the values of these properties may be misleading, for example, when the fastDPI is rebooted, when a new subscriber is added, or when the network segment topology is changed (when the VLAN tags are changed), etc. In all these cases, you may need to manually modify the UDR database using the fdpi_ctrl utility.

    The command to set the IP address properties: 

    fdpi_ctrl load --ip_prop --ip 10.20.30.40 --mac a0:b1:c2:d3:e4:f5 --vlan 509.23 --session_status=0

    This command sets the following properties for the IP address 10.20.30.40:

    • --mac a0:b1:c2:d3:e4:f5 subscriber's MAC address
    • --vlan 509.23 the values of VLAN tags (in this case QinQ is used). Only one number is specified for a single VLAN
    • --session_status=0 internal session state:
      • -1 – status is unknown
      • 0 – session is active
      • 1 – session is terminated

    Here the --ip_prop is the keyword that allows the load command get to know that the IP address properties will be set. You can set either all the properties at once or only those you want to modify, for example, changing the MAC address bound to the the IP address looks like this: 

    fdpi_ctrl load --ip_prop --ip 10.20.30.40 --mac a0:b1:c2:d3:e4:f5

    The command to list the IP address properties: 

    fdpi_ctrl list –-ip_prop –-ip 10.20.30.40

    To delete a property (the IP address is not completely deleted, but only its specified properties): 

    # To delete MAC address
fdpi_ctrl del --ip_prop --ip 10.20.30.40 --mac

# To delete VLAN and MAC addresses
fdpi_ctrl del --ip_prop --ip 10.20.30.40 --mac --vlan

# To delete all properties
fdpi_ctrl clear --ip_prop --ip 10.20.30.40

    To specify the gateway: 

    # The 10.45.89.1 address will be treated by the Stingray Service Gateway as a client gateway.
fdpi_ctrl load --ip_prop --ip=10.45.89.1 --session_status=gateway

    If the IP address type is gateway (type=Gateway), then all other parameters such as MAC address, VLAN and others have no meaning: 

    fdpi_ctrl list --ip_prop --ip=10.45.89.1
================================
IP=10.45.89.1
  subnet-mask=n/a
  MAC=n/a
  VLAN=n/a
  type=Gateway
  Gateway-status=undef
  last-activity=2018/06/25 11:55:28
  iface_idx=0
---------------------------------
Result processing ip=10.45.89.1 :
------------------
1/0/0

    The Stingray Service Gateway starting from version 7.5 supports commands of multiple parameters changing: 

      # To replace VLANs for all the IP addresses from the 10.20.30.0/24 subnet	 
fdpi_ctrl load --ip_prop --cidr 10.20.30.0/24 --vlan=456
 
  # To replace VLANs for all the IP addresses from the 192.168.251.5...192.168.251.17 range 
fdpi_ctrl load --ip_prop --ip_range 192.168.251.5-192.168.251.17 --vlan 709
 
  # To delete VLAN of all IP-addresses from the subnet 10.20.31.0/24
fdpi_ctrl del --ip_prop --cidr 10.20.31.0/24 --vlan
 
  #  To delete from the UDR database all the IP addresses belonging the 10.20.32.0/24 subnet  
fdpi_ctrl clear --ip_prop --cidr 10.20.32.0/24

    Note: multiple MAC address substitution is not possible, because MAC address is unique for each IP.

    Manual authorization status handling

    Manual setting/resetting of subscriber authorization status is sometimes required. It can be done using the fdpi_ctrl utility: 

       # To set the "authorized" authorization state (the Access-Accept analogue):
fdpi_ctrl load --auth=1 --ip=192.168.10.1
   # an analogue for IPv6
fdpi_ctrl load --auth=1 --ip=2001:dead::/64

   # To set the "unauthorized" authorization state (the Access-Reject analogue):
fdpi_ctrl load --auth=0 --ip=192.168.10.1
   # an analogue for IPv6
fdpi_ctrl load --auth=0 --ip=2001:dead::/64

   # To view the current state of subscriber's authorization:
fdpi_ctrl list --auth --ip=192.168.10.1
fdpi_ctrl list --auth --ip=2001:dead::/64

    To reset the current authorization state use the following command: 

       # To reset the current subscriber's authorization state
fdpi_ctrl del --auth --ip=192.168.10.1
fdpi_ctrl del --auth --ip=2001:dead::/64

    After resetting the state the first packet received from the subscriber will result in sending an authorization request to the Radius server.

    When you set the authorization status you are allowed to specify the time (in seconds) within which this status will be valid: 

       # To set the "authorized" authorization state for 10 minutes:
fdpi_ctrl load --auth=1 --ip=192.168.10.1 --timeout=600

    By default, the lifetime of authorization is set by the auth_expired_timeout option.