VAS Experts documentation VAS Experts documentation-mobile

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • ODT export
  • Backlinks
    • Stingray Service Gateway - Traffic Management and Analysis SystemStingray Service Gateway by VAS ExpertsBNG/BRASDHCP Authorization SetupDHCP handlingDHCP Radius ProxyDHCP Radius proxy - Access-Request

    DHCP Radius proxy - Access-Request

    The Radius Access-Request request has the following attributes:

    • User-Name - is the MAC address from the DHCP request in the following format: XX:XX:XX:XX:XX:XX. It is possible to use QinQ-tags as a User-Name for Q-in-Q-networks, see below.
    • User-Password - is the value of the dhcp_user_psw configuration option in the fastpcrf.conf file. This option is used to set the password for the DHCP Radius proxy mode. If the option is not specified then the Radius server user_password option is used instead.
    • NAS-IP-Address - if the DHCP request contains the Relay agent IP address, then the NAS-IP-Address attribute value will be substituted with the IP address. If there is no Relay agent, then the attribute contains the virtual IP address of the VAS Experts DPI specified by the bras_arp_ip option within the fastdpi.conf file. By analyzing this attrubute value you can determine which subnetwork the Radius request (which Relay agent) came from.
    • NAS-Port-Type - contains the radius_attr_nas_port_type option value for the corresponding Radius server; the attribute is specified in the fastpcrf.conf file.
    • NAS-Port - is used only for VLANs (with one VLAN) and corresponds to the VLAN number.
    • NAS-Port-Id: is used only for QinQ networks (with double VLAN) and contains corresponding VLANs as a string separated by '/', for example: “123/67”
    • Framed-IP-Address - this attribute contains the subscriber IP address; it is used only in case the subscriber IP address is known.

    VSA (Vendor-Specific Attributes) for the VendorId=43823 (corresponds to the VAS Experts DPI):

    • [6] VasExperts-Service-Type - contains value 1. If you analyze the attribute value then it can be estimated what Access-Request type is received: 0 - corresponds to the authorization request, 1 - corresponds to the DHCP request
    • [37] VasExperts-DHCP-Request - corresponds to the DHCP request type: 0 - stands for the DHCP-Discover, 1 - stands for the DHCP-Inform, 2 - stands for the DHCP-Request
    • [38] VasExperts-DHCP-RelayRemoteId - corresponds to the Relay Remote Id suboption value being contained in the 82 (Relay Agent Info) DHCP request option (binary)
    • [39] VasExperts-DHCP-RelayCircuitId - corresponds to the Relay Circuit Id suboption value being contained in the 82 ((Relay Agent Info) DHCP request option (binary)
    • [36] VasExperts-DHCP-Client-IP - the desired user IP address. It is extracted from the 50 DHCP-Discover (Requested Client IP address) option; it can be used only as a hint (hint) when being handled. This is the same IP address as the Framed-IP-Address option value in case of DHCP-Inform
    • [32] VasExperts-DHCP-Hostname - is the 12 option value (hostname) of DHCP request (binary)
    • [33] VasExperts-DHCP-ClientId - is the 61 option value (client id) of DHCP request (binary)
    • [34] VasExperts-DHCP-ClassId - is the 60 option value (vendor class id) of DHCP request (binary)
    • [35] VasExperts-DHCP-RelayInfo- is the 82 option value (relay agent info) of DHCP request (binary)

    Attributes that match the DHCP options values will be added to the Access-Request only if the corresponding option is contained within he DHCP request.

    User-Name attribute values

    Starting from the VAS Experts DPI version 7.4 is can be specified which options are allowed to be included in the User-Name attribute. The radius_user_name_dhcp option within the fastpcrf.conf file is designed for this purpose and specifies the possible User-Name values in the order of preference:

    • mac - User-Name = MAC address in the XX:XX:XX:XX:XX:XX format
    • qinq - for the QinQ (vlan-per-user) networks: User-Name = outerVLAN.innerVLAN, for example, “56.176”
    • opt61@opt60 - DHCP option values 61 (MAC address) '@' opt60 (Vendor-Class-Id)
    • chaddr@opt60 - MAC address from DHCP packet header (chaddr) '@' opt60 (Vendor-Class-Id)

    The example: 

       # If the QinQ are present, then the User-Name=outerVLAN.innerVLAN
   # else User-Name=MAC address
radius_user_name_dhcp=qinq,mac

    The default values: radius_user_name_dhcp=mac,qinq

    The differences from the Radius request for authorization

    You can distinguish the “pure” authorization request from the request in the “DHCP Radius proxy” mode by the VasExperts-Service-Type attribute value.

    It should be taken into account that even in the “DHCP Radius proxy” mode when the IP address is successfully assigned to the fastDPI server, it is needed to receive the user login, its policing profile and the services being activated from the corresponding response, as described in the BRAS authorization section, otherwise the fastDPI will be unable to apply the correct policies to user traffic, especially in case of a corporate multi-IP user having the multiple IP addresses binded to the same login.

    CoA

    CoA notifications are supported in the DHCP Radius proxy mode, for details, see DHCP Proxy and L3 authorization. Please note that CoA notification is not associated with the DHCP parameters being changed, it only indicates that the user authorization parameters have been changed and the DHCP session is the same.

    The same is applied to the Disconnect-Request: this notifdpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa:start out, for example), its IP address and the other DHCP attributes remain unchanged. Disconnect-Request does not result in the DHCP session reestablishing.