Access-Request format for the PPPoE networks [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_req [2023/10/13 14:05] – ↷ Page moved from en:dpi:bras_bng:opt_bras_l2:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_req to en:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_req elena.krasnobryzhen:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_req [2024/12/04 15:35] (current) – ↷ Links adapted because of a move operation elena.krasnobryzh
    Line 1: Line 1:
    -======bras_pppoe_radius_req======+====== Access-Request format for the PPPoE networks ====== 
     +{{indexmenu_n>1}} 
     +Access-Request request being formed by the fastpcrf contains the following Radius attributes: 
     +  * ''User-Name'' - for the PAP/CHAP/MS-CHAPv2: subscriber login. In order to authorize by MAC address this attribute contains the subscriber MAC address as a string, similar to the Calling-Station-Id attribute.  
     +  * ''Password'' - subscriber password (only for the PAP authorization) 
     +  * ''CHAP-Challenge'' and ''CHAPPassword''- for the CHAP authorization 
     +  * ''MS_CHAP_Challenge'' and ''MS_CHAP2_Response'' (Microsoft VSA) - for the MS-CHAPv2 authorization 
     +  * ''Calling-Station-Id'' - subscriber MAC address as a string, for example, '01:02:e4:55:da:f5'. Here, the small letters for hex-digits A-F are used. 
     +  * ''Acct-Session-Id'' - accounting sesson identifier. This attribute is always passed even if you do not use the VAS Experts DPI accounting. 
     +  * ''Service-Type'' = 2 (Framed) 
     +  * ''Framed-Protocol'' = 1 (PPP) 
     + 
     +[SSG 7.6+] If Access-Request is initiated by the 
     +[[en:dpi:bras_bng:radius_integration:radius_auth_coa|CoA request of reauthorization]], 
     +then the ''Framed-IP-Address'' attribute containing the subscriber IP address is added. 
     + 
     +Attributes identifying the NAS (i.e., VAS Experts DPI): 
     + 
     +''NAS-IP-Address'' - NAS IP address is specified in the fastpcrf.conf by the ''radius_attr_nas_ip_address'' configuration option.  
     +If this option is not specified in the fastpcrf.conf, the NAS-IP-Address attribute will not be added to the Access-Request. 
     +     
     +''NAS-Identifier'' - NAS identifier is specified in the fastpcrf.conf by the ''radius_attr_nas_id'' configuration option.  
     +If this option is not specified in the fastpcrf.conf, the NAS-IP-Address attribute will not be added to the Access-Request. 
     +         
     +Note that only one of the attributes - NAS-IP-Address or NAS-Identifier is added to the Access-Request depending on the fastpcrf.conf settings. If both radius_attr_nas_ip_address and radius_attr_nas_id options are specified in the fastpcrf.conf, the only NAS-IP-Address is included in the Access-Request. The radius_add_all_nas_ids parameter allows you to add both of these attributes to the request: 
     +<code># Allows to add NAS-IP-Address AND NAS-Identifier  
     + # By RFC, the request can include either NAS-IP-Address or NAS-Identifier. 
     + # If both options are specified then priority is given to NAS-IP-Address option. 
     + # The value of this parameter 1 allows you to add both attributes to the request. 
     +#radius_add_all_nas_ids=0</code> 
     + 
     +''VASExperts-Service-Type'' - Vendor-Specific attribute containing the number (int32) defining the PPPoE authorization type: 
     +     * VASExperts-Service-Type = 2 - for the PAP 
     +     * VASExperts-Service-Type = 3 - for the CHAP  
     +     * VASExperts-Service-Type = 4 - for the MS-CHAPv2 
     +     * VASExperts-Service-Type = 5 - for the MAC address authorization 
     + 
     +''Message-Authenticator'' - [RFC2869] is formed if the ''radius_msg_auth_attr = 1'' options is specified in the fastpcrf.conf 
     + 
     +If the incoming subscriber packet contains VLANs (that is, if you have a PPPoE network with L2 VLAN tags): 
     +  * ''NAS-Port-Type'' - is specified in the fastpcrf.conf by the ''radius_attr_nas_port_type'' configuration option, its default value is 5 (Virtual) 
     +  * ''NAS-Port'' - VLAN value 
     +  *  
     +If the incoming subscriber package contains Q-in-Q (that is, if you have a PPPoE network with L2-QinQ tags): 
     +  * ''NAS-Port-Type'' - is specified in the fastpcrf.conf by the ''radius_attr_nas_port_type'' configuration option, its default value is 5 (Virtual) 
     +  * ''NAS-Port-Id'' - VLAN value as a string using like "outerVLAN/innerVLAN" format, for example, "10/102" 
     + 
     +=====Supports PPPoE circuit-id and remote-id options===== 
     + 
     +SSG as of version 8.2 supports the PPPoE options circit-id and remote-id according to [[https://tools.ietf.org/html/rfc4679|RFC 4679]]. The values of these options are passed to Access-Request in the VSA attributes ''Agent-Circuit-Id'' and ''Agent-Remote-Id'' respectively, vendor-id=3561. 
     + 
     +=====Support Huawei vendor-specific tag 1===== 
     + 
     +SSG 12.4 - added support for Huawei vendor-specific tag 1. 
     + 
     +The value is interpreted as ''ADSL-Forum-Circuit-Id''
     + 
     +If PPPoE packet contains ''Circuit-Id'' and ''Huawei tag 1'', ''Circuit-Id'' is preferred, ''Huawei tag 1'' is ignored.