| |
| en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response [2024/09/26 15:29] – created - external edit 127.0.0.1 | en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response [2025/09/03 08:37] (current) – elena.krasnobryzh |
|---|
| <note important>Need to create services and policing that will transfer using Radius attributes from billing. [[en:dpi:dpi_options:use_cases:qs_rateplans|Example of setting up policing (tariff plan) and Captive Portal, which are minimally required for startup]].</note> | <note important>Need to create services and policing that will transfer using Radius attributes from billing. [[en:dpi:dpi_options:use_cases:qs_rateplans|Example of setting up policing (tariff plan) and Captive Portal, which are minimally required for startup]].</note> |
| |
| ==== VasExperts-Policing-Profile ==== | ===== VasExperts-Policing-Profile ===== |
| The response to an Access-Accept must contain no more than one of this attribute.\\ | The response to an Access-Accept must contain no more than one of this attribute.\\ |
| - Preconfigured policing \\ A string attribute specifying the [[en:dpi:dpi_components:platform:subscriber_management:subsman_profiles|policing profile name]] for the user. \\ ''VasExperts-Policing-Profile = "50Mbps"'' | - Preconfigured policing \\ A string attribute specifying the [[en:dpi:dpi_components:platform:subscriber_management:subsman_profiles|policing profile name]] for the user. \\ ''VasExperts-Policing-Profile = "50Mbps"'' |
| * ''#+++-++++'' --- cs0 ... cs7, rate(cs3)=0, cs3 is blocked, other classes are allowed at root speed with borrowing (HTB algorithm). | * ''#+++-++++'' --- cs0 ... cs7, rate(cs3)=0, cs3 is blocked, other classes are allowed at root speed with borrowing (HTB algorithm). |
| |
| ==== VasExperts-Service-Profile ==== | ===== VasExperts-Service-Profile ===== |
| A string option specifying the profile name for a specific fastDPI service. Used format: | A string option specifying the profile name for a specific fastDPI service. Used format: |
| <code> | <code> |
| <note tip>The authorization response may contain zero or more ''VasExperts-Service-Profile attributes'', one attribute for each service.</note> | <note tip>The authorization response may contain zero or more ''VasExperts-Service-Profile attributes'', one attribute for each service.</note> |
| |
| ==== VasExperts-Enable-Service ==== | ===== VasExperts-Enable-Service ===== |
| A string parameter that specifies whether to activate/disable a specific service not requiring any profile. | A string parameter that specifies whether to activate/disable a specific service not requiring any profile. |
| String format : | String format : |
| [[en:dpi:dpi_options:opt_filtration:filtration_ctrl|global fastDPI configuration]]. Service 4 is usually globally activated in order to comply with the federal law. | [[en:dpi:dpi_options:opt_filtration:filtration_ctrl|global fastDPI configuration]]. Service 4 is usually globally activated in order to comply with the federal law. |
| |
| ==== VasExperts-Multi-IP-User ==== | ===== VasExperts-Multi-IP-User ===== |
| This attribute shows whether there are many IP addresses assigned for this subscriber or only just one. | This attribute shows whether there are many IP addresses assigned for this subscriber or only just one. |
| This attribute can be presented either by a byte or by a 32-bit number. | This attribute can be presented either by a byte or by a 32-bit number. |
| If the ''VasExperts-Multi-IP-User=1'' attribute is set to the user so the features (active services and policing) are applied to all subscribers IP addresses and the key is a subscriber login. Note that the Stingray SG authorizes **each** subscriber IP address: for example, if 10 IP addresses are associated with the subscriber, an Access-Request authorization request will be sent for **each** of the addresses. It is expected that the response to each IP address of a multi-IP subscriber will contain the same set of active services and the same profiles. The response to the authorization of each of the 10 IP-addresses mentioned above will be applied to the subscriber **login**, so all the IP addresses within this login will be assigned the same set of services along with the same policing. | If the ''VasExperts-Multi-IP-User=1'' attribute is set to the user so the features (active services and policing) are applied to all subscribers IP addresses and the key is a subscriber login. Note that the Stingray SG authorizes **each** subscriber IP address: for example, if 10 IP addresses are associated with the subscriber, an Access-Request authorization request will be sent for **each** of the addresses. It is expected that the response to each IP address of a multi-IP subscriber will contain the same set of active services and the same profiles. The response to the authorization of each of the 10 IP-addresses mentioned above will be applied to the subscriber **login**, so all the IP addresses within this login will be assigned the same set of services along with the same policing. |
| |
| ==== VasExperts-UserName ==== | ===== VasExperts-UserName ===== |
| The subscriber name (login). | The subscriber name (login). |
| |
| |
| {{anchor:VasExperts-Restrict-User}} | {{anchor:VasExperts-Restrict-User}} |
| ==== VasExperts-Restrict-User ==== | ===== VasExperts-Restrict-User ===== |
| The attribute to identify the subscriber is blocked. | The attribute to identify the subscriber is blocked. |
| |
| |
| {{anchor:VasExperts-Enable-Interconnect}} | {{anchor:VasExperts-Enable-Interconnect}} |
| ==== VasExperts-Enable-Interconnect ==== | ===== VasExperts-Enable-Interconnect ===== |
| The attribute indicating enabling/disabling local interconnect for the subscriber. | The attribute indicating enabling/disabling local interconnect for the subscriber. |
| |
| |
| By default, ''VasExperts-Enable-Interconnect=1'' and if ''bras_terminate_local=1'' is set in fastdpi.conf, then interconnect is allowed. This attribute can be used to disable interconnect for a specific subscriber by specifying ''VasExperts-Enable-Interconnect=0''. | By default, ''VasExperts-Enable-Interconnect=1'' and if ''bras_terminate_local=1'' is set in fastdpi.conf, then interconnect is allowed. This attribute can be used to disable interconnect for a specific subscriber by specifying ''VasExperts-Enable-Interconnect=0''. |
| ===== Optional Radius attributes ===== | ====== Optional Radius attributes ====== |
| In addition to the mentioned above VSA attributes the Stingray Service Gateway supports the following standard Radius-attributes within the Access-Accept/Access-Reject. All of them are optional. | In addition to the mentioned above VSA attributes the Stingray Service Gateway supports the following standard Radius-attributes within the Access-Accept/Access-Reject. All of them are optional. |
| |
| ==== Session-Timeout ==== | ===== Session-Timeout ===== |
| It specifies the duration of the subscriber authorization, in seconds. At the expiry of this time the SSG will send a second request for Access-Request to authorize. | It specifies the duration of the subscriber authorization, in seconds. At the expiry of this time the SSG will send a second request for Access-Request to authorize. |
| |
| By default, the session duration is specified in the fastdpi.conf using the ''auth_expired_timeout'' option (in **minutes**). | By default, the session duration is specified in the fastdpi.conf using the ''auth_expired_timeout'' option (in **minutes**). |
| |
| ==== Acct-Interim-Interval ==== | ===== Acct-Interim-Interval ===== |
| Specifies the time interval for updating Accounting statistics (in seconds) for the subscriber. | Specifies the time interval for updating Accounting statistics (in seconds) for the subscriber. |
| | |
| Interim interval is specified by default in the fastpcrf.conf using the ''radius_acct_interim_interval'' option. | Interim interval is specified by default in the fastpcrf.conf using the ''radius_acct_interim_interval'' option. |
| |
| ==== Idle-Timeout ==== | <note important>Explicitly setting ''Acct-Interim-Interval = 0'' in the RADIUS response disables sending Interim-Update.</note> |
| | |
| | ===== Idle-Timeout ===== |
| Specifies the interval over which the accounting data is unchanged, when it expires the accounting session is considered to be closed caused by the subscriber inactivity. Idle timeout is set by default by the fastpcrf.conf ''radius_acct_idle_timeout'' option. | Specifies the interval over which the accounting data is unchanged, when it expires the accounting session is considered to be closed caused by the subscriber inactivity. Idle timeout is set by default by the fastpcrf.conf ''radius_acct_idle_timeout'' option. |
| A way to determine the subscriber inactivity is specified by the ''acct_check_idle_mode'' option defined in the fastpcrf.conf. The description of the parameters can be found in the section [[en:dpi:bras_bng:radius_integration:radius_accounting:setup]]. | A way to determine the subscriber inactivity is specified by the ''acct_check_idle_mode'' option defined in the fastpcrf.conf. The description of the parameters can be found in the section [[en:dpi:bras_bng:radius_integration:radius_accounting:setup]]. |
| |
| ==== Class ==== | ===== Class ===== |
| This attribute will be added to all Accounting-Request PDUs if it is set. The SSG does not analyze the value of this attribute. | This attribute will be added to all Accounting-Request PDUs if it is set. The SSG does not analyze the value of this attribute. |
| |
