en:dpi:dpi_bestpractice:dpi_bestpractice_brasl2arpstaticip [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Next revision    		Previous revision
    en:dpi:dpi_bestpractice:dpi_bestpractice_brasl2arpstaticip [2020/10/13 12:59] – created edrudichgmailcomen:dpi:dpi_bestpractice:dpi_bestpractice_brasl2arpstaticip [2023/08/28 14:44] (current) – removed edrudichgmailcom
    Line 1: Line 1:
    -====== 10 BRAS L2 ARP Example ====== 
    -{{indexmenu_n>10}} 
    -===== Description ===== 
    -{{ :dpi:dpi_bestpractice:bras_l2_dhcp_radius_proxy.png?direct&600 |}} 
    - 
    -BRAS ARP L2 means that the subscriber configures the static IP address on his device. When a subscriber sends an ARP request to his default gateway, he gets to AAA in Billing. Then the subscriber is terminated by VAS Experts DPI and transferred to border equipment. 
    -А scheme when subscribers are given the /30 prefix is also possible. 
    - 
    -The following elements are involved in the VAS Experts DPI operation scheme in BRAS L2 DHCP Radius Proxy mode: 
    - 
    -  - Client with Q-in-Q access type 
    -  - FastDPI - traffic processing and policing 
    -  - FastPCRF - proxying requests between fastDPI and Radius 
    -  - Radius server - accepts requests from fastPCRF and generates responses with specified attributes 
    -  - Router - is responsible for packets transmission to the Internet and the backward routing. It is necessary to specify the Static Route, since VAS Experts DPI does not support OSPF and BGP at the moment. 
    - 
    -===== FastDPI Setup ===== 
    - 
    -==== Editing the DPI Configuration File ==== 
    -First, you need to uncomment (add) the following lines to the ///etc/dpi/fastdpi.conf// configuration file. 
    - 
    -<code> 
    -    # enable internal database of user properties 
    -udr=1 
    -    # enable IP authorization mode 
    -enable_auth = 1 
    -    # activate L2 BRAS mode 
    -bras_enable = 1 
    - 
    -    # DPI "virtual" IP address (must be unique on the network) 
    -bras_arp_ip = 192.168.1.2 
    -    # "virtual" DPI MAC address (you should use the real MAC address of any of the DNA interfaces) 
    -bras_arp_mac = a0: 36: 9f: 77: 26: 58 
    - 
    -    #IP address of the border 
    -bras_gateway_ip = 192.168.1.1 
    -    #MAC address of the interface to which DPI is connected on the border 
    -bras_gateway_mac = c4: 71: 54: 4b: e7: 8a 
    - 
    -    # data of the server where FastPCRF is installed (unless changed on the same server as Fastdpi) 
    -auth_servers = 127.0.0.1% lo: 29002 
    - 
    -    # enable the response to ARP requests to gateways 
    -bras_arp_proxy = 0x0002 
    -    # enable authorization by ARP requests 
    -bras_arp_auth = 2 
    - 
    -    # vlan termination (in this case, the tag will be stripped) 
    -bras_vlan_terminate = 1 
    -    # local traffic closure 
    -bras_terminate_local = 1 
    - 
    -    # enable accounting 
    -enable_acct = 1 
    -    # subscriber billing statistics 
    -netflow = 4 
    -    # timeout for sending statistics 
    -netflow_timeout = 60 
    - 
    -</code> 
    - 
    -<note important> 
    -You should set your **own** values for the following parameters 
    -  * bras_arp_ip 
    -  * bras_arp_mac 
    -  * bras_gateway_ip 
    -  * bras_gateway_mac 
    -</note> 
    -    
    -===== FastPCRF Setup ===== 
    -FastPCRF needs to be configured. To do this, edit the file ///etc/dpi/fastpcrf.conf//. Find the line with RADIUS server parameters and change: 
    - 
    -<code> 
    -     # secret123 - Radius secret 
    -     # 192.168.1.10 - IP address of the Radius server 
    -     # eth0 - interface from which FastPCRF "communicates" with the Radius server 
    -     # 1812 - port to which FastPCRF sends authorization requests 
    -     #acct_port - port to which FasPCRF sends Accounting 
    -radius_server=secret123@192.168.1.10%eth0: 1812; acct_port = 1813 
    -</code> 
    - 
    -===== Radius Setup ===== 
    -The setting is **an example** for freeRADIUS 3 and may differ from the configuration of your Radius server.  
    - 
    -==== VasExperts Dictionary ==== 
    -First you need to add a VSA dictionary: 
    -  * copy the dictionary /usr/share/dpi/dictionary.vasexperts from the fastpcrf distribution to the $freeRadius/share/freeradius directory 
    -  * add the following line to the main dictionary $freeRadius/share/freeradius/dictionary: 
    - 
    -<code> 
    -$INCLUDE dictionary.vasexperts 
    -</code> 
    - 
    -==== Creating Client Radius ==== 
    -Add the following lines to raddb/clients.conf of the Radius server 
    - 
    -<code> 
    -client fastdpi1 { 
    - ipaddr = 192.168.1.5 
    - secret = secret123 
    - require_message_authenticator = yes 
    -# add_cui = yes 
    - virtual_server = fastdpi-vs 
    -} 
    -</code> 
    - 
    -==== Creating a Virtual Server ==== 
    -To create the virtual server configuration, copy the file raddb/sites-available/default, included in the supply FreeRadius, in raddb/sites-enabled/fastdpi-vs and then edit fastdpi-vs: 
    -  * set the name of the virtual server - change the line "server default" at the beginning of the file to "server fastdpi-vs" 
    -  * in the "listen" section for auth requests (type = auth) write on which IP address and which port to listen  incoming requests (note that this is the local address of the Radius server): 
    - 
    -<code> 
    -ipaddr = 192.168.1.10 
    -port = 1812 
    -interface = eth0 
    -</code> 
    -