| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:dpi_components:freeradius:radius_integration [2025/12/18 07:20] – elena.krasnobryzh | en:dpi:dpi_components:freeradius:radius_integration [2025/12/19 13:20] (current) – [Configuration of FreeRADIUS as a load-balancing VASE NAS proxy adapter for NOKIA AAA] elena.krasnobryzh |
|---|
| {{indexmenu_n>2}} | {{indexmenu_n>4}} |
| ======RADIUS integration of SSG BRAS with Nokia BNG (AUTH/ACCT)====== | ====== Configuration of work with NOKIA attributes ====== |
| =====Assignment===== | ===== Purpose ===== |
| Radius contains a specification for what data should be present in request and response packets, but allows you to extend its functionality to a specific case by using Vendor Specific Attribute - attributes that are specified by a particular vendor. For example, to transmit information that has a non-standard display. In this case it is necessary for Nokia BNG to understand attributes from SSG BRAS and vice versa (SSG BRAS is a Radius client, Nokia BNG is a Radius server), for this purpose FreeRadius package has a possibility to work out attributes on the fly, which pass through it both in one and in the other direction. | RADIUS defines requirements for the data composition in request and response packets, while allowing functionality to be extended for specific tasks using vendor specific attributes — attributes defined by a particular vendor, for example, to transmit data with non-standard semantics.\\ |
| | To ensure correct interaction, NOKIA BNG must correctly process attributes from SSG BNG and vice versa (SSG BNG acts as a RADIUS client, NOKIA BNG as a RADIUS server). For this purpose, FreeRADIUS provides a mechanism for dynamic processing of attributes passing through it in both directions. |
| |
| =====Configuring FreeRADIUS as a balancing proxy VASE NAS adapter for Nokia AAA===== | ===== Configuration of FreeRADIUS as a load-balancing VASE NAS proxy adapter for NOKIA AAA ===== |
| {{ :en:dpi:dpi_components:radius:radius_integration:vase_to_nokia.tar.gz |}} | The configuration archive is provided upon request by technical support engineers. |
| |
| The attached archive contains the folders: | The archive contains the following directories: |
| - ''scripts'' - scripts of VASE NAS requests emulation for debugging and testing. The scripts contain examples of authorization and account requests for test users. | - ''scripts'' — scripts for emulating VASE NAS requests for debugging and verification. The scripts contain examples of authorization and accounting requests for test users. |
| - ''proxy/raddb'' - FreeRADIUS configuration of VASE NAS adaptation for Nokia AAA. | - ''proxy/raddb'' — FreeRADIUS configuration for adapting VASE NAS to NOKIA AAA. |
| |
| <note tip>Adaptation of AUTH and ACCT queries has been implemented, plans to add COA.</note> | <note tip>Adaptation of AUTH and ACCT requests is implemented; CoA support is planned to be added.</note> |
| |
| To deploy in a production environment, you need to: | To deploy in a production environment, it is required to: |
| - Install the FreeRADIUS server according to [[https://freeradius.org/documentation/|installation instructions]] on the software website. | - install the FreeRADIUS server according to the [[https://freeradius.org/documentation/|installation guide]] on the software website. |
| - Replace the default configuration created by the installer with the configuration from the archive. | - replace the default configuration created by the installer with the configuration from the archive. |
| - Configure addresses of VASE NAS source clients and Nokia AAA target servers according to [[en:dpi:dpi_components:freeradius:balancing_proxy]] instructions. | - configure the source client addresses of VASE NAS and the target NOKIA AAA servers according to the instructions in [[en:dpi:dpi_components:freeradius:balancing_proxy]]. |
| - Configure the source realm for VASE NAS users in the ''proxy.conf'' file (currently ''beelinerouter'' and ''beelinerouter-iptv''). | - configure the source realms for VASE NAS users in the file ''proxy.conf'' (currently ''rlm_pppoe_prod_servers'' and ''rlm_ipoe_prod_servers''). |
| - Configure adapter settings in the ''vase_to_nokia {}'' section in the ''radiusd.conf'' file: | |
| * ''nokia_realm'' - target realm for Nokia AAA users; | |
| * ''nokia_iptv_realm'' - target realm for Nokia AAA IP-TV users; | |
| * ''nas_identifier'' - NAS identifier for Nokia AAA users; | |
| * ''nas_port_type'' - port type for Nokia AAA; | |
| * ''nas_port_id'' - port identifier for Nokia AAA. | |
| | |
| Example setting: | |
| <code bash> | |
| vase_to_nokia { | |
| nokia_realm = "MSFT 5.0" | |
| nokia_iptv_realm = "MSFT_IPTV" | |
| | |
| nas_identifier = "bras904.krasnodar" | |
| nas_port_type = ethernet | |
| nas_port_id = "lag-2:3330.3330" | |
| } | |
| </code> | |
| | |
| ''server1/raddb'' - FreeRADIUS configuration of Nokia AAA emulator #1.\\ | |
| ''server2/raddb'' - FreeRADIUS configuration of Nokia AAA emulator #2.\\ | |
| These emulator configurations contain test user sets and target realm settings. | |
| |
