====== FastPCRF settings ====== {{indexmenu_n>3}} Radius Accounting packages are sent by default to 1813 Radius server port. You can specify a different port globally for all the radius servers or specifically for a given radius server: * ''radius_acct_port'' option defined in the fastpcrf.conf configuration file specifies the default accounting port * ''acct_port'' option is applied for a given radius server: ''radius_server=secret@192.168.200.1%eth1:1812;acct_port=34567'' You can also specify a secret for Radius accounting for each server separately; this can be done using the ''acct_secret'' option of ''radius_server'' parameter: ''radius_server=qwerty@192.168.200.1%eth1:1812;acct_port=34567;acct_secret=123456'' The ''qwerty'' secret will be used for authorization requests in the example above, and ''123456'' will be used for the accounting ones. =====The following additional parameters related to the Radius Accounting can be specified in the fastpcrf.conf===== * ''radius_max_acct_connect_count'' – the maximum number of connections used to transfer the accounting data, the default value is 2. Each connection can be used to handle no more than 256 requests simultaneously.\\ This parameter limits the maximum Radius server load. * ''radius_acct_interim_interval'' – the time interval, in seconds, for sending the interim accounting. The default value is 1800 seconds. The minimum allowed value is 60 seconds.\\ It should be noted that the time interval for sending interim statistics can be specified for each user separately using the Acct-Interim-Interval attribute containing within the Access-Accept/Access-Reject response to the Access-Request authorization request. Value 0 means that interim statistics will not be sent. {{anchor:radius_acct_idle_timeout}} * ''radius_acct_idle_timeout'' - [is added in the VAS Experts DPI 7.3] the time interval, in seconds, during which the data is unchanged. If within this time interval, there was no change in accounting data being sent by the fastdpi,then the accounting-session is considered to be closed since the idle time-out is exceeded. The default value is 1800 seconds. It should be noted that it is meaningless to set the parameter value less than ''netflow_timeout'' one. {{anchor:acct_check_idle_mode}} * ''acct_check_idle_mode'' - [is added in the VAS Experts DPI 7.4] The stop event control mode, is used to control the event when the data will be changed.\\ Valid values are the following: * 0 - within the ''radius_acct_idle_timeout'' there is no changes in the incoming and outgoing traffic (this is the default value) * 1 - within the ''radius_acct_idle_timeout'' there is no changes only in the outgoing traffic (there is no subscriber's activity).\\ The ''acct_check_idle_mode=1'' mode allows to detect when the accounting session terminates even if the subscriber IP address is flooded with superfluous requests (for example, DDoS-attack). * ''acct_start_point'' - [is added in the VAS Experts DPI 7.4] The starting point of the accounting statistics: * 0 - since the last Stop (default value). This is the most accurate statistics; * 1 - since the Start event.\\ When the ''acct_start_point=0'' is used within the ''acct_check_idle_mode=1'' mode all the "parasite" traffic being accumulated since the last Stop event will fall into new accounting session.\\ When the ''acct_start_point=1'' is used instead all the "parasite" traffic being accumulated since the last Stop event will be ignored.\\ Also, due to the time delays between accounting "activating" and the actual netflow statistics gathering, the outgoing traffic statistics may be slightly distorted (downwards). * ''acct_auth_sync'' - [SSG 8.1+] authorization and account synchronization. Disabled by default (no synchronization). Some billing systems (e.g. LanBilling) require the current account session to be closed before sending an Access-Request.\\ The ''acct_auth_sync=1'' setting synchronizes the accting and authorization: when an auth-request arrives, the SSG closes the current acct session (sends acct Stop), waits for a response from Radius to acct Stop, and only then sends an Access-Request auth-request with the new acct sessionId. In addition, [SSG 9.2+] when closing an account session by idle timeout PCRF sends a notification to SSG about session closure; in this case SCAT resets the authorization status, which further leads to subscriber reauthorization - sending ''Access-Request''. * ''acct_disable_interim_update'' - prohibiting the sending of Interim-Updates. * ''acct_disable_interim_update=0'' — by default, Interim-Update is sent * ''acct_disable_interim_update=1'' — do not send an Interim-Update