The Service-Name tag is necessary for establishing the authorization procedure according to RFC requirements; SSG fully supports this tag in compliance with all requirements.
The tag indicates that a service name follows. The TAG_VALUE field is a string of UTF-8 characters without a terminating NULL character. A zero value of the TAG_LENGTH field is used to indicate acceptability of any service. An example of using the Service-Name tag could be indicating the name ISP2, class, or quality of service.
Management is performed separately for each VLAN id.
fdpi_cli help vlan group — call the guide for managing Service-Name.
fdpi_cli vlan group 0 show all — display all properties for all groups
fdpi_cli vlan group <id> show all — display all properties for a group with a specific id. Here id is the VLAN number for which to display Service-Name information.
Example: fdpi_cli vlan group 1150 show all
fdpi_cli vlan group <id> show auth pppoe — show PPPoE authorization policy
fdpi_cli vlan group <id> show auth all — show policy for all authorization protocols
fdpi_cli vlan group <id> auth pppoe show service-name all — show the policy for using service names for authorization via PPPoE
fdpi_cli vlan group <id> allow auth pppoe — allow authorization via PPPoE in a specific VLAN
fdpi_cli vlan group <id> auth pppoe allow add service-name name='<service_name>' — allow authorization via PPPoE for a specific Service-Name. When establishing a PPPoE session during the Discovery stage after receiving a PADI packet, a temporary delay (delay parameter) is permissible before sending a PADO packet. Valid values for the delay parameter: 0, 1, 2, 3, 4, 5.
fdpi_cli vlan group <id> auth pppoe allow add service-name name='<service_name>' delay=<delay> — allow authorization via PPPoE for a specific Service-Name with a delay (measured in seconds)
Example: fdpi_cli vlan group 1150 auth pppoe allow add service-name name='test1' delay=5
To deny authorization for a specific VLAN, first remove all existing rules for that VLAN. That is, to allow specific Service-Names, first deny all and only then allow specific tags.
fdpi_cli vlan group <id> deny auth pppoe — deny authorization via PPPoE in a specific VLAN
fdpi_cli vlan group <id> auth pppoe deny add service-name name='<service_name>' — deny authorization via PPPoE for a specific Service-Name
Example: allow authorization only for specific Service-Names:
fdpi_cli vlan group 1250 deny auth pppoe
fdpi_cli vlan group 1250 auth pppoe allow add service-name name='test2'
fdpi_cli vlan group 1250 auth pppoe allow add service-name name='test3' delay=3
Example: deny authorization only for specific Service-Names:
fdpi_cli vlan group 350 allow auth pppoe
fdpi_cli vlan group 350 auth pppoe deny add service-name name='test-sname'
fdpi_cli vlan group 350 auth pppoe deny add service-name name='test-sname-too'
The sequence of commands is important when entering rules. For example, if a general authorization denial is entered after allowing rules, then authorization with any Service-Name in vlan 1250 will be unavailable:
fdpi_cli vlan group 1250 auth pppoe allow add service-name name='test2'
fdpi_cli vlan group 1250 auth pppoe allow add service-name name='test3' delay=3
fdpi_cli vlan group 1250 deny auth pppoe
This restriction also applies to individual deny/allow rules.
Example: allow authorization with Service-Name "test-sname".
fdpi_cli vlan group 350 auth pppoe deny add service-name name='test-sname'
fdpi_cli vlan group 350 auth pppoe allow add service-name name='test-sname'
Example: deny authorization with Service-Name "test-sname". fdpi_cli vlan group 350 auth pppoe deny add service-name name='test-sname' fdpi_cli vlan group 350 auth pppoe allow add service-name name='test-sname' fdpi_cli vlan group 350 auth pppoe deny add service-name name='test-sname'
fdpi_cli vlan group <id> auth pppoe delete service-name name='<service_name>' — delete Service-Name and its properties
fdpi_cli vlan group 0 delete all — delete all rules for all configured VLANs (equivalent to processing VLAN by default)