Subscriber management commands
Subscriber authorization status control commands. The subscriber is identified with his IP-address. You can specify a single IP address or a group of addresses as CIDR or as a range of IP addresses:
fdpi_cli subs auth show [IP | CIDR | IP_RANGE] # IP - a single specified IP-address # CIDR - all subscribers from the specified subnet # IP_RANGE - all subscribers from the specified range. The end of the range is NOT considered. # Examples: # IP - a specified IP-address fdpi_cli subs auth show 192.168.10.10 # CIDR fdpi_cli subs auth show 10.240.34.0/24 fdpi_cli subs auth show 2001:67:abcd::67/56 # IP_RANGE fdpi_cli subs auth show 192.168.56.32 - 192.168.56.76 fdpi_cli subs auth show 2001:67:abcd:: - 2001:67:abcd:56::
The command displays the status of subscribers' authorization. Displaying authorization status for all subscribers:
fdpi_cli subs auth show all
Displaying authorization status for a specified IP-address or a range of IP-addresses:
fdpi_cli subs auth show [IP | CIDR | IP_RANGE] # Examples: # IP - a specified IP-address fdpi_cli subs auth show 192.168.10.10 # CIDR fdpi_cli subs auth show 10.240.34.0/24 fdpi_cli subs auth show 2001:67:abcd::67/56 # IP_RANGE fdpi_cli subs auth show 192.168.56.32 - 192.168.56.76 fdpi_cli subs auth show 2001:67:abcd:: - 2001:67:abcd:56::
Sets subscribers' authorization status.
General command format:
fdpi_cli subs auth set [ip-range] [params]
ip-range:
all - setting the authorization status for all IP-addresses found in the DPI.
params - the parameters:
state=unk|auth|noauth - authorization status: unknown (unk), authorized (auth), unauthorized (noauth). The "Unknown" status is similar to command subs auth clear, status "Unauthorized" - is similar to getting Access-Reject from Radius, "Authorized" - similar to Access-Acceptexpired=<time> - authorization time. <time> can be specified relative to the current time (seconds) or as an absolute time in the future in the format YYYY-MM-DDTHH:MM:DD. Specifying expired=0 is equivalent to clearing the expiration time, which will lead to L3-authorization request as the packet from the subscriber arrives.Examples:
# Setting the authorization status for 600 seconds for a specific subscriber fdpi_cli subs auth set 192.168.20.30 state=auth expired=600 # Clearing the authorization status for the specified CIDR fdpi_cli subs auth set 2001:67:abcd::67/56 state=unk expired=0 # Clearing authorization status for all fdpi_cli subs auth set all state=unk expired=0 # Extend current authorization status by 1 hour for all IPs in the range (192.168.56.76 is excluded) fdpi_cli subs auth set 192.168.56.32 - 192.168.56.76 expired=3600 # Setting status and absolute end time for a range fdpi_cli subs auth set 192.168.56.32 - 192.168.56.76 state=auth expired=2019-10-23T00:00:00
Resetting the authorization status of subscribers. The authorization status is set to "unknown", which will lead to L3-authorization request as the packet from the subscriber arrives.
Resetting the authorization status for all subscribers:
fdpi_cli subs auth clear all
Resetting the authorization status for a specified IP-address or range of IP-addresses:
fdpi_cli subs auth clear [IP | CIDR | IP_RANGE] # Examples: # IP - a specified IP-address fdpi_cli subs auth clear 192.168.10.10 fdpi_cli subs auth clear 2001:67:abcd::67/56 # CIDR fdpi_cli subs auth clear 10.240.34.0/24 fdpi_cli subs auth clear 2001:67:abcd::67/56 # IP_RANGE - the end of the range is NOT considered. fdpi_cli subs auth clear 192.168.56.32 - 192.168.56.76 fdpi_cli subs auth clear 2001:67:abcd:: - 2001:67:abcd:56::
Sending an ICMP echo request (ping) to the subscriber. Similar to system comand ping. Works only in L2 BRAS mode.
fdpi_cli -r <address> ping ip=<IP-address> [options]
ip - subscriber's IP-address (IPv4 or IPv6)
[options]:
n=N - number of pings, 0 - infinite (Ctrl-C to finish)len=N - payload length, bytes, 64 by default. It should be noted that the subs ping command is not able to fragment packets, it always sends one packet. The payload length is limited to 1400 bytes.ttl=N - TTL value, 32 by default.Examples:
fdpi_cli -r 127.0.0.1 ping ip=172.168.10.20 n=3 fdpi_cli -r 127.0.0.1 ping ip=172.168.10.20 n=50 len=1000 ttl=2
Subscriber L2 properties are taken from the UDR, but they can be overwritten (all or only some) with the following parameters:
mac=X:X:X:X:X:X - subscriber's MAC-address;vlan=N, vlan=N.N - subscriber's VLAN or Q-in-Q;iface=N - DNA interface index to which to send the packet.Examples:
fdpi_cli -r 127.0.0.1 ping ip=172.168.10.20 mac=01:02:03:60:70:99 n=3 fdpi_cli -r 127.0.0.1 ping ip=172.168.10.20 mac=01:02:03:60:70:99 vlan=123.56 n=50 len=1000 ttl=2
Limitation: the command may not work in multicluster mode without aggregation.
Checking the availability of the internet.
The packet goes through the whole stack of functions and services, polysensing, etc., only after that it goes to the Internet. In this way you can determine whether the problem is on the Internet aplink, between BRAS subscribers, or on BRAS.
Hint: fdpi_cli ping inet ?
Commands for viewing and modifying L2 properties of the subscriber (replace fdpi_ctrl --ip_prop)
Viewing L2 subscriber properties for a given IPv4 or IPv6 address, MAC or subs_id
subs prop show <IP> Examples: subs prop show 10.240.34.56 subs prop show 2001:67:abcd::67/64
subs prop show mac=<MAC> Example: subs prop show mac=02:42:89:33:7b:3e
subs prop show subs_id=<MAC> Example: subs prop show subs_id=00:1b:21:bc:a3:0c
Hint:
fdpi_cli help subs prop show
Modification of the subscriber's L2-properties, adding a new subscriber with the specified L2-properties, removing some L2-properties. For complete syntax, see:
fdpi_cli help subs prop set
Removing all L2 properties of the specified subscriber. Examples:
subs prop del 10.240.34.56 subs prop del 2001:67:abcd::67/64
This command actually removes the IP address from the internal database. To remove a specific subscriber property, use subs prop set.