DHCP Radius Proxy [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • ODT export
  • Export Page to HTML/PDF
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • ODT export
  • Export Page to HTML/PDF
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsBNG/BRASDHCP Authorization SetupDHCP handlingDHCP Radius Proxy

    Table of Contents

    DHCP Radius Proxy

    Description

    This mode is intended for network building without a DHCP-server being present on the network. Radius-server instead of DHCP-server is used, in this case the fastDPI in conjunction with the fastPCRF serves as a DHCP-server. This operation mode can be briefly described as follows:

    • fastDPI accepts the DHCP-requests coming from customer equipment and forward it to the fastPCRF
    • fastPCRF converts the DHCP-request to the Radius Access-Request and forward it to the Radius-server
    • when the Access-Accept/Access-Reject response is already accepted fastPCRF converts it to its internal format and forward it to the fastDPI. Note that the Radius-response must contain both the attributes required for DHCP, and the user profiles required by fastDPI
    • fastDPI compose the DHCP-response and forward it to the user as well as stores the user profiles along with the set of activated services

    The advantages of this operation mode are quite obvious:

    • there is no need for separate DHCP server, so one of the potential fault point is eliminated;
    • all the user information is centrally stored in the Radius server database resulting in simplifying the user parameters configuration;
    • with respect to the fastDPI - there is no need for a separate user authorization request since the reply to Access-Request contains both fastDPI user profiles and the set of activated fastDPI-services

    Configuration

    SSG in L2 BRAS mode becomes the subscriber's gateway: it remembers the gateway's IP address from the DHCP response and responds to ARP requests (if bras_arp_mode=3) and ping to this gateway from the subscribers' side. Moreover, the response to the subscriber's DHCP request comes from the gateway's IP address.
    It is possible to specify the address of the DHCP server, from which the response to the subscriber DHCP request will be generated. If DCHP option 54 (Server-Id, IP address of the DHCP server) is specified in the Radius response, then SSG uses this IP address as the sourceIP in the DHCP response to the subscriber. You can set opt54 using the VSA attributes of the DHCP options, for example: 
    VasExperts-DHCP-Option-IP="54:192.168.52.33"

    The DHCP Radius proxy mode is activated by the following configuration parameter in fastdpi.conf: 

    bras_dhcp_mode=2

    You also have to specify both a fastdpi virtual IP and MAC addresses - they would be used as the DHCP-server virtual addresses, for example: 

    bras_arp_ip=10.0.0.5
bras_arp_mac=90:E2:BA:87:15:C4

    The following are detailed DHCP Radius proxy mode description and its configuration:

    1. FastDPI in the DHCP proxy mode
    2. DHCP Radius proxy - Access-Request
    3. Response to Access-Request
    4. VSA attributes for DHCP options
    5. Secondary Keys Control
    6. Interrelation of DHCP Radius proxy and L3 authorization modes
    7. Rate limit
    8. Troubleshooting