You can specify the following authorization options in fastdpi.conf in addition to describedearlier:

auth_resend_timeout - is the timeout of authorization requests resending to the fastpcrf, in seconds. The default value is 60. If the fastDPI doesn't receive a response from the fastpcrf during this period, the authorization request will be repeated.

auth_expired_timeout - is the authorization lifetime, in minutes. The default value is 60 minutes. Zero value corresponds to unlimited authorization lifetime. This option is applied only in case the Radius response does not contain the Session-Timeout attribute specifing the session lifetime. Note that the Access-Reject also can contain the Session-Timeout attribute. Once that time has elapsed, a second authorization request is sent.

auth_expired_timeout=0 (unlimited authorization lifetime) may result in subscriber being rejected in authorization (Access-Reject) will remain in "unauthorized" state permanently. The subscriber "unauthorized" state can be altered just by CoA notification to reauthorization, by the fastDPI restart or manually using the fdpi_ctrl.

auth_pcrf_reconnect - the timeout of reconnect to the fastpcrf, in seconds. The default value is 1 second.

auth_trace - is the boolean flag enabling the authorization tracing, is not specified by default. Note that the authorization tracing significantly affects the performance of the fastDPI and causes the large number records being written to the logs, so it should not be enabled unless you have to.

auth_trace_ip - the list of IP addresses (no more than two) to be authorized. The list is empty by default. Example:

auth_trace_ip=192.168.10.20,192.168.30.45

This list can be applied at the authorization implementing stage and when configuring the Radius servers: the authorization will only be performed for the specified local IP addresses (typically testing subscribers are used) without affecting "real" subscribers.

««« back to BRAS authorization