BRAS DHCP L2 mode means that the subscriber recieves an IP-address via DHCP Proxy and proceeds to ААА in the Billing system. Then the subscriber is terminated by VAS Experts DPI and transferred to border equipment.

The following elements are involved in the VAS Experts DPI operation scheme in BRAS L2 DHCP Radius Proxy mode:

1. Client with Q-in-Q access type
2. FastDPI - traffic processing and policing
3. FastPCRF - proxying requests between fastDPI and Radius
4. Radius server - accepts requests from fastPCRF and generates responses with specified attributes
5. Router - is responsible for packets transmission to the Internet and the backward routing. It is necessary to specify the Static Route, since VAS Experts DPI does not support OSPF and BGP at the moment.

First, you need to uncomment (add) the following lines to the /etc/dpi/fastdpi.conf configuration file.

    #enabling internal database of user properties
udr=1
    #enabling the authorization by IP mode
enable_auth=1
    #enabling L2 BRAS mode
bras_enable=1

    #"virtual" IP address of DPI (must be unique on the network)
bras_arp_ip=192.168.1.2
    #"virtual" MAC address of DPI (use the real MAC address of any of the DNA interfaces)
bras_arp_mac=a0:36:9f:77:26:58

    #IP address of the border
bras_gateway_ip=192.168.1.1
    #MAC address of the interface to which DPI is connected on the border
bras_gateway_mac=c4:71:54:4b:e7:8a

    #server data which Fastpcrf is installed on (if it is the same where Fastdpi is installed, do not change)

auth_servers=127.0.0.1%lo:29002

	#enabling of DHCP Relay Agent mode
bras_dhcp_mode=1

	#192.168.10.2 – IP-address of DHCP-server
	#veth0 – the name of the network interface that communicates with the DHCP server
	#67 – port, default value: 68
	#arp_proxy - lag in response to ARP requests for the DHCP-server IP-address
	#alias_ip - DHCP server alias
	#reply_port - port that recieves for responses from the DHCP server
bras_dhcp_server=192.168.10.2%veth0:67;arp_proxy=1;alias_ip=192.168.1.4;reply_port=67

    #vlan termination (in this case the tag will be cut out)
bras_vlan_terminate=1
    #MAC spoofing
bras_terminate_l2=1
    #local traffic interconnection
bras_terminate_local=1

    #enabling accounting
enable_acct=1
    #subscribers billing statistics
netflow=4
    #timeout for sending statistics
netflow_timeout=60

To configure FastPCRF, edit the file /etc/dpi/fastpcrf.conf. Find the line with the RADIUS server parameters and change

     #secret123 - Radius secret
     #192.168.1.10 - IP address of Radius server
     #eth0 - the interface from which FastPCRF communicates with the Radius server
     #1812 - the port to which FastPCRF sends authorization requests
     #acct_port - the port that FasPCRF sends Accouting to
radius_server=secret123@192.168.1.10%eth0:1812;acct_port=1813

The setup is given as an example on freeRADIUS 3 and may differ from the configuration of your Radius server.

First you need to add a VSA dictionary

• Copy the dictionary /usr/share/dpi/dictionary.vasexperts from the fastpcrf distribution into $freeRadius/share/freeradius directory
• Add the following line to the main dictionary $freeRadius/share/freeradius/dictionary:

$INCLUDE dictionary.vasexperts

Add the following lines to raddb/clients.conf of the Radius server

client fastdpi1 {
	ipaddr		= 192.168.1.5
	secret		= secret123
	require_message_authenticator = yes
#	add_cui = yes
	virtual_server	= fastdpi-vs
}

To create a virtual server configuration, copy the included in the FreeRadius file raddb/sites-available/default, to raddb/sites-enabled/fastdpi-vs. Then edit fastdpi-vs:

• set the name of the virtual server - change the 'server default' line at the beginning of the file to 'server fastdpi-vs'
• in the 'listen' section for auth requests (type = auth), set IP-addresses and ports that will listen to the incoming requests (note that this is the local address of the Radius server):

ipaddr = 192.168.1.10
port = 1812
interface = eth0

Add subscriber data to the file /etc/raddb/users

testuser        Cleartext-Password := "VasExperts.FastDPI"
        Framed-IP-Address = 192.168.2.199,
        VasExperts-DHCP-DNS = 8.8.8.8,
        VasExperts-Enable-Service = "9:on",
	VasExperts-Policing-Profile = "100Mbps"
	VasExperts-Service-Profile = "11:user_nat"

Two entries for FastPCRF should also be added to the file /etc/raddb/users

VasExperts.FastDPI.unknownUser Cleartext-Password := "VasExperts.FastDPI"
DEFAULT	Cleartext-Password := "VasExperts.FastDPI"