Возможности
- Авторизация по MAC
- Авториазция Q in Q
Подключение модуля
config.pl
$AUTH{huawei_me60}='Me60'; $ACCT{huawei_me60}='Me60';
RADIUS
Настройка редиректа для неизвестных абонентов
raddb/users
sp_l4_redirect Cleartext-Password := "SERVICE-PASS", Auth-Type = Accept Huawei-AVpair := "service:service-group=sg-l4-redirect priority 5", Huawei-AVpair += "service:authentication-scheme=none", Huawei-AVpair += "service:accounting-scheme=customers_acct_ipoe1", Huawei-AVpair += "service:radius-server-group=rad_ipoe_1", Huawei-Input-Average-Rate := "256000", Huawei-Output-Average-Rate += "256000" DEFAULT Auth-Type = Perl Fall-Through = 1
Q in Q
Настраиваем параметр $conf{AUTH_EXPR}='';
$conf{AUTH_EXPR}='NAS-Port-Id:vlanid=(\d+)\W+vlanid2=(\d+):VLAN_DEC,SERVER_VLAN_DEC';
Тестирование
auth.qinq
User-Name = "14eb.b615.1099" User-Password = "eesha0Esjoogh4An" NAS-Port = 135314357 NAS-IP-Address = 192.168.11.135 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "14:eb:b6:15:10:99" NAS-Identifier = "SOHO-BRASS" NAS-Port-Type = Ethernet NAS-Port-Id = "slot=8;subslot=1;port=11;vlanid=2997;vlanid2=2502;" Acct-Session-Id = "SOHO-BR08111250202997c905a1004ee7" Connect-Info = "1000000000" Huawei-Startup-Stamp = 1640050527 Huawei-IPHost-Addr = "255.255.255.255 14:eb:b6:15:10:99" Huawei-Connect-ID = 20199 Huawei-Version = "Huawei ME60" Huawei-Product-ID = "ME60" Huawei-Domain-Name = "abills_main" Huawei-User-Mac = "14:eb:b6:15:10:99" Cleartext-Password = "eesha0Esjoogh4An"
Тестирование подключения
test auth
cd /usr/abills/libexec/ ./radtest.sh auth -rad -rad_file auth.qinq
Ответ
Received Access-Accept Id 13 from 127.0.0.1:1812 to 127.0.0.1:44796 length 164 Service-Type = Framed-User Huawei-Account-Info = "NTP_1187_0_167" Huawei-Account-Info = "ATP_1187_0_167" Framed-IP-Netmask = 255.255.252.0 Huawei-AVpair = "subscriber:accounting-list=ISG-AUTH-1" Framed-IP-Address = 192.168.1.21 Huawei-Service-Info = "ATP_1187_0_167" User-Name = "3432809" Acct-Interim-Interval = 600
Активация сервиса.
При активации генерируется автоматически профиль.
Huawei-Account-Info =
"NTP_1187_0_167"
Описание параметров:
NTP | Индентификатор ТП |
1187 | TP_ID тарифного плана |
0 | ID класса трафика |
167 | ID интервала времени |
После получения названия профиля и если его нет ещу в кеше, BRAS отправляет запрос параметров профиля на RADIUS серовер
Информация по сервису
test auth
cd /usr/abills/libexec/ ./radtest.sh auth -rad -u TP_1187_0_167 -nas 192.168.11.135
Ответ
Received Access-Accept Id 13 from 127.0.0.1:1812 to 127.0.0.1:44796 length 164 Service-Type = Framed-User Huawei-Account-Info = "NTP_1187_0_167" Huawei-Account-Info = "ATP_1187_0_167" Framed-IP-Netmask = 255.255.252.0 Huawei-AVpair = "subscriber:accounting-list=ISG-AUTH-1" Framed-IP-Address = 192.168.1.21 Huawei-Service-Info = "ATP_1187_0_167" User-Name = "3432809" Acct-Interim-Interval = 600
Неизвестный абонент
test auth
cd /usr/abills/libexec/ ./radtest.sh auth -rad -u sp_l4_redirect -nas 192.168.11.135
Ответ
Received Access-Accept Id 40 from 127.0.0.1:1812 to 127.0.0.1:36054 length 241 Huawei-Output-Average-Rate = 256000 Huawei-Input-Average-Rate = 256000 Huawei-AVpair = "service:service-group=sg-l4-redirect priority 5" Huawei-AVpair = "service:authentication-scheme=none" Huawei-AVpair = "service:accounting-scheme=customers_acct_ipoe1" Huawei-AVpair = "service:radius-server-group=rad_ipoe_1"
Дополнительные параметры
$conf{HUAWEI_ME60_ACCOUNTING_GROUP}='customers_acct_ipoe1'; | Название аккаунтинг профайла в RADIUS параметре Huawei-AVpair += "service:accounting-scheme=customers_acct_ipoe1" |
$conf{HUAWEI_ME60_RADIUS_GROUP}='rad_ipoe_1'; | Huawei-AVpair += "service:radius-server-group=rad_ipoe_1" |
$conf{HUAWEI_ME60_SERVICES}='local_net;local_net_2'; | Дополнительные сервисы |