Возможности
- Авторизация по MAC
- Авториазция Q in Q
Подключение модуля
config.pl
$AUTH{huawei_me60}='Me60';
$ACCT{huawei_me60}='Me60';
RADIUS
Настройка редиректа для неизвестных абонентов
raddb/users
sp_l4_redirect Cleartext-Password := "SERVICE-PASS", Auth-Type = Accept
Huawei-AVpair := "service:service-group=sg-l4-redirect priority 5",
Huawei-AVpair += "service:authentication-scheme=none",
Huawei-AVpair += "service:accounting-scheme=customers_acct_ipoe1",
Huawei-AVpair += "service:radius-server-group=rad_ipoe_1",
Huawei-Input-Average-Rate := "256000",
Huawei-Output-Average-Rate += "256000"
DEFAULT Auth-Type = Perl
Fall-Through = 1
Q in Q
Настраиваем параметр $conf{AUTH_EXPR}='';
$conf{AUTH_EXPR}='NAS-Port-Id:vlanid=(\d+)\W+vlanid2=(\d+):VLAN_DEC,SERVER_VLAN_DEC';
Тестирование
auth.qinq
User-Name = "14eb.b615.1099"
User-Password = "eesha0Esjoogh4An"
NAS-Port = 135314357
NAS-IP-Address = 192.168.11.135
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "14:eb:b6:15:10:99"
NAS-Identifier = "SOHO-BRASS"
NAS-Port-Type = Ethernet
NAS-Port-Id = "slot=8;subslot=1;port=11;vlanid=2997;vlanid2=2502;"
Acct-Session-Id = "SOHO-BR08111250202997c905a1004ee7"
Connect-Info = "1000000000"
Huawei-Startup-Stamp = 1640050527
Huawei-IPHost-Addr = "255.255.255.255 14:eb:b6:15:10:99"
Huawei-Connect-ID = 20199
Huawei-Version = "Huawei ME60"
Huawei-Product-ID = "ME60"
Huawei-Domain-Name = "abills_main"
Huawei-User-Mac = "14:eb:b6:15:10:99"
Cleartext-Password = "eesha0Esjoogh4An"
Тестирование подключения
test auth
cd /usr/abills/libexec/ ./radtest.sh auth -rad -rad_file auth.qinq
Ответ
Received Access-Accept Id 13 from 127.0.0.1:1812 to 127.0.0.1:44796 length 164
Service-Type = Framed-User
Huawei-Account-Info = "NTP_1187_0_167"
Huawei-Account-Info = "ATP_1187_0_167"
Framed-IP-Netmask = 255.255.252.0
Huawei-AVpair = "subscriber:accounting-list=ISG-AUTH-1"
Framed-IP-Address = 192.168.1.21
Huawei-Service-Info = "ATP_1187_0_167"
User-Name = "3432809"
Acct-Interim-Interval = 600
Активация сервиса.
При активации генерируется автоматически профиль.
Huawei-Account-Info = "NTP_1187_0_167"
Описание параметров:
NTP | Индентификатор ТП |
1187 | TP_ID тарифного плана |
| 0 | ID класса трафика |
167 | ID интервала времени |
После получения названия профиля и если его нет ещу в кеше, BRAS отправляет запрос параметров профиля на RADIUS серовер
Информация по сервису
test auth
cd /usr/abills/libexec/ ./radtest.sh auth -rad -u TP_1187_0_167 -nas 192.168.11.135
Ответ
Received Access-Accept Id 13 from 127.0.0.1:1812 to 127.0.0.1:44796 length 164
Service-Type = Framed-User
Huawei-Account-Info = "NTP_1187_0_167"
Huawei-Account-Info = "ATP_1187_0_167"
Framed-IP-Netmask = 255.255.252.0
Huawei-AVpair = "subscriber:accounting-list=ISG-AUTH-1"
Framed-IP-Address = 192.168.1.21
Huawei-Service-Info = "ATP_1187_0_167"
User-Name = "3432809"
Acct-Interim-Interval = 600
Неизвестный абонент
test auth
cd /usr/abills/libexec/ ./radtest.sh auth -rad -u sp_l4_redirect -nas 192.168.11.135
Ответ
Received Access-Accept Id 40 from 127.0.0.1:1812 to 127.0.0.1:36054 length 241
Huawei-Output-Average-Rate = 256000
Huawei-Input-Average-Rate = 256000
Huawei-AVpair = "service:service-group=sg-l4-redirect priority 5"
Huawei-AVpair = "service:authentication-scheme=none"
Huawei-AVpair = "service:accounting-scheme=customers_acct_ipoe1"
Huawei-AVpair = "service:radius-server-group=rad_ipoe_1"
Дополнительные параметры
| $conf{HUAWEI_ME60_ACCOUNTING_GROUP}='customers_acct_ipoe1'; | Название аккаунтинг профайла в RADIUS параметре Huawei-AVpair += "service:accounting-scheme=customers_acct_ipoe1" |
| $conf{HUAWEI_ME60_RADIUS_GROUP}='rad_ipoe_1'; | Huawei-AVpair += "service:radius-server-group=rad_ipoe_1" |
| $conf{HUAWEI_ME60_SERVICES}='local_net;local_net_2'; | Дополнительные сервисы |