commit | 96f79c9668824f7e5db374cfc008469cdc1d9c79 | [log] [tgz] |
---|---|---|
author | David K. Bainbridge <dbainbri@ciena.com> | Thu Aug 10 09:11:48 2017 -0700 |
committer | David K. Bainbridge <dbainbri@ciena.com> | Thu Aug 10 10:34:06 2017 -0700 |
tree | 44d317a45c774886fc9a4b58afb12b3d633f747a | |
parent | c9ac1e5d6c1a146a1af366471980214ccb2bc8bd [diff] |
VOL-373 support 3 tuple and multiple version numbers for ONOS apps Change-Id: I32af39df8a0efbe31fe974906b33e0230db0e0bf
The ONOS AAA application behaves as a NAS Server and does RADIUS authentication of the ports. It maintains state machines for each of the ports from which it receives EAP Start messages to maintain the current status of the authentication procedure.
"org.opencord.aaa" : { "AAA" : { "nasIp": "192.168.1.251", "nasMac" : "00:1b:22:34:55:78", "radiusSecret": "testing123", "radiusIp": "192.168.1.254", "radiusServerPort" : "1812", "radiusMac" : "00:1e:67:d2:ee:f7", "vlanId" : "4000", "useSocket" : "false", "radiusServerConnectPoints": [ "of:00000000000000b2/2" ], "packetCustomizer" : "sample" }
IP Address of the NAS which is requesting authentication of the user
MAC Address of the NAS which is requesting authentication of the user (Used only when useSocket is false)
Shared secret
IP Address of the RADIUS Server
UDP Port Number on which RADIUS Server is listening
MAC address of the RADIUS server or next hop router (Used only when useSocket is false)
VLAN on which the RADIUS Server is available (Used only when useSocket is false)
There are two options for communication with the Radius Server
When useSocket is false, the RADIUS packets sent out would carry the IP and MAC address of the device from which the EAP packets were received. That device should be available in the SubscriberAndDeviceInformationService (Sadis)
. AAA application fetches data from Sadis based on the serial number of the device.
Connect point of SDN switch through which the RADIUS Server is reachable (Used only when useSocket is false)
The values of RADIUS attributes expected by the RADIUS Server might be different in different scenarios or in case of different Operators.
As of today AAA App provides two different customizers "default" : When you set the value as this, no customization is done to the RADIUS packets "sample" : This is a sample customization wherein specific RADIUS attributes and filled with values from Sadis
Service. The src MAC and src IP of the RADIUS messages are set according to the OLT device (from which the EAP Start message is received) configured in Sadis
More customizers might be added to AAA App later which can fill Subscriber specific atrributes into the RADIUS attributes/messages by querying data from Sadis
. The key to get data from Sadis is the PortName of the Port from which EAP messages are received.