summaryrefslogtreecommitdiff
path: root/doc/guides/radius_features.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/guides/radius_features.rst')
-rw-r--r--doc/guides/radius_features.rst38
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/guides/radius_features.rst b/doc/guides/radius_features.rst
new file mode 100644
index 0000000..1f602d9
--- /dev/null
+++ b/doc/guides/radius_features.rst
@@ -0,0 +1,38 @@
+RADIUS and DM/CoA features
+==========================
+
+Since from commit version 385c403 accel-ppp support VRF (Virtual Routing and Forwarding).
+
+Usually, this feature is useful to isolate clients e.g. put client interface to some context with different routing and firewall rules.
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA.
+
+Accel-ppp uses own RADIUS vendor dictionary https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel and RADIUS attribute ``Accel-VRF-Name``
+
+All VRFs should be manually created in advance:
+
+.. code-block:: sh
+
+ ip link add VRF_NAME type vrf table RT_TABLE_ID
+ ip link set dev VRF_NAME up
+
+Linux VRF documentation https://www.kernel.org/doc/Documentation/networking/vrf.txt
+
+If ``Accel-VRF-Name`` is used in Access-Accept message, but VRF was not created then the session will not be established.
+
+Set VRF via CoA
+---------------
+
+Put user interface to some VRF context
+
+.. code-block:: sh
+
+ echo 'User-Name=bob, Accel-VRF-Name="red"' | radclient -x 127.0.0.1:3799 coa testing123
+
+Delete user interface from VRF context
+
+.. code-block:: sh
+
+ echo 'User-Name=bob, Accel-VRF-Name="0"' | radclient -x 127.0.0.1:3799 coa testing123
+
+If ``Accel-VRF-Name`` is used in CoA message and VRF does not exist then CoA-NAK will be sent.
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 06:38:31 +0000