diff options
author | ikostov <ikostov@sysmocom.de> | 2017-01-06 14:34:45 +0100 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2018-11-27 18:10:00 +0100 |
commit | aa6629f8a05771329f818c5f5d89ec74fff8c06b (patch) | |
tree | 0aaa255752b3e3b3fd421604ad1f9edd5bb521e3 | |
parent | 8343572e2d284ba53e2064f80c8c9db022e6db5f (diff) |
SGSN: add Auth. policy, NS Statistics and BSSGP state examples, tweaks
Add semicoli in fig-gprs-pcubts digraph.
Remove section from GMM Implementation about non-existence of HLR.
The SGSN can access osmo-hlr via GSUP (and will have to do so in the
libvlr future).
Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
-rw-r--r-- | doc/manuals/chapters/configuration.adoc | 37 | ||||
-rw-r--r-- | doc/manuals/chapters/overview.adoc | 28 |
2 files changed, 47 insertions, 18 deletions
diff --git a/doc/manuals/chapters/configuration.adoc b/doc/manuals/chapters/configuration.adoc index 8b259ed0d..a933d1bb2 100644 --- a/doc/manuals/chapters/configuration.adoc +++ b/doc/manuals/chapters/configuration.adoc @@ -67,6 +67,43 @@ OsmoSGSN(config-sgsn)# grx-dns-add 1.2.3.4 <3> <2> Enable the dynamic GGSN resolving mode <3> Specify the IP address of a DNS server for APN resolution +[[auth-pol]] +=== Authorization Policy + +Authorization determines whether a particular subscriber can access +your network or not. + +The following 4 authorization policy options are available: + +`accept-all`: All IMSIs will be accepted. + +`acl-only`: Accept only IMSIs, which are explicitly white-listed +by the Access Control List (ACL), and the rest will be rejected. + +`closed`: Accept only home network subscribers. +The combination of MCC and MNC fully identifies a subscriber's +home network, also known as a Home Network Identity (HNI, i.e. +MCC and MNC found at the start of the IMSI, e.g. MCC 901 and +MNC 700 with IMSI 901700000003080). The ACL is also heeded. + +`remote`: GSUP protocol is used to remotely access a HLR. +Only remote subscription data will be used. + +.Example: Assign or change authorization policy: +---- +OsmoSGSN> enable +OsmoSGSN# configure terminal +OsmoSGSN(config)# sgsn +OsmoSGSN(config-sgsn)# auth-policy acl-only <1> +OsmoSGSN(config-sgsn)# write <2> +Configuration saved to sgsn.cfg +OsmoSGSN(config-sgsn)# end +OsmoSGSN# disable +OsmoSGSN> +---- +<1> 'acl-only' is selected as authorization policy +<2> Saves current changes to cofiguration to make this policy +persistent === Subscriber Configuration diff --git a/doc/manuals/chapters/overview.adoc b/doc/manuals/chapters/overview.adoc index 566124a3a..2ff92faab 100644 --- a/doc/manuals/chapters/overview.adoc +++ b/doc/manuals/chapters/overview.adoc @@ -23,16 +23,16 @@ OsmoNITB/OsmoBSC/OsmoBTS, the PCU is co-located within the BTS. [graphviz] ---- digraph G { - rankdir=LR; - MS0 [label="MS"] - MS1 [label="MS"] - MS0->BTS [label="Um"] - MS1->BTS [label="Um"] - BTS->BSC [label="Abis"] - BSC->MSC [label="A"] - BTS->PCU [label="pcu_sock"] - PCU->SGSN [label="Gb"] - SGSN->GGSN [label="GTP"] + rankdir=LR; + MS0 [label="MS"]; + MS1 [label="MS"]; + MS0->BTS [label="Um"]; + MS1->BTS [label="Um"]; + BTS->BSC [label="Abis"]; + BSC->MSC [label="A"]; + BTS->PCU [label="pcu_sock"]; + PCU->SGSN [label="Gb"]; + SGSN->GGSN [label="GTP"]; } ---- @@ -68,14 +68,6 @@ The GPRS Mobility Management implementation is quite simplistic at this point. It supports the GPRS ATTACH and GPRS ROUTING AREA UPDATE procedures, as well as GPRS ATTACH and GPRS DETACH. -However, as the SGSN currently does not implement any type of HLR -access, it is not able to authenticate a subscriber or even check if the -subscriber exists at all. As such, all non-roaming subscribes are -allowed to attach to OsmoSGSN. Non-roaming means that the first 5 -digits of the IMSI must match the MCC and MNC of the cell that the -subscriber is registering to. - - ==== LLC Implementation The LLC (Logical Link Control) implementation of OsmoSGSN only supports |