This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
dexter gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/2016 osmo-sgsn: improve auth-policy explaination The explaination of the access policy is a bit unclear. Users that come from osmo-nitb might have trouble to grasp the functionality of the access control list based approack correctly. Change-Id: Iaae3035c4de3cb082f097441eff99289ee6dfc53 --- M OsmoSGSN/chapters/configuration.adoc 1 file changed, 24 insertions(+), 13 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-gsm-manuals refs/changes/16/2016/1 diff --git a/OsmoSGSN/chapters/configuration.adoc b/OsmoSGSN/chapters/configuration.adoc index a933d1b..97f1291 100644 --- a/OsmoSGSN/chapters/configuration.adoc +++ b/OsmoSGSN/chapters/configuration.adoc @@ -70,24 +70,35 @@ [[auth-pol]] === Authorization Policy -Authorization determines whether a particular subscriber can access -your network or not. +The authorization policy controls by which rules a subscriber is accepted or +rejected. The possible options range from accepting just all subscribers without +further checking, to a fine grained access-control, handled by an external HLR. -The following 4 authorization policy options are available: +accept-all:: All subscribers that attempt to attach to the GPRS network are +accepted without further checking. This option is intended to be used for +testing in a controlled environment only. A wide-open network may attract +subscribers from foreign networks and disrupt their service. It is highly +recommended to pick one of the options below. -`accept-all`: All IMSIs will be accepted. +remote:: This option allows to connect OsmoSGSN to an external HLR via the +GSUP protocol. This will be the preferred option in larger networks. -`acl-only`: Accept only IMSIs, which are explicitly white-listed -by the Access Control List (ACL), and the rest will be rejected. +acl-only:: If no external HLR is available, the network operator has the +option to control the access using an access control list. The access control +list contains the IMSI numbers of the allowed subscribers. This method offers +fine grained access control and is ideal for small networks and lab test +environments. -`closed`: Accept only home network subscribers. -The combination of MCC and MNC fully identifies a subscriber's -home network, also known as a Home Network Identity (HNI, i.e. -MCC and MNC found at the start of the IMSI, e.g. MCC 901 and -MNC 700 with IMSI 901700000003080). The ACL is also heeded. +closed:: This policy mode softens the strict *acl-only* only mode by also +implicitly accepting home network subscribers. The decision is made by the MCC +and MNC part of the IMSI number. The combination of MCC and MNC fully identifies +a subscribers home network, also known as a Home Network Identity (HNI, i.e. +MCC and MNC found at the start of the IMSI, e.g. MCC 901 and MNC 700 with +IMSI 901700000003080). -`remote`: GSUP protocol is used to remotely access a HLR. -Only remote subscription data will be used. +NOTE: The policy mode *closed* must not be confused with the equally named +policy that is defined for osmo-nitb! + .Example: Assign or change authorization policy: ---- -- To view, visit https://gerrit.osmocom.org/2016 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iaae3035c4de3cb082f097441eff99289ee6dfc53 Gerrit-PatchSet: 1 Gerrit-Project: osmo-gsm-manuals Gerrit-Branch: master Gerrit-Owner: dexter <pmaier at sysmocom.de>