SGSN: add Auth. policy, NS Statistics and BSSGP state examples, tweaks
Add semicoli in fig-gprs-pcubts digraph.
Remove section from GMM Implementation about non-existence of HLR.
The SGSN can access osmo-hlr via GSUP (and will have to do so in the
libvlr future).
Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
diff --git a/doc/manuals/chapters/configuration.adoc b/doc/manuals/chapters/configuration.adoc
index 8b259ed..a933d1b 100644
--- a/doc/manuals/chapters/configuration.adoc
+++ b/doc/manuals/chapters/configuration.adoc
@@ -67,6 +67,43 @@
<2> Enable the dynamic GGSN resolving mode
<3> Specify the IP address of a DNS server for APN resolution
+[[auth-pol]]
+=== Authorization Policy
+
+Authorization determines whether a particular subscriber can access
+your network or not.
+
+The following 4 authorization policy options are available:
+
+`accept-all`: All IMSIs will be accepted.
+
+`acl-only`: Accept only IMSIs, which are explicitly white-listed
+by the Access Control List (ACL), and the rest will be rejected.
+
+`closed`: Accept only home network subscribers.
+The combination of MCC and MNC fully identifies a subscriber's
+home network, also known as a Home Network Identity (HNI, i.e.
+MCC and MNC found at the start of the IMSI, e.g. MCC 901 and
+MNC 700 with IMSI 901700000003080). The ACL is also heeded.
+
+`remote`: GSUP protocol is used to remotely access a HLR.
+Only remote subscription data will be used.
+
+.Example: Assign or change authorization policy:
+----
+OsmoSGSN> enable
+OsmoSGSN# configure terminal
+OsmoSGSN(config)# sgsn
+OsmoSGSN(config-sgsn)# auth-policy acl-only <1>
+OsmoSGSN(config-sgsn)# write <2>
+Configuration saved to sgsn.cfg
+OsmoSGSN(config-sgsn)# end
+OsmoSGSN# disable
+OsmoSGSN>
+----
+<1> 'acl-only' is selected as authorization policy
+<2> Saves current changes to cofiguration to make this policy
+persistent
=== Subscriber Configuration
diff --git a/doc/manuals/chapters/overview.adoc b/doc/manuals/chapters/overview.adoc
index 566124a..2ff92fa 100644
--- a/doc/manuals/chapters/overview.adoc
+++ b/doc/manuals/chapters/overview.adoc
@@ -23,16 +23,16 @@
[graphviz]
----
digraph G {
- rankdir=LR;
- MS0 [label="MS"]
- MS1 [label="MS"]
- MS0->BTS [label="Um"]
- MS1->BTS [label="Um"]
- BTS->BSC [label="Abis"]
- BSC->MSC [label="A"]
- BTS->PCU [label="pcu_sock"]
- PCU->SGSN [label="Gb"]
- SGSN->GGSN [label="GTP"]
+ rankdir=LR;
+ MS0 [label="MS"];
+ MS1 [label="MS"];
+ MS0->BTS [label="Um"];
+ MS1->BTS [label="Um"];
+ BTS->BSC [label="Abis"];
+ BSC->MSC [label="A"];
+ BTS->PCU [label="pcu_sock"];
+ PCU->SGSN [label="Gb"];
+ SGSN->GGSN [label="GTP"];
}
----
@@ -68,14 +68,6 @@
point. It supports the GPRS ATTACH and GPRS ROUTING AREA UPDATE
procedures, as well as GPRS ATTACH and GPRS DETACH.
-However, as the SGSN currently does not implement any type of HLR
-access, it is not able to authenticate a subscriber or even check if the
-subscriber exists at all. As such, all non-roaming subscribes are
-allowed to attach to OsmoSGSN. Non-roaming means that the first 5
-digits of the IMSI must match the MCC and MNC of the cell that the
-subscriber is registering to.
-
-
==== LLC Implementation
The LLC (Logical Link Control) implementation of OsmoSGSN only supports