Understanding Service Manager RADIUS Attributes

For the RADIUS login method, the RADIUS VSAs for service activation, threshold configuration, statistics configuration, and interim accounting in Access-Accept messages at subscriber login are used by Service Manager to activate the appropriate service session. For the RADIUS COA method, Service Manager uses the VSAs for service activation and deactivation, threshold configuration, statistics configuration, and interim accounting in COA-Request messages to activate the service session. The accounting-related VSAs are included in RADIUS accounting messages.

Table 3 lists the Service Manager-related attributes and indicates which are tagged VSAs. See Using Tags with RADIUS Attributes for a discussion about using tagged VSAs to group attributes for a service.

Table 3: Service Manager RADIUS Attributes

Attribute Number

Attribute Name

RADIUS Message Type

VSA Description

[1]

User-Name (used with Virtual-Router, Juniper Networks VSA 26-1)

Access-Accept

Uniquely identifies the subscriber session

[8]

Framed-IP-Address (used with Virtual-Router, Juniper Networks VSA 26-1)

Access-Accept

Uniquely identifies the subscriber session

[26-65]

Activate-Service

Access-Accept and COA-Request

Name of the service to be activated; includes parameter values; a tagged VSA

[26-66]

Deactivate-Service

Access-Accept and COA-Request

Name of the service to be deactivated

Note: This VSA is only used by COA.

[26-67]

Service-Volume

Access-Accept and COA-Request

Number of MB of traffic that the service can consume; the service is terminated when output byte count exceeds this value; a tagged VSA

[26-68]

Service-Timeout

Access-Accept and COA-Request

Number of seconds that the service is to remain active; the service is terminated when the time expires; a tagged VSA

[26-69]

Service-Statistics

Access-Accept and COA-Request

Statistics configuration; a tagged VSA:
0 = disable
1 = timestamp only
2 = timestamp and volume

[26-83]

Service-Session

For service sessions only:
Acct-Start
Acct-Stop
Interim-Acct

Name of the service (including parameter values) with which the statistics are associated

[26-140]

Service-Interim-Acct-
Interval

Access-Accept and
COA-Request

Number of seconds between accounting updates for a service; a tagged VSA

[31]

Calling-Station-ID

Access-Accept

Uniquely identifies the subscriber session

[44]

Acct-Session-ID

Acct-Start
Acct-Stop
Interim-Acct

Accounting identifier that makes it easy to match start and stop records in a log file; the format is extended to include a colon-separated value that uniquely identifies the subscriber session

Note: Service Manager statistics collection is a three-part procedure. You must configure statistics information in the service definition macro file, enable statistics collection in the RADIUS record, and also enable statistics collection for the policy referenced in the service macro using the statistics enabled keyword in the command used for policy attachment in the profile.

The Service-Volume and Service-Timeout VSAs rely on the values captured by the Service Manager statistics feature to determine when a threshold is exceeded. Therefore, you must configure and enable statistics collection to use these attributes. Service-Volume For detailed information about Service Manager statistics see Configuring Service Manager Statistics.

Table 4 describes a partial RADIUS Access-Accept packet that activates a service session for subscriber client1@isp1.com. (The figure in Creating Service Definitions shows the service definition macro file that creates the tiered service.) The session enables the subscriber to use the tiered service with an input bandwidth of 1280000 and output bandwidth of 5120000. The subscriber can use the service for 5 hours (18000 seconds), and Service Manager captures both timestamp and volume statistics during the session (service-statistics value of 2). Also, accounting for the service is updated every 600 seconds (10 minutes).

Table 4: Sample RADIUS Access-Accept Packet

RADIUS Attribute

Tag

Value

username

none

client1@isp1.com

class

none

(binary data)

service-activation

6

tiered(1280000, 5120000)

service-timeout

6

18000

service-statistics

6

2

service-interim-acct-interval

6

600

Using Tags with RADIUS Attributes

Service Manager uses tagged RADIUS VSAs to enable a single RADIUS record to activate multiple service sessions for a subscriber, with each session having unique attributes. A particular tag identifies a specific Activate-Service attribute and all other RADIUS attributes that are associated with that Activate-Service attribute.

You can specify a maximum of 8 tags (1–8), which enables you to activate up to eight unique service sessions for a subscriber in a single RADIUS record. The following are tagged VSAs—they must always have a tag in their RADIUS entry:

Table 5 describes an Access-Accept packet that activates the two services, tiered and voice, for subscriber client1@isp1.com. Each service has its own unique tag, enabling you to assign attributes for one service, but not the other. For example, the two services have different timeout settings and different interim accounting intervals, and statistics are enabled only for the tiered service.

Table 5: Using Tags

RADIUS Attribute

Tag

Value

username

none

client1@isp1.com

class

none

(binary data)

service-activation

2

tiered(1280000, 5120000)

service-timeout

2

18000

service-statistics

2

1

service-interim-acct-interval

2

600

service-activation

6

voice(100000)

service-timeout

6

1440

service-interim-acct-interval

6

1200

Related Documentation