SRC 3.0.x Subscribers and Subscriptions Guide

SRC 3.0.x Subscribers and Subscriptions Guide

CD-ROM Home

Report an Error

Collapse TOC

List of Figures
List of Tables

Index

Entire manual as PDF

About This Guide

SRC Guides and Release Notes

Audience

Documentation Conventions

Related Juniper Networks Documentation

Obtaining Documentation

Documentation Feedback

Requesting Technical Support

Overview of Subscribers and Subscriptions on a C-series Controller

Overview of Subscribers

Overview of Subscriptions

Enterprise Subscriber and Subscription Hierarchy

Enterprise Subscription Hierarchy

Overview of Managers

Read Privileges
Management Privileges
Managers That Control All Retailers

Subscriber Logins and Service Activation

Login Events and Processes for the SRC Software

Overview of Login Events and Processes
Login Events
Summary of the Login Process

Residential Subscriber Login and Processes

PPP Subscriber Login and Service Activation

Web Login for PPP Subscribers
PPP Login Interactions
PPP Logout Interactions

DHCP Subscriber Login and Service Activation

Interface Startup
Initial Login
Initial DHCP Login Interactions
DHCP Login to Subscriber Account Interactions
Persistent DHCP Subscriber Login Interactions
DHCP Subscriber Logout Interactions

Static IP Subscribers

Single PC, IP Address Known
Subscriber IP Address Not Known

Enterprise Subscriber Login Process

Interface Startup

Subscriptions and Activations

Subscription Activation Interactions
Subscription Deactivation Interactions

Automatic Activation at Login

Enterprise-Specific Remote Session Activation

Configuring Subscriber–Related Properties on the SAE (SRC CLI)

Configuring the Length of Time MAC Addresses Remain in SAE Cache
Identifying a Profile for Unauthenticated Subscribers
Configuring Interim Accounting for Services and Subscribers
Avoiding Overcharges for Sessions That Time Out
Allowing Multiple Logins from the Same IP Address
Authenticating Registered Username/Password Pairs
Configuring Timers for Session Reactivation

Classifying Interfaces and Subscribers (SRC CLI)

Overview of Classification Scripts

How Classification Scripts Work
Interface Classification Scripts
Subscriber Classification Scripts
DHCP Classification Scripts

Overview of Configuring Classification Scripts

Subscriber Classifiers

DHCP Classifiers

Interface Classifiers

Classification Targets

Target Expressions

Classification Conditions

Glob Matching
Regular Expression Matching

Classifying Interfaces (SRC CLI)

Example: Managing Interfaces for Premium and Basic PPP and DHCP Subscribers

Example: Managing Specific Interfaces

Example: Managing Interfaces by Using the Interface Description

Classifying Subscribers (SRC CLI)

Sending DHCP Options to the JUNOSe Router

Subscriber Classification Targets

Example: Subscriber Classification Scripts for Static IP Subscriber

Example: Subscriber Classification Scripts Using a Subscriber Group

Example: Subscriber Classification Scripts for Enterprise Subscribers

Matching on the Interface Name
Matching on the Interface Alias

Example: Creating Router Interface Subscriber Session

Example: Activating Services for a Group of Subscriber Sessions

Classifying DHCP Subscribers (SRC CLI)

Syntax for DHCP Classification Targets

Selecting DHCP Parameters

DHCP Options Supported on the SAE

Creating DHCP Profiles (SRC CLI)

Overview of Plug-Ins Included with the SAE

How Internal Plug-Ins Work

Plug-In Pool
Event Publishers

Types of Internal Plug-Ins

Authorization Plug-Ins
Tracking Plug-Ins
Customizing RADIUS Packets with Plug-Ins

Assigning DHCP Addresses to Subscribers

Creating and Tracking Subscriber Sessions

Activating and Tracking Service Sessions

Configuring Internal, External, and Synchronization Plug-Ins (SRC CLI)

Configuring Internal Plug-Ins
Configuring the SAE for External Plug-Ins
Configuring the State Synchronization Plug-In Interface

Configuring Accounting and Authentication Plug-Ins (SRC CLI)

Creating RADIUS Peers

Types of Tracking Plug-Ins

Configuring Tracking Plug-Ins

Configuring Flat File Accounting Plug-Ins
Configuring Headers for Flat File Accounting Plug-Ins
Configuring Basic RADIUS Accounting Plug-Ins
Configuring Flexible RADIUS Accounting Plug-Ins
Configuring Custom RADIUS Accounting-Plug-Ins

Types of Authentication Plug-Ins

Configuring Authentication Plug-Ins

Limiting Subscribers on Router Interfaces
Configuring Basic RADIUS Authentication Plug-Ins
Configuring Flexible RADIUS Authentication Plug-Ins
Configuring Custom RADIUS Authentication Plug-Ins
Configuring LDAP Authentication Plug-Ins

Configuring UDP Ports for RADIUS Plug-Ins

Defining RADIUS Packets for Flexible RADIUS Plug-Ins

Overview of Flexible RADIUS Plug-Ins

Using Default RADIUS Templates
Naming RADIUS Attribute Instances
Defining RADIUS Attributes
Standard RADIUS Attributes
Juniper Networks VSAs

Defining the Values of RADIUS Attributes

Configuring a RADIUS Packet Template

Using Flexible RADIUS Packet Definitions

Setting Values in Authentication Response Packets
Selecting IP Address Pools Using DHCP Response Packets

Configuring Event Publishers

Special Types of Event Publishers

Configuring Service-Specific Event Publishers
Configuring Retailer-Specific Event Publishers
Configuring Virtual Router–Specific Event Publishers

Configuring Global and Default Retailer Event Publishers

Configuring Subscribers and Subscriptions (SRC CLI)

Overview of Configuring Subscribers and Subscriptions

Specifying the Activation Order for Subscriptions
Inheritance of Properties and Subscriptions

Enabling the Subscriber and Subscription Configuration on the SRC CLI

Adding Subscribers (SRC CLI)

Adding Retailers (SRC CLI)

Configuring Administrative Information for Retailers (SRC CLI)

Adding Subscriber Folders (SRC CLI)

Adding Residential Subscribers (SRC CLI)

Configuring Administrative Information for Residential Subscribers (SRC CLI)

Adding Enterprises (SRC CLI)

Configuring Administrative Information for Enterprise Subscribers (SRC CLI)

Adding Sites (SRC CLI)

Adding Devices as Subscribers (SRC CLI)

Adding Managers (SRC CLI)

Configuring Subscriptions (SRC CLI)

Configuring Accesses (SRC CLI)

Redirecting Subscriber Traffic

Overview of Traffic Redirection

Proxy Request Management
HTTP Proxy and DNS
Protection Against Denial-of-Service Attacks

Redirect Server Redundancy

Configuring Traffic Redirection (SRC CLI)

Configuration Statements for the Redirect Server (SRC CLI)
Before You Configure the Redirect Server on a C-Series Controller
Configuring the Redirect Server (SRC CLI)
Configuring General Properties for the Redirect Server (SRC CLI)
Configuring a Connection Between the Redirect Server and the Directory (SRC CLI)
Defining Traffic to Transmit to the Redirect Server (SRC CLI)
Changing the Number of Requests That the Redirect Server Accepts (SRC CLI)
Specifying Extensions for Files That the Redirect Server Accepts (SRC CLI)
Verifying Configuration for the Redirect Server (SRC CLI)
Enabling the Redirect Server
Configuring the DNS Server for the Redirect Server (SRC CLI)
Configuring the Redirect Server to Support HTTP Proxies (SRC CLI)
Before You Configure Redundancy for a Redirect Server
Configuring a Redundant Redirect Server (SRC CLI)
Configuring Logging for the Redirect Server
Changing the Configuration for the Redirect Server
Assessing Load for Redirect Server (C-Web Interface)

Reviewing and Configuring Policies and Services for Enterprise Manager Portal

Overview of Services for Enterprise Manager Portal

Directory Structure
Priorities for Subscriptions

Before You Configure Services for Enterprise Manager Portal

Configuring Firewall Policies and Services for Enterprise Manager Portal

Types of Firewall Services

Overview of Basic Firewall Services and Policies

Tasks to Configure Firewall Policies and Services

Configuring Basic Firewall Policies

Configuring Basic Firewall Services

Reviewing the fwrule Policy Group for Exceptions to Stateful Firewalls

Reviewing the Firewall Rule Service for Exceptions to Stateful Firewalls

Reviewing Services for Exceptions to Stateless Firewalls

Parameter Values Used by Services for Exceptions to Stateless Firewalls

Planning Services for Custom Firewall Exceptions

Configuring Policies for Custom Firewall Exceptions

Configuring Services for Custom Firewall Exceptions

Configuring Priorities for Stateless or Stateful Firewall Services

Configuring Priorities to Have Enterprise Services Work Together
Configuring Priorities for Individual Scopes by Defining Them in Services
Using Stateless Firewall and BoD Applications Together

Configuring NAT Policies and Services for Enterprise Manager Portal

NAT Policies and Services in the SRC Sample Data
Configuring the dynsrcnat Policy Group
Reviewing the DynSrcNat Service
Configuring the staticdstnat Policy Group
Configuring the StaticDstNat Service
Configuring the staticsrcnat Policy Group
Configuring the StaticSrcNat Service

Configuring Bandwidth Policies and Services for Enterprise Manager Portal

Overview of Bandwidth-on-Demand Services

Parameter Values Used by BoD Services

Bandwidth Policies for Different Routing Platforms

Configuring Basic BoD Policies

Configuring Basic BoD Services

Configuring BoD Policies

Configuring BoD Services

Using BoD Services to Assign Traffic to Bandwidth Categories

Using BoD and Basic BoD Services Together to Supply Class of Service

Examples: Setting Up Forwarding Preferences

Setting Up Forwarding Preferences by Using CoS on JUNOS Routing Platforms
Setting Up Forwarding Preferences by Allocating a Percentage of a Link’s Bandwidth to a Service

Enabling Schedules for Subscriptions for Enterprise Manager Portal

Configuring VPNs for Enterprise Manager Portal

Overview of VPN Management Through Enterprise Manager Portal
Before You Configure VPN Policies and Services
Configuring Policies for BoD Traffic Destined for VPNs
Configuring Services for BoD Traffic Destined for VPNs

Billing Subscribers Through SCU/DCU for JUNOS Routing Platforms

Adding VPNs from JUNOS Routing Platforms (SRC CLI)

Before You Add a JUNOS VPN to the SRC Configuration
Configuring VPNs to Integrate into an SRC Network
Configuration Statements for Adding VPNs and Extranet Clients
Adding VPNs for Retailers and Enterprises
Verifying and Updating Configuration of Extranets for VPNs
Locating and Removing Inactive Subscriptions to a VPN

Overview of Enterprise Service Portals

Function of Enterprise Service Portals

Consistency of Data in the Directory
Privileges of IT Managers
Developing and Customizing Enterprise Service Portals
Identifying the SAE

Enterprise Service Portals Provided with the SRC Software

Sample Enterprise Service Portal
Enterprise Manager Portal
NAT Address Management Portal

Enterprise Service Portal Audit Plug-In

Network Information Collector with Enterprise Service Portals

Service Parameters

Substitutions and the Parameter Acquisition Path

Power of Substitutions
Substituting Values for Policy Parameters

Managing Subscriptions to Aggregate Services

Configuring Your Web Browser to Use an Enterprise Service Portal

Accessing Enterprise Service Portals

Planning Deployment for Enterprise Service Portals

Architecture of Enterprise Service Portals

Elements for an Enterprise Service Portal
Communication Protocols

Deployment Scenario for an Enterprise Service Portal

Deciding Which Enterprise Service Portal to Use

Planning Number of Instances of an Enterprise Service Portal

Planning Namespace Hierarchy for an Enterprise Service Portal

Installing and Configuring Enterprise Service Portals

Before You Install an Enterprise Service Portal
Setting Up Enterprise Service Portals
Preparing the Web Applications for Customization
Configuring Connections to the Directory
Configuring Deployment Settings for Enterprise Manager Portal
Configuring the URL for an Enterprise Service Portal
Writing an Application to Allow a Machine to Provide Public IP Addresses for NAT
Configuring an Enterprise Service Portal Audit Plug-In

Managing Services with Enterprise Manager Portal

Overview of Enterprise Manager Portal

Getting Help on Enterprise Manager Portal

Setting the Configuration Level for Enterprise Manager Portal

Managing Schedules

Schedules in Enterprise Manager Portal

Enabling Scheduling for the Enterprise Manager Portal

Using Schedules in Enterprise Manager Portal

Creating a Schedule in Enterprise Manager Portal
Applying a Schedule to a Service in Enterprise Manager Portal

Disabling a Schedule for a Service in Enterprise Manager Portal

Changing Schedules in Enterprise Manager Portal

Managing Subscriptions to Bandwidth-on-Demand Services

Overview of Bandwidth-on-Demand Services

Planning Subscriptions to BoD Services

Creating a Subscription to BoD Services

Setting a Bandwidth Level
Adding Subscriptions to BoD Services

Modifying Rules for a Subscription to a BoD Service

Modifying the Bandwidth Level

Moving the Bandwidth Level

Deleting a Subscription for a BoD Service

Deleting the Bandwidth Level

Monitoring Use of Subscriptions to BoD Services

Integrating VPNs into an SRC Network Through Enterprise Manager Portal

Overview of VPNs in an SRC Network
Modifying Subscriber VPN Configuration
Creating Extranets Through Enterprise Manager Portal
Deleting Extranets Through Enterprise Manager Portal
Sending Traffic to a VPN
Modifying the VPN to Which the Router Sends Traffic
Stopping the Router from Sending Traffic to VPNs

Classifying Traffic for Stateful Firewall Exceptions and NAT Rules

Overview of Traffic Classification for Firewall Exceptions and NAT Rules
Classifying Traffic
Modifying Values for Traffic Classifications
Deleting Traffic Classifications

Subscribing to Firewall Services Through Enterprise Manager Portal

Overview of Firewall Services in Enterprise Manager Portal
Before You Configure Firewall Exception Rules
Creating Subscriptions to Firewall Services
Creating Firewall Exceptions for Stateless Firewalls
Creating Firewall Exceptions for Stateful Firewalls
Adding a Schedule to a Firewall Exception
Modifying Firewall Exceptions
Deleting Firewall Exceptions
Deleting Basic Firewalls
Monitoring the Use of Subscriptions to Firewall Services

Working with IP Addressing and NAT Services

Requesting Public IP Addresses for NAT Services
Canceling Requests for Public IP Addresses
Returning Public IP Addresses to Service Providers
Applying NAT Rules to Traffic
Configuring Public IP Addresses for Outgoing Traffic
Configuring Public IP Addresses for Incoming Traffic
Configuring Fixed Public Addresses for Outgoing Traffic
Modifying NAT Rules
Deleting NAT Rules

Monitoring the Status of Subscriptions

Troubleshooting Subscriptions That Are Not Functioning Correctly

Troubleshooting Subscriptions of Unknown Status

Managing Enterprise Service Portals

Displaying Information About Your Control in the Enterprise Through the Enterprise Service Portal
Updating Data That the Enterprise Service Portal Displays
Managing Operators Through the Enterprise Service Portal
Creating Managers Through the Enterprise Service Portal
Modifying Managers Through the Enterprise Service Portal
Deleting Managers Through the Enterprise Service Portal

Using NAT Address Management Portal

Overview of NAT Address Management Portal
Assigning IP Addresses
Acknowledging the Release of IP Addresses

Using the Sample Enterprise Service Portal

Overview of the Sample Enterprise Service Portal
Starting the Sample Enterprise Service Portal
Subscribing to Services
Activating Subscriptions
Deactivating Subscriptions
Suspending Subscriptions
Canceling Suspensions of Subscriptions
Monitoring Use of Subscriptions
Specifying Values for Service Parameters in Subscriptions
Restoring Default Values for Service Parameters In Subscriptions
Deleting Subscriptions
Monitoring Service Sessions for a Subscription
Defining Networks for Departments in an Enterprise
Modifying Network Definitions for Departments in an Enterprise
Deleting Network Definitions for Departments in an Enterprise

Developing an Enterprise Service Portal

Developing a Portal Based on the Sample Enterprise Service Portal
Preparing to Develop a Sample-Based Enterprise Service Portal
Creating a Portal Project for a Sample-Based Enterprise Service Portal
Building a Sample-Based Enterprise Service Portal
Deploying a Sample-Based Enterprise Service Portal
Testing a Sample-Based Enterprise Service Portal
Using a Virtual Address for the Portal

Index

Index