Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Starting and Stopping a Standalone Steel-Belted Radius Carrier Server

After you have successfully run the configure script, you need to start the Steel-Belted Radius Carrier server. To begin, start the SBR daemon using sbrd (see sbrd). Make sure that you can stop it and check the server status from a terminal command line.

sbrd

You use the sbrd script to start, stop, or restart the RADIUS process (and LDAP process only if SS7 is configured) on standalone Steel-Belted Radius Carrier servers. The LDAP process (slapd) is used to store session information only if SS7 is configured. The sbrd script may be in either of two directories on servers, depending on whether they have been configured to automatically start all procedures or not using the autoboot functionality that is configured when running the configure script. All sbrd commands are executed by root.

Running sbrd on a Standalone Server

Syntax

Executing start, stop, or restart always starts the RADIUS process. Whether the LDAP process starts when you execute start, stop, or restart depends on whether you enable or disable SS7 while running the configure script. If you answer n when prompted “Do you want to configure for use with SS7? [n]:”, SS7 is disabled and the LDAP process is not started when you execute start, stop, or restart. In this case, the available sbrd usage is:

           sbrd  status
           sbrd  start     [force]
           sbrd  stop      [force]
           sbrd  restart   [force]
           sbrd  clean     [force]
           sbrd  hup
           sbrd  status -v [-p <LCI password>]

However, if you answer y when prompted “Do you want to configure for use with SS7? [n]:”, SS7 is enabled and the LDAP process is started when you execute start, stop, or restart. In this case, the available sbrd usage is:

           sbrd  status    [radius|ss7ldapdb]
           sbrd  start     [radius|ss7ldapdb] [force]
           sbrd  stop      [radius|ss7ldapdb] [force]
           sbrd  restart   [radius|ss7ldapdb] [force]
           sbrd  clean     [radius|ss7ldapdb] [force]
           sbrd  hup       [radius|ss7ldapdb|authGateway [process-name]]
           sbrd  status    [radius|ss7ldapdb] -v [-p <LCI password>]

If SS7 is enabled, the start, stop, and restart arguments start, stop, and stop and restart both the RADIUS and LDAP (slapd) processes on the local Steel-Belted Radius Carrier server. For example, invoking sbrd start starts both the RADIUS and LDAP (slapd) processes on the local SBRC server. You can also use these arguments with either the radius or ss7ldapdb option to individually start, stop, and stop and restart the RADIUS and LDAP (slapd) processes on the local SBRC server. For example sbrd start radius starts just the RADIUS process on the local server.

Options

  • The clean argument removes lock files that prevent reinitializing the database more than once. You should use this argument only if things go wrong during the initial installation and configuration.
  • The hup option operates as the kill -HUP command does on SBR Carrier nodes, but does not require the process ID. Executing sbrd hup authGateway issues the SIGHUP (1) signal to all the authGateway processes running on SBR Carrier. To issue the SIGHUP (1) signal only to the specific authGateway process, you must execute the hup option with the authGateway process name, for example: sbrd hup authGateway GMT.
  • The force argument makes sbrd attempt to disregard or overcome any errors that occur when processing the command. Normal behavior without the argument is to halt on errors. For example, sbrd start does not attempt to start software that is already running, but sbrd start force ignores a running process. This may produce unintended results, so use force with great care.
  • The -v option displays additional information about the RADIUS process along with basic information such as the SBR package version, SBR process status, and SBR process ID. If you have changed the default Lightweight Directory Access Protocol (LDAP) Configuration Interface (LCI) password, you should use the -p option to specify the password. For more information about the RADIUS status information, see Displaying RADIUS Status Information.

Starting the RADIUS Server

To start the RADIUS and LDAP processes manually, execute as root:

cd radiusdir
./sbrd start

If you change configuration settings for your Steel-Belted Radius Carrier server, you may need to restart Steel-Belted Radius Carrier to make the changes effective. As an alternative to issuing a sbrd stop command immediately followed by a sbrd start command, you can use the sbrd restart command to restart Steel-Belted Radius Carrier. When you issue the sbrd restart command, Steel-Belted Radius Carrier shuts down and then immediately restarts the RADIUS processes.

cd radiusdir
./sbrd restart

Stopping the RADIUS Server

Use the following commands to stop the RADIUS server:

cd radiusdir
./sbrd stop

When you execute the sbrd stop command, Steel-Belted Radius Carrier allows its subsystems to complete outstanding work and release resources, and then stops the RADIUS processes gracefully.

If Steel-Belted Radius Carrier fails to stop after you issue the sbrd stop command, you can use the optional force argument to terminate all subsystems immediately.

cd radiusdir
./sbrd stop force

Displaying RADIUS Status Information

You can use the following command to display basic information (such as SBR package version, SBR process status, and SBR process ID) about the RADIUS process:

cd radiusdir
./sbrd status

The system responds with:

---------------------------------------------------------------------------
---------------------------------------------------------------------------
SBR-64 8.40-R1.0
on SunOS 5.10 Generic_141444-09 node uranus.carrier.spgma.juniper.net
---------------------------------------------------------------------------
172.28.84.73.1646 Idle
172.28.84.73.1813 Idle
172.28.84.73.1645 Idle
172.28.84.73.1812 Idle
*.1813 *.* 0 0 49152 0 LISTEN
*.1812 *.* 0 0 49152 0 LISTEN

root  6628 ./slapd -h ldap://127.0.0.1:389 -f /opt/JNPRsbr/radius/openldap/slapd.conf
root  4449 radius sbr.xml
root  1189 webserver

You can use the sbrd status command with the -v option to display the following additional information about the RADIUS process along with the preceding information:

  • Loaded Plug-in Information—Displays the name, version, and status of the loaded authentication and accounting plug-ins. The InitializationString value of the plug-in is displayed as the name of the plug-in.
  • License Status—Displays the license key, feature name, and license status with expiry date.
  • IP Pool Information—Displays the pool name, IP range of the pool, total number of addresses in the pool, and total number of available addresses in the pool.

    Note: This information is displayed only for the SBR standalone version.

  • IP Ranges and IP Caches—For IP ranges, displays the pool name, start address of the pool, end address of the pool, and total number of addresses in the pool. For IP caches, displays the pool name, total number of addresses in the pool, and percentage of the addresses in the pool that are cached.

    Note: This information is displayed only for the SBR cluster version.

  • Statistics Information—Displays statistical information about SBR such as current sessions count, SBR uptime (in seconds), current rate details, and average transaction rate since the SBR server started. The transaction rate is calculated using the following formula:
    Transaction Rate = Total Transaction Count / SBR Running Time
    where:
    Total Transaction Count = Total Authentication Transactions + Total Accounting Transactions

    Note: The current rates are updated at a time interval of one second.

  • Radius Ports Information—Displays protocols, port types, and port numbers on which the SBR Carrier server is listening.
  • Proxy Configuration Information—Displays proxy names and their IP addresses.
  • CST Store Information—Displays the active session store and the time when the last session persistence switchover occurred.
  • authGateway Process Information—Displays all the active authGateway process information.

Note: To display this additional information, you need to enable the Lightweight Directory Access Protocol (LDAP) Configuration Interface (LCI) in the radius.ini file. If you have changed the default LCI password (which we strongly recommend), you should use the -p option to specify the password, that is ./sbrd status -v -p [LCI password].

To display additional information about the RADIUS process along with the basic information, execute the following command:

cd radiusdir
./sbrd status -v

The system responds with:

---------------------------------------------------------------------------
---------------------------------------------------------------------------
SBR-64 8.40-R1.0
on SunOS 5.10 Generic_141444-09 node xyz.juniper.net
---------------------------------------------------------------------------
172.28.84.73.1646 Idle
172.28.84.73.1813 Idle
172.28.84.73.1645 Idle
172.28.84.73.1812 Idle
*.1813 *.* 0 0 49152 0 LISTEN
*.1812 *.* 0 0 49152 0 LISTEN

root  6628 ./slapd -h ldap://127.0.0.1:389 -f /opt/JNPRsbr/radius/openldap/slapd.conf
root  4449 radius sbr.xml
root  58284 GWrelay-64
root  1189 webserver
root  21316 /opt/JNPRsbr/radius/authGateway -name GMT -conf /opt/JNPRsbr/radius/conf/authGateway.conf -start
root  21317 /opt/JNPRsbr/radius/authGateway -name GMT1 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -start
root  21318 /opt/JNPRsbr/radius/authGateway -name GMT2 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -start
Radius Ports Information :
+-----------------+-----------------+-----------------+
|        Protocol |     Port Number |       Port Type |
+-----------------+-----------------+-----------------+
|             TCP |            1812 |           Admin |
|             TCP |           64277 |          Others |
|             TCP |           64278 |          Others |
|             TCP |            5235 |          Others |
|             TCP |           64281 |          Others |
|             TCP |           64229 |          Others |
|             UDP |           28000 |           Proxy |
|             UDP |           28001 |           Proxy |
|             UDP |           28002 |           Proxy |
|             UDP |           28003 |           Proxy |
|             UDP |           28004 |           Proxy |
|             UDP |           28005 |           Proxy |
|             UDP |           28006 |           Proxy |
|             UDP |           28007 |           Proxy |
|             TCP |            1813 |           Admin |
|             TCP |            1814 |          Others |
|             UDP |            1646 |          Radius |
|             UDP |            1813 |          Radius |
|             UDP |            1645 |          Radius |
|             UDP |            1812 |          Radius |
+-----------------+-----------------+-----------------+

IP Pools Information :
+-----------------+----------------------+------------+------------+
|       Pool Name |     Ip Address Range |      Total |  Available |
+---------- ------+----------------------+------------+------------+
|           POOL1 |        10.10.10.1:20 |         20 |         20 |
|           POOL2 |        20.20.20.1:20 |         20 |         20 |
+-----------------+----------------------+------------+------------+

Statistics Information :

Current Sessions Count                   = 94831
Transaction Rate                         = 62 TPS (Since Server Start)
SBR Uptime                               = Up Since  2013/06/19 06:39:19  [ 1 Hrs : 59 Mins : 56 Secs ]
auth-request-current-rate                = 965
auth-accept-current-rate                 = 926
auth-reject-current-rate                 = 914
acct-start-current-rate                  = 0
acct-interim-current-rate                = 0
acct-stop-current-rate                   = 0
proxy-auth-request-current-rate          = 0
proxy-acct-request-current-rate          = 0
proxy-fail-timeout-current-rate          = 0
proxy-fail-badresp-current-rate          = 0
proxy-fail-badsecret-current-rate        = 0
proxy-fail-missingresr-current-rate      = 0
proxy-retries-current-rate               = 0
proxy-auth-rej-proxy-current-rate        = 653
proxy-acct-fail-proxy-current-rate       = 685
proxy-auth-rej-proxy-error-current-rate  = 0
proxy-transaction-current-rate           = 0

Proxy Configurations :

+--------------------------------+-----------------+
|                     Proxy Name |      Ip Address |
+--------------------------------+-----------------+
|                            KIX |     10.13.20.62 |
|                           TRIX |     10.13.20.60 |
+--------------------------------+-----------------+

Loaded Plugins Information :

+------------------------------+--------------------+---------------+
|                  Plugin Name |     Plugin Version |         Status|
+------------------------------+--------------------+---------------+
|                          LDAP|        v7.5.0.A-0.0|        Success|
|                    SQL-ORACLE|        v7.6.0.B-0.0|        Success|
|                       SIMAUTH|        v7.6.0.B-0.0|        Success|
|                       EAP-TLS|        v7.6.0.B-0.0|        Success|
|                      EAP-TTLS|        v7.6.0.B-0.0|        Success|
|                       CDRACCT|                   -|         Failed|
|               SQL-ORACLE-ACCT|        v7.6.0.B-0.0|        Success|
|                 SQL-JDBC-ACCT|        v7.6.0.B-0.0|        Success|
|                  ldapaccessor|        v7.6.0.B-0.0|        Success|
|                   sqlaccessor|        v0.0.0.B-0.0|        Success|
+------------------------------+--------------------+---------------+

CST Store Information :
Active Store : NDB
Last swapped @ Mon Sep 22 18:46:12 2014

License Information :

+--------------------------+---------------------------+-------------------------+-------------+
|               License Key|               Feature Name|                  Status | Expiry Date |
+--------------------------+---------------------------+-------------------------+-------------+

| xxxxxxxxxxxxxxxxxxxxxxxxx|SIM Authentication feature |                   Valid |  12/31/2015 |
| xxxxxxxxxxxxxxxxxxxxxxxxx|               Run license |   Maint_Upgrade - Valid |           - |
| xxxxxxxxxxxxxxxxxxxxxxxxx|SIM Authentication feature |   Trial License - Valid |  12/31/2024 |
| xxxxxxxxxxxxxxxxxxxxxxxxx|SMS Authentication feature | Trial License - Expired |   1/31/2011 |
| xxxxxxxxxxxxxxxxxxxxxxxxx|    WiMAX Mobility feature | Trial License - Expired |  10/31/2010 |
+--------------------------+---------------------------+-------------------------+-------------+

Modified: 2017-10-26