TechLibrary

ContentIndex

[+] Expand All

[-] Collapse All

SRC 4.10.x Subscribers and Subscriptions Guide
- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- About the Documentation
- Managing Subscribers and Subscriptions
  - Overview of Subscribers and Subscriptions on a C Series Controller
    - Subscribers Overview
    - Subscriptions Overview
    - Enterprise Subscriber and Subscription Hierarchy
      - Enterprise Subscription Hierarchy
    - Managers Overview
  - Subscriber Logins and Service Activation
    - Login Events and Processes for the SRC Software
    - Residential Subscriber Login and Processes
    - PPP Subscriber Login and Service Activation
    - DHCP Subscriber Login and Service Activation
    - Static IP Subscribers
      - Single PC, IP Address Known
      - Subscriber IP Address Not Known
    - Enterprise Subscriber Login Process
      - Interface Startup
    - Subscriptions and Activations
      - Subscription Activation Interactions
      - Subscription Deactivation Interactions
    - Automatic Activation at Login
      - Enterprise-Specific Remote Session Activation
  - Configuring Subscriber-Related Properties on the SAE (SRC CLI)
  - Classifying Interfaces and Subscribers (SRC CLI)
  - Overview of Plug-Ins Included with the SAE
    - How Internal Plug-Ins Work
      - Plug-In Pool
      - Event Publishers
    - Types of Internal Plug-Ins
    - Assigning DHCP Addresses to Subscribers
    - Creating and Tracking Subscriber Sessions
    - Activating and Tracking Service Sessions
  - Configuring Internal, External, and Synchronization Plug-Ins (SRC CLI)
  - Configuring Accounting and Authentication Plug-Ins (SRC CLI)
    - Creating RADIUS Peers (SRC CLI)
    - Types of Tracking Plug-Ins
      - RADIUS Accounting
    - Configuring Tracking Plug-Ins (SRC CLI)
    - Log Rotation Overview
    - Configuring Log Rotation (SRC CLI)
      - Configuring the FTP Server for Log Rotation (SRC CLI)
      - Configuring the Upload Client for Log Rotation (SRC CLI)
    - Types of Authentication Plug-Ins
    - Configuring Authentication Plug-Ins (SRC CLI)
    - Configuring UDP Ports for RADIUS Plug-Ins (SRC CLI)
    - Defining RADIUS Packets for Flexible RADIUS Plug-Ins
      - Flexible RADIUS Plug-Ins Overview
        Using Default RADIUS Templates
        Naming RADIUS Attribute Instances
        Defining RADIUS Attributes
        Standard RADIUS Attributes
        Juniper Networks VSAs
      - Defining the Values of RADIUS Attributes
      - Configuring a RADIUS Packet Template (SRC CLI)
      - Using Flexible RADIUS Packet Definitions
        Setting Values in Authentication Response Packets
        Selecting IP Address Pools Using DHCP Response Packets
    - Configuring Event Publishers
      - Special Types of Event Publishers
        Configuring Service-Specific Event Publishers
        Configuring Retailer-Specific Event Publishers
        Configuring Virtual Router–Specific Event Publishers
      - Configuring Global and Default Retailer Event Publishers (SRC CLI)
  - Configuring Subscribers and Subscriptions (SRC CLI)
- Redirecting Subscriber Traffic Through Redirect Server
  - Redirecting Subscriber Traffic
    - Traffic Redirection Overview
    - Redirect Server Redundancy
  - Configuring Traffic Redirection (SRC CLI)
- Integrating Junos OS VPNs into an SRC Configuration
  - Adding VPNs from Devices Running Junos OS (SRC CLI)
- Index
  - Index

access lines    1
description    1, 2
accesses
configuring subscriptions
SRC CLI
accounting
basic RADIUS accounting plug-in
custom RADIUS accounting plug-ins
flat file accounting plug-ins
flexible RADIUS accounting plug-ins
anonymous subscriber
attributes
RADIUS accounting
authenticated subscriber
authentication plug-ins
configuring
types
authorization plug-ins
configuring
types

basic RADIUS accounting plug-in    1
configuring
SRC CLI
basic RADIUS authentication plug-in    1
configuring
SRC CLI

captive portal
preventing access to resources
classification scripts
conditions    1
glob matching
joining
regular expression matching
configuring
C-Web interface
descriptions
DHCP classification, C Series Controller
conditions
configuring, SRC CLI
description
targets
interface classification, C Series Controller
conditions
configuring, SRC CLI
description
empty policy    1, 2
examples
how it works
targets
structure
C-Web interface
subscriber classification, C Series Controller
condition
configuring, SRC CLI
description
DHCP options
enterprise subscriber example
how it works
static IP subscriber example
subscriber group example
targets
target, C Series Controller
definition
expressions
types
component interactions
DHCP
initial login
persistent login
subscriber account login
subscriber logout
enterprise subscribers
login
remote session activation
PPP
login
logout
static IP subscribers
subscription activation
subscription deactivation
conventions
notice icons
text
COPS (Common Open Policy Service)
DHCP interactions
initial login
logout
persistent login
subscriber account login
interface startup interactions
PPP interactions
login
logout
static IP subscriber interactions
subscription activation interactions
subscription deactivation interactions
custom RADIUS accounting plug-ins    1
configuring
SRC CLI
custom RADIUS authentication plug-ins    1
configuring
SRC CLI
customer support    1
contacting JTAC

default retailer authentication plug-ins
configuring
SRC CLI
default retailer DHCP authentication plug-ins
configuring
SRC CLI
denial-of-service attacks
DHCP (Dynamic Host Configuration Protocol)
address assignment
classification scripts.     See classification scripts
options
profiles
SRC CLI
subscribers
login process
logout process
documentation
comments on

enterprise
description
enterprise subscribers    1
adding
SRC CLI
enterprise subscribers, login process
event publishers
configuring
SRC CLI
default retailer authentication, configuring
SRC CLI
default retailer DHCP authentication, configuring
SRC CLI
description
retailer-specific
service-specific
virtual router-specific
external plug-ins
configuring
SRC CLI

file upload settings for log rotation
configuring
SRC CLI
flat file accounting plug-ins    1
configuring
SRC CLI
configuring headers
SRC CLI
flexible RADIUS accounting plug-ins    1
attributes, defining
C-Web interface
configuring
RADIUS packets, defining
flexible RADIUS authentication plug-ins    1
attributes, defining
C-Web interface
examples
configuring
SRC CLI
RADIUS packets, defining
SRC CLI
setting responses
C-Web interface
FTP server for log rotation
configuring
SRC CLI    1, 2

general properties
configuring
SRC CLI

HTTP proxy 1, 2
HTTPS traffic

interface classification scripts.     See classification scripts
interim accounting, configuring on SAE
internal plug-ins
configuring
SRC CLI

LDAP authentication plug-in    1
configuring
SRC CLI
limiting subscribers plug-in    1
configuring
SRC CLI
log rotation
overview
SRC CLI
logging
redirect server
login events, description
login process
enterprise
residential    1, 2, See also logout process, residential
DHCP
PPP
summary
login registration
configuring
SRC CLI
logout process, residential
DHCP

managers
configuring
SRC CLI
control over all retailers
management privileges
subscribers and subscriptions
manuals
comments on

NAT (Network Address Translation)
VPNs
notice icons

plug-ins
activating service sessions
authentication
configuring
authorization
configuring
basic RADIUS accounting    1
configuring, SRC CLI
basic RADIUS authentication    1
configuring, SRC CLI
creating subscriber sessions
custom RADIUS accounting    1
configuring, SRC CLI
custom RADIUS authentication    1
configuring, SRC CLI
defining RADIUS packets
SRC CLI
DHCP address assignment
event publishers.     See event publishers
external
configuring, SRC CLI
flat file accounting    1
configuring, SRC CLI
flexible RADIUS accounting    1
configuring
flexible RADIUS authentication    1
configuring, SRC CLI
internal    1
authorization
configuring RADIUS peers, SRC CLI
configuring, SRC CLI
customizing RADIUS packets
how they work
pool
RADIUS attributes, C-Web interface
tracking
LDAP authentication    1
configuring, SRC CLI
limiting subscribers    1
configuring, SRC CLI
state synchronization
configuring, SRC CLI
tracking
configuring, C-Web interface
service sessions
subscriber sessions
policy groups
empty    1, 2
policy management
external policy system    1, 2
PPP subscribers
login process
Web login
prevention, use of unauthorized resources
protocols
routing
proxy HTTP    1, 2
proxy request management
public addresses, VPNs

QoS tracking plug-in

RADIUS accounting
attributes
description
RADIUS attributes
defining in RADIUS plug-ins
C-Web interface
examples, defining in RADIUS plug-ins
C-Web interface
RADIUS client library, custom RADIUS plug-ins
RADIUS packets, customizing in plug-ins
RADIUS peers
configuring in plug-ins
SRC CLI
RADIUS plug-ins    1, See also plug-ins
authentication
UDP port
redirect server
assessing load
C-Web interface
configuration statements
SRC CLI
configuring
SRC CLI
configuring DNS server for
SRC CLI
configuring HTTP proxy support
SRC CLI
configuring redundant
SRC CLI
directory connection
SRC CLI
failover
file extensions
SRC CLI
logging
number of requests
SRC CLI
protection against denial-of-service attacks
redundancy    1, 2, 3
static route to router
traffic definition
SRC CLI
verifying
SRC CLI
redundancy
redirect server
residential subscribers    1
adding
SRC CLI
login process.     See login process
retailers
subscribers    1
adding, SRC CLI
router subscribers    1
adding
SRC CLI
routing instances
VPNs
routing scheme

SAE (service activation engine)
classification scripts.     See classification scripts
login events
login process.     See login process
SAE (service activation engine), configuring
interim accounting
SRC CLI
login registration
SRC CLI
multiple logins from same IP address
SRC CLI
reduce reported session time
SRC CLI
session reactivation timers
SRC CLI
time for MAC address in cache
SRC CLI
unauthenticated user DN
SRC CLI
service activation engine.     See SAE
service sessions
activate-on-login    1, 2
activating and tracking
activating with Web application
enterprise, remote activation
sites    1, 2, 3
subscriber    1
adding, SRC CLI
state synchronization plug-in interface
configuring
SRC CLI
static IP subscribers, login process
static routing
subscriber classification scripts.     See classification scripts
subscriber folders    1
adding
SRC CLI
subscriber sessions
activating with Web application
creating and tracking
enterprise, creating and activating
subscribers
3gpp attributes (Gx router driver)
configuring, SRC CLI
adding
SRC CLI
enterprise    1
adding, SRC CLI
inheriting properties
inheriting subscriptions
residential    1
adding, SRC CLI
retailer    1
adding, SRC CLI
router    1
adding, SRC CLI
sessions
sites    1
adding, SRC CLI
types
subscriptions    1
access, configuring
SRC CLI
an orderly deactivation, activation order, specifying
SRC CLI
configuring
SRC CLI
multiple per subscriber
support, technical     See technical support

targets.     See classification scripts
technical support
contacting JTAC
text conventions defined
tracking plug-ins    1
configuring
C-Web interface

UDP ports
RADIUS plug-ins
User Datagram Protocol. See UDP

validating
VPNs
virtual private networks.     See VPNs
VPNs (virtual private networks)
adding
SRC CLI
configuration requirements
configuration statements
extranet clients, modifying
SRC CLI
invalid subscriptions
modifying
routing schemes
using NAT
validating

Download This Guide

Download this guide: SRC 4.10.x Subscribers and Subscriptions Guide

Creating DHCP Profiles (SRC CLI)

When the SAE receives a DHCP discover request from the router, it uses the client’s MAC address to find a DHCP profile in cache or in the directory. If it finds a DHCP profile, the SAE uses the information in the profile to create a discover decision that it returns to the router. The discover decision includes information to select an IP address and DHCP options to configure the DHCP client.

When a DHCP subscriber logs in to the SAE through a Web portal, the SAE registers the subscriber’s equipment and creates a cached DHCP profile in the o=AuthCache directory. These profiles are keyed by the MAC address of the DHCP client device. They are created by the grantPublicIp or the registerEquipment methods.

DHCP profiles are stored in the o=AuthCache directory in the dhcpProfile object class. The dhcpProfile object class is subordinate to the cachedAuthenticationProfiles object class. Manually created profiles are keyed by the cn (common name) attribute.

For more information about how the SAE handles DHCP subscribers, see:

Use the following configuration statements to create a DHCP profile:

shared auth-cache cached-dhcp-profile name {description description; pool-name pool-name; ip-address ip-address; dhcp-options dhcp-options;boot-server-name boot-server-name; boot-file-name boot-file-name; virtual-router virtual-router; local-interface local-interface; lease-time lease-time; user-name user-name;service-bundle service-bundle; radius-class radius-class; }

To create a DHCP profile:

From configuration mode, enter the DHCP cached authentication profile configuration. In this sample procedure, dhcp-profile is the name of the DHCP cached authentication profile.
user@host# edit shared auth-cache cached-dhcp-profile dhcp-profile
(Optional) Configure a description for the profile.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set description description
(Optional) Configure the name of the IP address pool on the JunosE router from which a DHCP address is selected.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set pool-name pool-name
(Optional) Configure the fixed IP address that is offered to the DHCP client if the client is part of a network in the configured DHCP pool.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set ip-address ip-address
(Optional) Configure the DHCP options that are used to configure DHCP clients.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set dhcp-options dhcp-options
(Optional) Configure the name of the server used to boot the DHCP client.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set boot-server-name boot-server-name
(Optional) Configure the name of a boot file used to boot the DHCP client.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set boot-file-name boot-file-name
(Optional) Configure the name of the JunosE virtual router that holds the IP address pool.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set virtual-router virtual-router
(Optional) Configure the name of the JunosE interface that is used to check the validity of system-created DHCP profiles.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set local-interface local-interface
(Optional) Configure the length of time the supplied IP address is valid.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set lease-time lease-time
(Optional) Configure the name of DHCP user without the domain name.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set user-name user-name
(Optional) Configure the vendor-specific RADIUS attribute that specifies the SRC service bundle to use.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set service-bundle service-bundle
(Optional) Configure the RADIUS attribute class.
[edit shared auth-cache cached-dhcp-profile dhcp-profile]user@host# set radius-class radius-class

(Optional) Verify your configuration.

[edit shared auth-cache cached-dhcp-profile dhcp-profile]
user@host# show 
boot-file-name boot.client;
boot-server-name 10.212.10.180;
description 'This DHCP profile is used to select addresses from the "pool100" pool.';
dhcp-options 50;
ip-address 100.100.100.100;
lease-time 3600;
local-interface *;
pool-name pool100;
radius-class 0x53425232434cd;
service-bundle *;
user-name jane;
virtual-router *;

TechLibrary

Download This Guide

Related Documentation

Creating DHCP Profiles (SRC CLI)

Related Documentation

Modified: 2016-05-27