Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Restricting and Customizing Services for Subscribers Overview


Service scopes let you customize which services are to be delivered to specific organizations or specific locales. You can use service scopes to provision services for a group of subscribers by specifying:

  • Particular services or mutex groups.

  • Parameter substitutions that customize generic services.

A service scope is a collection of services and mutex groups, and optionally defines parameter substitutions for its associated services. For more information about parameter substitutions, see Parameters and Substitutions. The object o=Services is the generic service scope—a collection of services and mutex groups available to all subscribers.

You can assign service scopes to virtual routers (VRs) and to some types of subscribers.

Assigning Service Scopes to Multiple VRs and Subscribers

You can also assign a service scope to multiple VRs and subscribers. For example, by assigning a service scope to a group of VRs, you can specify that a service is available only in the locations served by those VRs. If a subscriber of this service accesses the network from a location where you do not offer this service, the portal will not display the service, and the subscriber will not be able to use it.

If you assign a service scope to multiple VRs and subscribers, you specify a precedence—a numerical ranking—for each service scope. The lower the precedence value, the higher the ranking of the service scope. By default, the object o=Services has the highest precedence value and the lowest ranking.

Defining Multiple Scopes for a Service

If multiple service scopes that define the same service are assigned to a VR or subscriber, the SAE selects the parameters to use for the service as follows:

  1. It selects the parameters that are defined by only one service scope.

  2. If the same parameter is defined by more than one service scope, the SAE selects the parameter as follows:

    1. Selects the parameter associated with the service scope that has the lowest precedence value.

    2. If the parameter is defined by multiple service scopes with the same precedence value, selects the parameter defined by the service scope with the lowest alphanumerical name.

For example, consider the situation shown in Table 1 in which three scopes define several parameters for the same service.

Table 1: Parameter Selection Example

Service Scope Name

Precedence Value

Parameter Definitions



description, policy group



description, URL



description, URL

The SAE will use the following parameter definitions for the service:

  • Description from scope s1 (s1 has the lowest precedence value)

  • Policy group from scope s1 (only s1 defines this parameter)

  • URL from scope s2 (s2 has a lower alphanumeric name than s3)

You can also configure a generic Internet access service, and use service scopes to define the access parameters for different locations to use this service. If multiple service scopes that define this Internet access service are assigned to a VR, the SAE uses the precedence values to determine how to customize the service.

Example: Using Service Scopes to Deliver a Limited Set of Services to Organizations

You can use service scopes to create a limited set of services to be made available to specified organizations. For enterprise users, you could define a set of services available on the routers running Junos OS.

To deliver a small set of services to specified enterprises:

  1. Create a scope for the services to be made available. For example, see the EntJunos Scope in the sample data.

  2. Add services to the scope, such as those in the sample data in the EntJunos Scope.

  3. Assign the scope to one or more enterprise subscribers. For example, assign the EntJunos Scope to the Acme enterprise.

  4. Verify your configuration.

If you use a portal to manage enterprises, you see only the services for the specified scope from the portal. Other services are not visible to the IT managers who manage services and subscriptions from the enterprise service portal. To see the services available to Acme from Enterprise Manager Portal, see the SRC PE Sample Applications Guide.

Example: Using Service Scopes to Customize Generic Services to Particular Regions

You could use service scopes to customize a generic audio service called Audio-Bronze on a regional basis. This example assumes that the network is configured so that VR boston serves the Boston subnet and VR chicago serves the Chicago subnet.

When the network starts operating, the SAE substitutes the parameters you specified in the service scope definition for the corresponding fields in the service subordinate to that scope.

To customize the new service Audio-Bronze for the Boston and Chicago subnets:

  1. Add the Audio-Bronze service within a service scope called boston, and configure the IP address and mask used by VR boston in the parameter configuration.

    This IP address and mask determine an access point to the service provider’s equipment.

  2. Add another Audio-Bronze service within a service scope called scope_chicago, and specify the IP address and mask used by VR chicago.

  3. Assign service scope boston to virtual router boston.

  4. Assign service scope chicago to virtual router chicago.