Flexible RADIUS Plug-Ins Overview

With flexible RADIUS accounting and authentication plug-ins, you can define the content of RADIUS packets that the service activation engine (SAE) sends to RADIUS servers. You can specify which attributes are included in different types of RADIUS packets (for example, session Start or Stop requests, or Accounting-On or Accounting-Off requests). You can also specify what information is contained in the attribute fields.

A RADIUS attribute configuration consists of RADIUS attribute instances. Each instance defines attributes for a specific type of packet—for example, Start requests or Accounting-Off requests.

Within each attribute instance, you define individual RADIUS attributes. The following is a RADIUS attribute instance for authentication requests:

radius-attributes auth {
  attributes {
    Chargeable-User-Identity ''''
    User-Name loginId;
    User-Password password;
    NAS-Identifier localNasId;
    NAS-IP-Address localNasIp;
    NAS-Port nasPort;
  }
}

Each RADIUS packet template can consist of multiple RADIUS attribute instances.

Using Default RADIUS Templates

The SRC module comes with two default templates:

Naming RADIUS Attribute Instances

Attribute instances define attributes for a specific type of RADIUS packet. The name that you assign to an attribute instance specifies the type of packet to which the attribute definition is applied. Table 16 lists the available packet types.

Table 16: RADIUS Attribute Instance Names

Attribute Instance (Packet Type)

Type of RADIUS Packet to Which Attribute Definition Is Applied

acct

Any accounting request

auth

Any authentication request

authresp

Any authorization response

dhcpresp

DHCP response

off

Accounting-Off requests

on

Accounting-On requests

onoff

Accounting-On or Accounting-Off requests

start

Start requests

startstop

Start, Stop, or Interim Update requests

stop

Stop or Interim Update requests

svcacct

Service Session Start, Stop, or Interim requests

svcresp

Any service authorization response

svcstart

Service Session Start requests

svcstop

Service Session Stop or Interim requests

useracct

Subscriber Session Start, Stop, or Interim requests

userresp

Any subscriber authorization response

userstart

Subscriber Session Start requests

userstop

Subscriber Session Stop, or Interim requests

Defining RADIUS Attributes

RADIUS attribute definitions consist of a RADIUS attribute and a value for the RADIUS attribute.

You can define values for standard RADIUS attributes or JunosE vendor-specific attributes (VSAs).

Standard RADIUS Attributes

For standard RADIUS attributes, use a name or number as defined in RFC 2865—Remote Authentication Dial In User Service (RADIUS) (June 2000), RFC 2866—RADIUS Accounting (June 2000), or RFC 2869—RADIUS Extensions (June 2000). For a full list, see http://www.iana.org/assignments/radius-types.

Juniper Networks VSAs

For Juniper Networks VSAs, use one of the following formats:

where <type> is one of the following:

The following is an example of RADIUS attribute instances that define RADIUS VSAs.

radius-attributes svcresp {
  attributes {
    Session-Timeout setSessionTimeout(ATTR);
    Idle-Timeout setIdleTimeout(ATTR);
    vendor-specific.Juniper.Sdx-Session-Volume-Quota setSessionVolumeQuota(ATTR);
    vendor-specific.WISPr.Redirection-URL "setProperty(\"startURL=%s\" % ATTR)";
    vendor-specific.WISPr.Bandwidth-Min-Up "setSubstitution(\"min_up_rate=%s\" % ATTR)";
    vendor-specific.WISPr.Bandwidth-Min-Down "setSubstitution(\"min_down_rate=%s\" % ATTR)";
    vendor-specific.WISPr.Bandwidth-Max-Up "setSubstitution(\"max_up_rate=%s\" % ATTR)";
    vendor-specific.WISPr.Bandwidth-Max-Down "setSubstitution(\"max_down_rate=%s\" % ATTR)";
  }
}
radius-attributes dhcpresp {
  attributes {
    Framed-Pool setPoolName(ATTR);
    Framed-IP-Address setUserIpAddress(ATTR);
    26.4874.1.text setAuthVirtualRouterName(ATTR);
    26.4874.2.text setPoolName(ATTR);
    26.4874.31.text setServiceBundle(ATTR);
  }
}

Related Documentation