Configuring Subscriber Access for a Wireless Location

Tasks to use the SAE to manage a wireless access point that participates in a roaming agreement are:

  1. Configuring RADIUS Authentication
  2. Creating Subscriber Access to an ISP
  3. Creating Web Access
  4. Setting Idle Timeout Options for the SAE

Configuring RADIUS Authentication

You configure RADIUS authentication for users who connect from a wireless location, and set up RADIUS authentication to support a roaming environment between wireless Internet service providers. You can use the Flexible RADIUS Authentication plug-in that is provided with the SRC software, or you can create a custom RADIUS authentication plug-in.

Configuring a Custom RADIUS Authentication Plug-In

If you create a custom plug-in, be sure that it supports the same RADIUS attributes as those configured for the flexible RADIUS authentication plug-in. See Configuring the Flexible RADIUS Authentication Plug-In.

For information about creating a custom plug-in, see SAE CORBA Plug-In Service Provider Interface (SPI) on the Juniper Networks Web site at: https://www.juniper.net/techpubs/software/management/src/api-index.html.

Configuring the Flexible RADIUS Authentication Plug-In

The default flexible RADIUS authentication plug-in, flexRadiusAuth, provides support for RADIUS vendor-specific attributes for WISPr, which are listed in the following procedure. These attributes use the IANA private enterprise number 14122 assigned to the Wi-Fi Alliance. For more information about these attributes, see http://www.wi-fialliance.org/opensection/wispr.asp.

You should be familiar with the general procedure for configuring the flexible RADIUS authentication plug-in before configuring it to include the WISPr attributes. For information about configuring the flexible RADIUS authentication plug-in, see Configuring Tracking Plug-Ins (SRC CLI).

When you configure the plug-in, you can use the following standard attribute values to set values in authentication response packets:

Examples in the following procedure show how you can use these attribute values.

To configure the plug-in to support a roaming environment:

  1. Configure attributes.
    • Required attributes:
      • An identifier for the wireless location:
        vendor-specific.WISPr.Location-ID=Identifier

        This attribute can be an interface description (ifAlias) or other value that identifies the JunosE interface to which the wireless access point connects.

      • The URL of the start page returned by the RADIUS server of the ISP:
        vendor-specific.WISPr.Redirection-URL=Command to make the URL available to the SRC software

        For example:

        vendor-specific.WISPr.Redirection-URL=setProperty(“ startURL=%s” % ATTR)

        The default configuration sets a session property named startURL.

      • The URL of a page that a subscriber can use to log out of the network:
        vendor-specific.WISPr.Logoff-URL=URL of a log out page
    • Bandwidth attributes (recommended):
      • The maximum transmission rate in bits per second:
        vendor-specific.WISPr.Bandwidth-Max-Up=Command to make the rate available to the SRC software

        For example:

        vendor-specific.WISPr.Bandwidth-Max-Up=setSubstitution(“ max_up_rate=%s” % ATTR)
      • The maximum receive rate in bits per second:
        vendor-specific.WISPr.Bandwidth-Max-Down=Command to make the rate available to the SRC software

        For example:

        vendor-specific.WISPr.Bandwidth-Max-Down=setSubstitution(“ max_down_rate=%s” % \ ATTR)
    • Optional attributes:
      • The name of the wireless location:
        vendor-specific.WISPr.Location-Name=Name of the wireless location
      • The date and time that the subscriber session is to end:
        vendor-specific.WISPr.Session-Terminate-Time=Command to set the session terminate time

        For example:

        vendor-specific.WISPr.Session-Terminate-Time=setTerminateTime(ATTR)
      • The end of the subscriber session at the end of the billing day:
        vendor-specific.WISPr.Session-Terminate-End-Of-Day=ATTR or setTerminateTime("00:00:00")

        If the operator of the wireless location does not support daily billing, do not configure this attribute, and remove it if present.

      • A service type for billing:
        vendor-specific.WISPr.Billing-Class-Of-Service=Service type
  2. For each attribute that you configure, configure the packet type to which the attribute applies. Table 5 shows the packet types associated with each attribute.

    Table 5: Packet Types for RADIUS Attributes

    RADIUS Attribute

    Associated RADIUS Packet Definition

    vendor-specific.WISPr.Location-ID

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Location-ID

    vendor-specific.WISPr.Redirection-URL

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Redirection-URL

    vendor-specific.WISPr.Logoff-URL

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Logoff-URL

    vendor-specific.WISPr.Bandwidth-Max-Up

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Bandwidth-Max-Up

    vendor-specific.WISPr.Maximum-Max-Down

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Maximum-Max-Down

    vendor-specific.WISPr.Location-Name

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Location-Name

    vendor-specific.WISPr.Session-Terminate-Time

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Session-Terminate-Time

    vendor-specific.WISPr.Session-Terminate-End-Of-Day

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Session-Terminate-End-Of-Day

    vendor-specific.WISPr.Billing-Class-Of-Service

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Billing-Class-Of-Service

Creating Subscriber Access to an ISP

Configure a service that lets subscribers connect to an ISP through a captive portal, a single Web page to which subscribers connect. The policies associated with the service should specify a Junos OS policing or JunosE rate-limiting policy to set the maximum bandwidth at which:

When you configure the policies, define the bandwidth values as parameters so that the policies can be applied across a number of subscribers.

To configure a service to access the ISP:

  1. Create the SRC service to use RADIUS authentication.

    See Adding a Normal Service (SRC CLI).

  2. Create a policy group the sets the maximum bandwidth at which a subscriber can send traffic, and the maximum bandwidth at which a subscriber can receive traffic. Use parameters to set these values.

    To configure policies, see:

For example, you can create a policy configuration that includes:

Substitutions for these parameters can then be referenced in the RADIUS attributes:

vendor-specific.WISPr.Bandwidth-Max-Up=setSubstitution(“ max_up_rate=%s” % ATTR)vendor-specific.WISPr.Bandwidth-Max-Down=setSubstitution(“ max_down_rate=%s” % ATTR)

Creating Web Access

When subscribers connect to and log in to a wireless access point, they are directed to a single Web page that is referred to as a captive portal page. This page is part of a service selection portal. A captive portal page receives and manages redirected Web requests. The SRC Application Library provides an unsupported, demonstration application for a residential service selection portal.

When creating a captive portal page for a wireless roaming environment, configure the page to:

Note that when you develop the portal, you can use the following methods in the SAE CORBA remote API to retrieve session data after the access service starts:

For more information about these methods, see the SAE CORBA remote API documentation on the Juniper Networks Web site at

https://www.juniper.net/techpubs/software/management/src/api-index.html.

Setting Idle Timeout Options for the SAE

You can configure the following options to ensure that the timeout values are consistent with the requirements for your environment:

To configure the timeout settings:

  1. Configure the service activation authentication through a RADIUS server to return an idle timeout. This configuration requires that the RADIUS server returns the idle timeout vendor-specific attribute (VSA).

    or

    Configure the idle timeout in the SRC service definition. For example:

    [edit services global service service1]user@host# set idle-timeout 5

    Although an interval up to 5 minutes is typically recommended, for the SRC software, we recommend a minimum of 15 minutes.

  2. Configure the adjust-session-time statement for the SAE to ensure that session time is accurately reported for accounting purposes. For example:
    [edit shared sae group wireless configuration]user@host# set idle-timeout adjust-session-time

Related Documentation