Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Extracting RADIUS Attributes with the Pseudo–RADIUS Authorization Server (SRC CLI)

    The pseudo–RADIUS authorization server extracts RADIUS attribute values from the MX Series router for which it receives access requests.

    Tasks to configure the RADIUS attribute value extraction are:

    Extracting Interface Name Attribute Values

    The interface name value is the subscriber line interface. This value is extracted from the NAS-Port-ID attribute. The default settings for this configuration are sufficient for most applications.

    Use the following configuration statements to extract the interface name value from the RADIUS access request:

    slot number external-subscriber-monitor radius-attribute-extraction default interface-name {regular-expression [regular-expression...]; }

    To extract the interface name value:

    1. From configuration mode, access the configuration statement that configures RADIUS attribute extraction for the interface name value.
      user@host# edit slot 0 external-subscriber-monitor radius-attribute-extraction default interface-name
    2. (Optional) Specify the RADIUS attribute value format with a regular expression. You can group regular expressions by enclosing them in parentheses. The value for the interface is the part of the NAS-Port-ID matched by the first group in your regular expression. For more information about using regular expressions, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default interface-name]user@host# set regular-expression [regular-expression...]

      For example, to specify that the extracted interface name value is ge-0/0/3.0 from the NAS-Port attribute value of ge-0/0/3.0[:0-0]:

      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default interface-name]user@host# set regular-expression ([a-zA-Z0-9-/.]+)\\[:.*

    Extracting Virtual Router Name Attribute Values

    In most cases, the virtual router name value is in the format default@<NAS-ID attribute>. The default settings extract a virtual router name in this format. If your environment is different, you can configure a different format for the extracted value.

    Use the following configuration statements to extract the virtual router name value from the RADIUS access request:

    slot number external-subscriber-monitor radius-attribute-extraction default virtual-router-name {id id; vsa; vsa-id vsa-id; regular-expression [regular-expression...]; type (raw-byte | chars); prefix prefix; }

    To extract the virtual router name value:

    1. From configuration mode, access the configuration statement that configures RADIUS attribute extraction for the virtual router name value.
      user@host# edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name
    2. Specify the RADIUS attribute identifier.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set id id
    3. (Optional) Specify whether the RADIUS attribute is a vendor-specific attribute.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set vsa
    4. (Optional) Specify the RADIUS vendor-specific attribute identifier.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set vsa-id vsa-id
    5. (Optional) Specify the RADIUS attribute value format with a regular expression. You can group regular expressions by enclosing them in parentheses. The value for the interface is the part of the NAS-Port-ID matched by the first group in your regular expression. For more information about using regular expressions, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set regular-expression [regular-expression...]

      For example:

      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set regular-expression ([a-zA-Z0-9-/.]+)\\[:.*
    6. (Optional) Specify the value type of this RADIUS attribute.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set type (raw-byte | chars)

      where:

      • raw-byte—Raw bytes
      • chars—Sequence of characters
    7. (Optional) Specify the prefix that is prepended to the extracted RADIUS attribute value.
      [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]user@host# set prefix prefix

    Published: 2014-06-25