Symbols
A
- access privilege levels
- accounting
- applications
- description
- TACACS+, configuring
- admin permission
- admin-control permission
- all permission
- announcements at system login
- APIs (application programming interfaces)
- CORBA plug-in SPI
- CORBA remote API
- description
- SAE core API 1, 2
- application programming interfaces. See APIs
- architecture
- authentication 1, See also user accounts
- configuration example
- multiple methods
- RADIUS
- shared user accounts 1, 2
- TACACS+
- TACACS+, configuring
- TACACS+, configuring with C-Web interface
- TACACS+, configuring with SRC CLI
- template accounts
- authentication order
- configuring with C-Web interface
- configuring with SRC CLI 1, 2
- overview 1, 2
- removing authentication method
- removing authentication method with SRC CLI
B
C
- C Series Controller
- C Series Controllers
- C-Web interface
- committing a configuration
- configuration options
- configuring
- HTTP access 1, 2
- HTTPS access 1, 2
- logging properties
- copying an object
- deleting an object
- editing level
- elements
- getting Help
- icons
- layout
- loading configuration values
- logging out
- moving an object
- navigating
- overview 1, 2
- password, changing
- Policies, Services, and Subscribers
- renaming an object
- reverting a configuration
- starting
- updating configuration data
- username, changing
- C2000 Controller
- C3000 Controller
- C4000 Controller
- C5000 Controller
- clear permission
- cli
- client mode, NTP
- commands
- configuration statements
- configure permission
- control permission
- conventions
- customer support 1
- cweb-password
D
- date on system
- deployment scenarios
- DES (directory eventing system)
- differentiated QoS
- digital certificates. See security
- directory
- directory connection properties
- directory eventing system
- directory server
- documentation
- draft RFCs
- dynamic webpages
E
F
G
- Gigabit Ethernet interfaces, configuring IPv4
- Gigabit Ethernet interfaces, configuring IPv6
- GRE tunnel interfaces
- group interfaces, configuring 1
H
I
J
- Java Naming and Directory Interface. See JNDI
- java-heap-size, configuring
- JNDI (Java Naming and Directory Interface)
- Juniper Networks database
- adding Juniper Networks database to community
- changing modes
- community mode
- community mode configuration
- configuration example
- configuration statements
- configuring
- data recovery
- high availability
- loading sample data
- neighbors 1, 2
- overview 1, 2
- redundancy
- roles
- changing secondary to primary, SRC CLI
- overview 1, 2
- standalone mode
- verifying configuration
- Juniper-Allow-Commands attribute (RADIUS)
- Juniper-Allow-Configuration attribute (RADIUS)
- Juniper-Deny-Commands attribute (RADIUS)
- Juniper-Deny-Configuration attribute (RADIUS)
- Juniper-Local-User-Name attribute (RADIUS)
L
- LDAP (Lightweight Directory Access Protocol). See directory; directory server
- LDAP directory. See directory
- leases for licenses. See license server
- license
- license manager
- configuration statements
- configuring
- license server
- license usage
- Lightweight Directory Access Protocol. See LDAP
- load balancing
- local password authentication
- local properties
- logging, See also system log server
- login announcements, system
- login classes
- configuration
- configuration examples
- configuration prerequisites
- configuration statements
- configuration verification
- default classes
- idle timeout values
- options
- overview
- predefined
- privilege level options
- privilege levels
M
- maintenance permission
- manuals
- messages
- MII monitor
- configuring
- Monitoring Agent
- multicast
N
- NAS ID, configuring for SAE
- network
- network information collector. See NIC
- NIC (network information collector)
- notice icons
- NTP (Network Time Protocol)
- NTP,
O
- on-demand services 1, 2
- open interfaces
- operator login class
- operators, regular expression
- OSS integration
P
- passwords
- permissions
- policies
- Policies, Services, and Subscribers CLI. See SRC CLI
- Policies, Services, and Subscribers tasks. See C-Web interface
- policy management
- ports
- predefined login classes
- primary directory
- privilege levels 1
- product features 1, 2
R
- RADIUS
- RADIUS authentication. See authentication
- RADIUS authorization. See authentication
- read-only login class
- redundancy
- references
- regular expressions
- request license import file-name command
- reset permission
- residential portal
- resolving hostnames
- retrieving directory changes
- RFCs 1, 2, 3
- root account 1
- router running Junos OS
- router running JunosE Software
- routing permission
- routing-control permission
S
- SAE (service activation engine)
- configuring groups
- deleting default configurations
- SRC CLI 1, 2
- description 1, 2
- initial properties, overview
- starting
- stopping
- verifying status
- SAE (service activation engine), configuring initial properties
- SAE (service activation engine), configuring NAS ID
- SAE (service activation engine), configuring RADIUS address
- sample data
- secondary directory
- secret permission
- secret-control permission
- security
- digital certificates 1
- clearing certificates 1, 2
- clearing requests
- prerequisites
- requesting certificates 1, 2
- requesting certificates through SCEP
- viewing certificates
- security permission
- security-control permission
- server license. See license
- service activation engine. See SAE
- service permission
- service-control permission
- services
- shared user accounts
- shell permission
- SNMP agent
- access control, configuring on C Series Controllers
- community strings 1, 2
- named views
- SNMP groups
- VACM
- configuration statements 1, 2
- configuring
- description
- directory connection parameters, configuring
- Java Runtime Environment, configuring
- local properties, configuring
- logging, configuring
- monitoring
- named views, defining
- notification targets, configuring
- starting
- stopping
- system information, configuring
- trap history, configuring
- SNMP Agent
- snmp control permission
- snmp permission
- SNMP traps
- notification targets, configuring
- snmp-named-views-cli
- snmp-security-names-cli
- snmp-statements
- software standards
- SRC ACP (SRC Admission Control Plug-In)
- SRC CLI 1
- directory connections
- overview
- Policies, Services, and Subscribers CLI
- starting
- SRC components
- SRC software
- configuration prerequisites
- configuring
- creating, virtualized instance 1
- description
- features and benefits 1, 2
- financial advantages
- OSS integration
- recovering
- services
- snapshot on C Series Controller
- upgrading
- USB Storage Device
- virtualization
- virtualization, requirement
- SSH (secure shell)
- standards 1
- static host mapping
- static routes, configuring
- Steel-Belted Radius/SPE server 1, 2
- subscriber
- subscriber permission
- subscriber-control permission
- superuser login class
- support, technical See technical support
- symmetric active mode, NTP
- system authentication. See authentication
- system log server
- configuration prerequisites
- configuration statements
- message groups
- message severity levels
- messages
- messages, file
- messages, server
- messages, user notification
- overview
- system login
- system permission
- system-control permission
T
- TACACS+ authentication. See authentication
- tariff models
- technical support
- Telnet connection to remote host
- template authentication accounts
- text conventions defined
- third-party URLs
- tunnel interfaces
- tunnel interfaces, configuring
U
- UIDs
- unauthorized login class
- unresponsive directories
- usage data
- user accounts 1, See also login classes
- authentication
- configuring passwords
- configuring SSH authentication
- root password 1, 2
- authentication method and password
- configuration
- configuration verification 1, 2
- example
- overview 1, 2, 3
- shared
- user notification messages
V
W
- Web application server
- application deployment 1, 2
- channel stack
- configuration statements
- configuring the Web application server
- installing Web applications inside
- local properties
- multicast-address
- node-id
- overview
- removing Web applications from
- restarting
- shared cluster name
- shared cluster nodes
- shared cluster properties
- starting
- stopping
- viewing cluster history
- viewing cluster status
- viewing statistics
- Web Services Gateway
Download This Guide
Related Documentation
- Adding a Juniper Networks Database to an Established Community (SRC CLI)
- Configuration Statements for the Juniper Networks Database (SRC CLI)
- Viewing Statistics for the Juniper Networks Database (C-Web Interface)
- Example: Configuration for a Database Community
- Setting a Limit on the Number of Search Results from a Juniper Networks Database (SRC CLI)
Juniper Networks Database Overview
Each C Series Controller contains a Juniper Networks database. The database can store SRC data, SRC sample data, SRC configuration information, and a number of user profiles. You store subscriber data in another database.
The Juniper Networks database is designed to store a limited number of subscriber entries that may be shared among your subscribers. If you need to have dedicated entries for each subscriber, you can configure the SRC software to use an external directory. We recommend that an external directory store the subscriber data in environments that have more than 1000 subscribers with an average of 3 subscriptions per subscriber.
You can also set a limit on the maximum number of search results that the server returns to a client in response to a search operation. You must set the size limit on the basis of the total number of available entries in the Juniper Networks Database.
When the C Series Controller starts for the first time, you must enable the Juniper Networks database. After the database is operational, you can load sample data and perform other configuration activities that use this database.
You can operate this database as a standalone database or as a member of a community of Juniper Networks databases. Typically, you run the database in standalone mode only in testing environments. In standalone mode, the database does not communicate with other Juniper Networks databases; there is no data distribution and no redundancy. In community mode, databases distribute data changes among specified databases. When you have two or more C Series Controllers, enable the Juniper Networks database to run in community mode, and assign a role to each database:
- Primary role—A database that provides read-and-write
access to client applications. It replicates its data and distributes
changes to any Juniper Networks databases configured as neighbors.
We recommend that you configure at least two databases to have a primary role.
- Secondary role—A database that provides read access to client applications. If client applications try to write data to this database, the database refers the client to a primary database.
Neighbors are Juniper Networks databases that receive data from another Juniper Networks database. When you configure a database to be a neighbor, you configure it as one of the following types:
- Primary neighbor—A
database that propagates changes that it receives to other Juniper
Networks databases configured as neighbors. A primary neighbor must
be assigned a primary role.
We recommend that you configure at least two databases as primary neighbors.
- Secondary neighbor—A database that only receives database changes. A secondary neighbor must be assigned a secondary role.
When you configure neighbors for the databases, keep in mind the following guidelines:
- A database assigned a primary role can have primary and secondary neighbors.
- A database assigned a secondary role must have at least one primary neighbor, but no secondary neighbors. Because a secondary database cannot distribute changes to its neighbors, if you do configure a secondary neighbor for a secondary database, the software does not use the configuration for the secondary neighbor.
To share processing load, you can configure components, such as SRC ACP, NIC, or SAE, to use a specified database. In the local configuration for SRC components, you configure the URL of the directory.
Redundancy for a Juniper Networks Database
Protect SRC data by setting up a redundancy scheme for your Juniper Networks databases. Client applications control which database they connect to as their primary database and as their backup database.
Use the following guidelines to plan which databases are assigned primary or secondary roles, and which databases are primary or secondary neighbors:
- Each Juniper Networks database that is assigned a primary role should have at least one primary neighbor. If a database assigned a primary role become inoperable, a client application fails over to a primary neighbor.
- Each database that is assigned a secondary role should have at least two primary neighbors.
- Applications that frequently perform write operations to the database should connect to databases that have a primary role. Applications that perform frequent write operations are the C-Web interface, the SRC CLI, back-office applications that provision data, and in some cases the SRC ACP.
- Applications that rarely perform updates, such as the NIC and SAE, can communicate with databases assigned a secondary role. For example, you could configure the NIC and SAE to communicate with the local directory on a C Series Controller, and configure the database on this system to have a secondary role.
Security for a Juniper Networks Database
You can secure connections to a Juniper Networks database by:
- Allowing only Secure Lightweight Directory Access Protocol (LDAPS) connections from remote systems. In this case, both database replication and remote SRC components connect through LDAPS. Restricting all remote connections to LDAPS is supported only on C Series Controllers.
- Allowing only LDAPS connections for database replication, but LDAP or LDAPS connections for other applications. In this case, remote SRC components can connect through LDAP or LDAPS.
The type of secure connection you configure determines which ports are open to a Juniper Networks database:
- Remote component access through LDAP—Port 389
- Remote component access through LDAPS—Port 636
- Secure database access for replication—Port 636
- Database access without security for replication—Port 389
- Local component access through LDAP—Port 389
You can also increase the security of your Juniper Networks database by changing the passwords that SRC components use to communicate with the database.
For information about configuring the SAE to access subscriber data, see Configuring LDAP Access to Directory Data (SRC CLI).
Related Documentation
- Adding a Juniper Networks Database to an Established Community (SRC CLI)
- Configuration Statements for the Juniper Networks Database (SRC CLI)
- Viewing Statistics for the Juniper Networks Database (C-Web Interface)
- Example: Configuration for a Database Community
- Setting a Limit on the Number of Search Results from a Juniper Networks Database (SRC CLI)
