The JUNOS subscriber access feature provides subscriber
access, authentication, and service creation, activation, and deactivation.
You can also collect accounting information and statistics for subscriber
service sessions.
The subscriber access feature supports both CLI
and AAA-based configuration (such as RADIUS) for subscribers. Access
and services start when the router receives a message from a client
(such as a DHCP discover message). For RADIUS clients, RADIUS Access-Accept
messages and Change-of-Authorization-Request (CoA-Request) messages
can create, modify, and delete subscriber sessions as well as activate
and deactivate service sessions. You can use CLI commands to create
a dynamic profile, which act as a template of user attributes.
A subscriber service is based on the combination of a defined
dynamic profile and attributes configured through authentication.
Dynamic profiles can include dynamic firewall filters, class of service
(CoS) settings, and protocol (IGMP) settings that define access limits
for subscribers and the scope of a service granted to the subscriber
once access is obtained.
The subscriber access feature provides the following
convenience and flexibility to service providers and subscribers:
Service providers can separate services and access technology
and eliminate unprofitable flat-rate billing. They gain the ability
to efficiently design, manage, and deliver services that subscribers
want, and then bill subscribers based on connect time, bandwidth,
and the actual service used.
Subscribers benefit by gaining access to multiple simultaneous
services. Depending on the service provider configuration, subscribers
can dynamically connect to and disconnect from various services when
they want and for however long they want. Subscribers can be billed
based on the service level and usage, rather than being charged a
set rate regardless of usage.
Subscriber Access Terms and Acronyms
Table 7 defines terms
and acronyms that are used in this discussion of subscriber access.
Table 7: Subscriber
Access Terms and Acronyms
Term
Definition
Dynamic profile
A template that defines a set of characteristics that are combined
with authorization attributes and are dynamically assigned to static
interfaces to provide dynamic subscriber access and services for broadband
applications.
AAA method for subscriber authentication
The AAA method that uses authentication (for example, including
RADIUS VSAs in the Access-Accept packet) to verify a subscriber and
activate a service when the subscriber logs in.
RADIUS CoA method
The method that uses RADIUS CoA-Request messages and VSAs to
activate a service for a subscriber that is already logged in.