Before You Install and Configure the Sample Residential Portal
Before you install and configure the sample residential portal:
- Equipment registration behavior—The equipment registration example demonstrates an application that provides an association between a subscriber and the equipment being used to make the DHCP connection. This type of association is used in many cable environments.
- ISP service behavior—The ISP service example demonstrates an application that provides a means for subscribers to directly log in to a subscriber session for their ISP. The ISP service behavior is well suited for any environment in which subscribers connect directly to their ISP.
- Cable behavior—The cable behavior is provided for a PCMM environment in which an application creates a subscriber session.
- (Optional) Set up subscriber authentication through RADIUS at portal login.
- (Optional) Customize how the sample residential portal handles unrecognized IP subscribers.
Configuring Equipment Registration Behavior
To configure a Merit RADIUS server to demonstrate equipment registration:
- Move to the radius/etc directory.
cd /opt/UMC/radius/etc- Copy authfile.equipment to authfile.
cp authfile.equipment authfileWith equipment registration, a subscriber registers equipment to the SAE only once. At registration, the system caches the media access control (MAC) address of the device; thereafter, the MAC address identifies the device to the SAE, and an authenticated IP address is returned to the device.
When the MAC address of the subscriber's equipment is associated with a user profile, the subscriber login can be configured as persistent. With a persistent login, the subscriber does not need to log in again as long as the registered MAC address remains the same. This process lets non-HTML-capable devices, such as IP phones and set-top boxes, to be registered to the network. If subscribers do not have a persistent login configured, the portal detects that the subscriber is not authenticated and directs the subscriber to a login page.
Configuring ISP Service Behavior
To configure a Merit RADIUS server to demonstrate the ISP service behavior:
- Move to the radius/etc directory.
cd /opt/UMC/radius/etc- Copy the authfile.isp to authfile.
cp authfile.isp authfileThis connection can be to a wireless device or over physical connection media. In this scenario, subscribers can log in to their ISP from any device; there is no need to bind a particular subscriber to a particular PC or workstation (equipment registration).
The ISP service model applies to subscribers who log in to a specific provider. To switch between providers, subscribers can log out from one and then log in to another.
Configuring Cable Behavior
For a PCMM environment, you can create an application to create a subscriber session by either:
- Using the event API to integrate an IP address manager such as a DHCP server or a RADIUS server.
- Having the application provide the IP address, the associated interface name, and virtual router name for the subscriber making the request. Typically, the IP address is used to identify the associated virtual router.
If the application provides the subscriber IP address and associated information, you can configure the portal application to locate the SAE that manages the subscriber session by configuring one of the following:
- NIC host that resolves a subscriber IP address to name of the virtual router managing the IP address and an SAE interoperable object reference (IOR)
- NIC proxy for the application to communicate with the NIC host
- A local feature locator in the properties for the residential portal. See WEB-INF/portalBehavior.properties.
Authenticating Subscribers Through RADIUS
If you use RADIUS to manage subscriber data, you can use RADIUS to authentication subscribers when they log in to a residential portal. You configure RADIUS authentication plug-ins to provide RADIUS authentication or authorization. In the configuration for the plug-in, you specify how the SAE handles RADIUS attributes received from the RADIUS server.
Because the SAE rather than a JUNOSe router receives the authentication response, you can specify that the response include attributes other than serviceBundle and class, and you can specify more than value for the RADIUS class attribute.
To authenticate subscribers through RADIUS at portal login:
- Create a RADIUS authorization plug-in to authenticate subscriber sessions.
- Configure the RADIUS authorization plug-in to specify:
- The RADIUS attributes to be set in an authorization response
- The action to be taken in response to the attribute values received
For example, you could create a RADIUS authorization plug-in to:
- Authenticate a PPP subscriber session on a JUNOSe router
- Specify the setLoadServices value for the serviceBundle attribute
By default, the flexible RADIUS authentication plug-in defines this attribute as:
RadiusPacket.stdAuth.userresp.vendor-specific.Juniper.Service-Bundle = setLoadServicesFor more information about RADIUS authentication plug-ins, see Chapter 8, Overview of Plug-Ins Included with the SAE.
Customizing How the Sample Residential Portal Handles Unrecognized IP Subscribers
By default, the sample residential portal sends unrecognized IP subscribers to a login page rather than to an error page.