Example: Subscriber Classification Scripts Using a Subscriber Group
To support scenarios in which the SAE has no access to the subscriber database, the SAE can load anonymous profiles for groups of subscribers. The following example loads a particular subscriber profile when subscribers of domain another-isp.com log in
[edit shared sae group west-region subscriber-classifier rule rule-1]user@host#show
target uniqueID=anon,ou=default,retailerName=another-isp,o=Users,o=umc;condition {"domainName=another-isp.com";}Example: Subscriber Classification Scripts for Enterprise Subscribers
For enterprise subscribers, you can create one general subscriber classifier script that matches a unique subscriber profile to each managed router interface. The subscriber profile is the access subscription that represents an Internet access in an enterprise. The following examples show two approaches to creating the general classifier script. You can use one of these strategies or a combination of strategies.
Matching on the Interface Name
In this scenario, you configure the interface name field in the access subscription for the site to match an interface on the router. The format for the interface name could be: interfaceName@virtualRouterName@routerName. You then create a classification script that searches for subscriber profiles that match a specific interface. For example:
[edit shared sae group west-region subscriber-classifier rule rule-1]user@host#show
target ou=Managed CPE,retailerName=Retailer-Two,o=Users,o=UMC??sub?(interfaceName=<-interfaceName->@<-virtualRouterName-> );condition {"loginType==\"INTF\"";&interfaceName==\fe*\"";}Matching on the Interface Alias
For JUNOSe routers, you can configure the interface description on the router in a format that the classifier script can match to the interface alias in an access subscription. In a simple case, you can configure the interface description only for interfaces that terminate a managed CPE, and match them to the interface alias in the directory. The subscriber classifier could be configured as follows:
[edit shared sae group west-region subscriber-classifier rule rule-1]user@host# showtarget ou=Managed CPE,retailerName=Retailer-Two,o=Users,o=UMC??sub?(interfaceAlias=<-ifAlias->);condition {ifAlias != \"\""}Example: Creating Router Interface Subscriber Session
Aggregate services or script services can be activated on a router instead of an interface or DHCP address. On JUNOSe routers that use the COPS-PR or COPS XDR router driver, the SAE automatically creates a router interface; and then a subscriber session as specified by the subscriber classification script.
For example, the following script searches for a router profile in the directory under ou=routers, retailerName=default, o=Users, o=umc, with a routerName attribute that matches the virtual router name (such as default@erx-node1).
[edit shared sae group west-region subscriber-classifier rule rule-1]user@host#show
target ou=routers,retailername=default,o=Users,o=UMC??sub?(routerName=<-virtualRouterName->);condition {"interfaceName==\"Router\"";}Example: Activating Services for a Group of Subscriber Sessions
A subscriber classification script can assign a shared subscriber profile and a login name to a subscriber session for a group of interface subscriber sessions. The following example assigns the login name idp@idp to subscriber sessions for JUNOSe interfaces that have core specified as the ifAlias (as configured on the JUNOSe router).
[edit shared sae group IDP subscriber-classifier rule rule-3]root@buffy#show
target routerName=idp,ou=interfaces,retailername=SP-IDP,o=Users,o=UMC?loginName=idp@idp;condition {"ifAlias==\"core\"";}You can use this type of subscriber classification to activate a service for a group of interface subscriber sessions that are to be treated the same. For example, in the configuration for an aggregate service, a fragment service could be created for all subscriber interface sessions on interfaces identified by the ifAlias core on a virtual router. The subscriber reference expression in the configuration for the fragment service would reference the virtual router name and the login name, such as vr = "<- virtualRouterName ->", login_name = "idp@idp."
You can also use the SAE CORBA remote API to get lists of the subscriber sessions that share the same login name.