[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring Subscriber Access for a Wireless Location

To use the SAE to manage a wireless access point that participates in a roaming agreement:

  1. Configure RADIUS authentication for users who connect from a wireless location.
  2. Create subscriber access to an ISP.
  3. Create Web access.
  4. Verify idle timeout properties for the SAE.

The following sections describe how to perform these tasks.

Configuring RADIUS Authentication

To set up RADIUS authentication to support a roaming environment between wireless Internet service providers, you can use the Flexible RADIUS Authentication plug-in that is provided with the SRC software, or you can create a custom RADIUS authentication plug-in.

Configuring a Custom RADIUS Authentication Plug-In

If you create a custom plug-in, be sure that it supports the same RADIUS attributes as those configured for the flexible RADIUS authentication plug-in. See Configuring the Flexible RADIUS Authentication Plug-In.

For information about creating a custom plug-in, see SAE CORBA Plug-In Service Provider Interface (SPI) in the SRC software distribution in the folder SDK/doc/idl or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx/api-index.html

Configuring the Flexible RADIUS Authentication Plug-In

The default flexible RADIUS authentication plug-in, flexRadiusAuth, provides support for RADIUS vendor-specific attributes for WISPr, which are listed in the following procedure. These attributes use the IANA private enterprise number 14122 assigned to the Wi-FI Alliance. For more information about these attributes, see

http://www.wi-fialliance.org/opensection/wispr.asp

You should be familiar with the general procedure for configuring the flexible RADIUS authentication plug-in before configuring it to include the WISPr attributes. For information about configuring the flexible RADIUS authentication plug-in, see SRC-PE Subscribers and Subscriptions Guide, Chapter 5, Configuring Authorization and Accounting Plug-Ins for Solaris Platforms.

When you configure the plug-in, you can use the following standard attribute values to set values in authentication response packets:

Examples in the following procedure show how you can use these attribute values.

To configure the plug-in to support a roaming environment:

  1. Configure attributes.

This attribute can be an interface description (ifAlias) or other value that identifies the JUNOSe interface to which the wireless access point connects.

For example:

vendor-specific.WISPr.Redirection-URL=setProperty("startURL=%s" % 
ATTR)

The default configuration sets a session property named startURL.

For example:

vendor-specific.WISPr.Bandwidth-Max-Up=setSubstitution("max_up_rate=
%s" % ATTR)

For example:

vendor-specific.WISPr.Bandwidth-Max-Down=setSubstitution("max_down_r
ate=%s" % \  ATTR)

For example:

vendor-specific.WISPr.Session-Terminate-Time=setTerminateTime(ATTR)

If the operator of the wireless location does not support daily billing, do not configure this attribute, and remove it if present.

  1. For each attribute that you configure, configure the packet type to which the attribute applies. Table 7 shows the packet types associated with each attribute.
  2. 
    
    
    
    Table 7: Packet Types for RADIUS Attributes
    RADIUS Attribute
    Associated RADIUS Packet Definition

    vendor-specific.WISPr.Location-ID

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Location-ID

    vendor-specific.WISPr.Redirection-URL

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Redirection-URL

    vendor-specific.WISPr.Logoff-URL

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Logoff-URL

    vendor-specific.WISPr.Bandwidth-Max-Up

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Bandwidth-Max-Up

    vendor-specific.WISPr.Maximum-Max-Down

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Maximum-Max-Down

    vendor-specific.WISPr.Location-Name

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Location-Name

    vendor-specific.WISPr.Session-Terminate-Time

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Session-Terminate-Time

    vendor-specific.WISPr.Session-Terminate-End-Of-Day

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Session-Terminate-End-Of-Day

    vendor-specific.WISPr.Billing-Class-Of-Service

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Billing-Class-Of-Service

Creating Subscriber Access to an ISP

An access service lets subscribers connect to an ISP. The policies associated with the access service should specify a JUNOS policing or JUNOSe rate-limiting policy to set the maximum bandwidth at which a subscriber can send traffic, and the maximum bandwidth at which a subscriber can receive traffic. When you configure the policies, define the bandwidth values as parameters so that the policies can be applied across a number of subscribers.

To configure an access service to the ISP:

  1. In SDX Admin, create the access service.

See SRC-PE Services and Policies Guide, Chapter 2, Managing Services on a Solaris Platform.

  1. In Policy Editor, create a policy group the sets the maximum bandwidth at which a subscriber can send traffic, and the maximum bandwidth at which a subscriber can receive traffic. Use parameters to set these values.

See SRC-PE Services and Policies Guide, Chapter 12, Configuring and Managing Policies with Policy Editor and SRC-PE Services and Policies Guide, Chapter 15, Defining and Acquiring Values for Parameters.

The example in Figure 5 shows a policy configuration that includes:


Figure 5: Sample Rate-Limiting Policies with Bandwidth Parameters

Substitutions for these parameters can then be referenced in the RADIUS attributes:

vendor-specific.WISPr.Bandwidth-Max-Up=setSubstitution("max_up_rate=%s" 
% ATTR)
vendor-specific.WISPr.Bandwidth-Max-Down=setSubstitution("max_down_rate=%s" 
% ATTR)

Creating Web Access

When subscribers connect to and log in to a wireless access point, they are directed to a single Web page that is referred to as a captive portal page. This page is part of a residential service selection portal. A captive portal page receives and manages redirected Web requests. For information about residential portals and captive portal pages, see SRC-PE Subscribers and Subscriptions Guide, Chapter 15, Overview of the Residential Portal.

When creating a captive portal page for a wireless roaming environment, configure the page to:

You can retrieve the URL of the start page from the service session property startURL. Note that startURL is the default name used for the flexible RADIUS authentication plug-in; you can assign a different name to this property.

You can use the Subscriber.readSubscription() method in the Common Object Request Broker Architecture (CORBA) remote application programming interface (API) to retrieve the redirect URL.

Note that when you develop the portal, you can use the following methods in the SAE CORBA remote API to retrieve session data after the access service starts:

For more information about these methods, see the SAE CORBA remote API documentation in the SRC software distribution in the folder SDK/doc/idl or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx/api-index.html

Verifying Idle Timeout Properties for the SAE

Review the following configuration properties to ensure that the settings are consistent with the requirements for your environment:

To review idle timeout settings from SDX Configuration Editor:

  1. In the navigation pane, expand SAE, and click a configuration object.
  2. In the content pane, click the Miscellaneous tab.
  3. Verify the setting for Idle Timeout(s).

This value may be set in the service definition for the access service, or by the ISP in a RADIUS authorization response.

An interval up to 5 minutes is typically recommended for the idle timeout. For the SRC software, the recommended minimum is 15 minutes.

  1. In the Miscellaneous pane, expand Idle Timeout, and review the setting for Adjust Session Time. See the field description below.

Adjust Session Time


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]