[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Before You Install and Configure the Sample Residential Portal

Before you install and configure the sample residential portal:

Configuring Equipment Registration Behavior

To configure a Merit RADIUS server to demonstrate equipment registration:

  1. Move to the radius/etc directory.
  2. cd /opt/UMC/radius/etc
    
    
    
  3. Copy authfile.equipment to authfile.
  4. cp authfile.equipment authfile
    
    
    

With equipment registration, a subscriber registers equipment to the SAE only once. At registration, the system caches the media access control (MAC) address of the device; thereafter, the MAC address identifies the device to the SAE, and an authenticated IP address is returned to the device.

When the MAC address of the subscriber's equipment is associated with a user profile, the subscriber login can be configured as persistent. With a persistent login, the subscriber does not need to log in again as long as the registered MAC address remains the same. This process lets non-HTML-capable devices, such as IP phones and set-top boxes, to be registered to the network. If subscribers do not have a persistent login configured, the portal detects that the subscriber is not authenticated and directs the subscriber to a login page.

Configuring ISP Service Behavior

To configure a Merit RADIUS server to demonstrate the ISP service behavior:

  1. Move to the radius/etc directory.
  2. cd /opt/UMC/radius/etc
    
    
    
  3. Copy the authfile.isp to authfile.
  4. cp authfile.isp authfile
    
    
    

This connection can be to a wireless device or over physical connection media. In this scenario, subscribers can log in to their ISP from any device; there is no need to bind a particular subscriber to a particular PC or workstation (equipment registration).

The ISP service model applies to subscribers who log in to a specific provider. To switch between providers, subscribers can log out from one and then log in to another.

Configuring Cable Behavior

For a PCMM environment, you can create an application to create a subscriber session by either:

If the application provides the subscriber IP address and associated information, you can configure the portal application to locate the SAE that manages the subscriber session by configuring one of the following:

Authenticating Subscribers Through RADIUS

If you use RADIUS to manage subscriber data, you can use RADIUS to authentication subscribers when they log in to a residential portal. You configure RADIUS authentication plug-ins to provide RADIUS authentication or authorization. In the configuration for the plug-in, you specify how the SAE handles RADIUS attributes received from the RADIUS server.

Because the SAE rather than a JUNOSe router receives the authentication response, you can specify that the response include attributes other than serviceBundle and class, and you can specify more than value for the RADIUS class attribute.

To authenticate subscribers through RADIUS at portal login:

  1. Create a RADIUS authorization plug-in to authenticate subscriber sessions.
  2. Configure the RADIUS authorization plug-in to specify:

For example, you could create a RADIUS authorization plug-in to:

By default, the flexible RADIUS authentication plug-in defines this attribute as:

RadiusPacket.stdAuth.userresp.vendor-specific.Juniper.Service-Bundle =
setLoadServices

For more information about RADIUS authentication plug-ins, see Chapter 8, Overview of Plug-Ins Included with the SAE.

Customizing How the Sample Residential Portal Handles Unrecognized IP Subscribers

By default, the sample residential portal sends unrecognized IP subscribers to a login page rather than to an error page.

To customize how unrecognized IP subscribers are handled:


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]