Table of Contents

About This Guide
Objectives
Audience
Documentation Conventions
Related Juniper Networks Documentation
Obtaining Documentation
Documentation Feedback
Requesting Support
Overview of Subscribers and Subscriptions on a C-series Platform
Overview of Subscribers
Overview of Subscriptions
Enterprise Subscriber and Subscription Hierarchy
Enterprise Subscription Hierarchy
Overview of Managers
Read Privileges
Management Privileges
Managers That Control All Retailers
Overview of Subscribers and Subscriptions on a Solaris Platform
Overview of Subscribers
Overview of Subscriptions
Enterprise Subscriber and Subscription Hierarchy
Enterprise Subscription Hierarchy
Overview of Operators
Operator Read Privileges
Operator Management Privileges
Subscriber Logins and Service Activation
Overview of Login Events and Processes
Login Events
Summary of the Login Process
Residential Subscriber Login and Processes
PPP Subscriber Login and Service Activation
Web Login for PPP Subscribers
PPP Login Interactions
PPP Logout Interactions
DHCP Subscriber Login and Service Activation
Interface Startup
Initial Login
Initial DHCP Login Interactions
DHCP Login to Subscriber Account Interactions
Persistent DHCP Subscriber Login Interactions
DHCP Subscriber Logout Interactions
Static IP Subscribers
Single PC, IP Address Known
Subscriber IP Address Not Known
Enterprise Subscriber Login Process
Interface Startup
Subscriptions and Activations
Subscription Activation Interactions
Subscription Deactivation Interactions
Automatic Activation at Login
Enterprise-Specific Remote Session Activation
Configuring Subscriber-Related Properties on the SAE with the SRC CLI
Configuring the Length of Time MAC Addresses Remain in SAE Cache
Identifying a Profile for Unauthenticated Subscribers
Configuring Interim Accounting for Services and Subscribers
Avoiding Overcharges for Sessions That Time Out
Allowing Multiple Logins from the Same IP Address
Authenticating Registered Username/Password Pairs
Configuring Timers for Session Reactivation
Configuring Subscriber-Related Properties on the SAE on a Solaris Platform
Overview
Configuring the Length of Time MAC Addresses Remain in SAE Cache
Max Cache Expiration Time Field
Identifying a Profile for Unauthenticated Subscribers
Unauthenticated User DN Field
Configuring Interim Accounting for Services and Subscribers
Interim Accounting Fields
Avoiding Overcharges for Sessions That Time Out
Idle Timeout Field
Allowing Multiple Logins from the Same IP Address
Allow Same IP Login Field
Authenticating Registered Username/Password Pairs
Login Registration Field
Configuring Timers for Session Reactivation
Background Service Activation Fields
Modifying the SAE Property File
Editing Properties with SDX Admin
Editing Properties with a Text Editor
Loading Subscriptions Based on RADIUS Authorization
Accepting Login Names with Different Formats
Default Login Parser Properties
Classifying Interfaces and Subscribers with the SRC CLI
Overview of Classification Scripts
How Classification Scripts Work
Interface Classification Scripts
Subscriber Classification Scripts
DHCP Classification Scripts
Overview of Configuring Classification Scripts
Subscriber Classifiers
DHCP Classifiers
Interface Classifiers
Classification Targets
Target Expressions
Classification Conditions
Glob Matching
Regular Expression Matching
Classifying Interfaces
Interface Classification Conditions
Example: Managing Interfaces for Premium and Basic PPP and DHCP Subscribers
Example: Managing Specific Interfaces
Classifying Subscribers
Subscriber Classification Conditions
Sending DHCP Options to the JUNOSe Router
Subscriber Classification Targets
Example: Subscriber Classification Scripts for Static IP Subscriber
Example: Subscriber Classification Scripts Using a Subscriber Group
Example: Subscriber Classification Scripts for Enterprise Subscribers
Matching on the Interface Name
Matching on the Interface Alias
Example: Creating Router Interface Subscriber Session
Example: Activating Services for a Group of Subscriber Sessions
Classifying DHCP Subscribers
DHCP Classification Conditions
DHCP Classification Targets
Selecting DHCP Parameters
Setting DHCP Parameters with DHCP Options
Creating DHCP Profiles
Classifying Interfaces and Subscribers on a Solaris Platform
Overview of Classification Scripts
How Classification Scripts Work
Interface Classification Scripts
Subscriber Classification Scripts
DHCP Classification Scripts
Configuring Classification Scripts
Classification Targets
Target Expressions
Classification Criteria
Glob Matching
Regular Expression Matching
Configuring Targets in Structured View
Configuring Criteria in Structured View
Configuring Targets and Criteria in Raw View
Testing Subscriber and Interface Classification Scripts
Classifying Interfaces
Selecting Interface Classification Criteria
Configuring Interface Classification Targets
Example: Managing Interfaces for Premium and Basic PPP and DHCP Subscribers
Example: Managing Specific Interfaces
Example: Managing Interfaces by Using the Interface Description
Classifying Subscribers
Selecting Subscriber Classification Criteria
Sending DHCP Options to the JUNOSe Router
Configuring Subscriber Classification Targets
Example: Subscriber Classification Scripts for Static IP Subscriber
Example: Subscriber Classification Scripts Using a Subscriber Group
Example: Subscriber Classification Scripts for Enterprise Subscribers
Matching on the Interface Name
Matching on the Interface Alias
Example: Subscriber Classification Scripts For a Wholesaler/Retailer Scenario
Example: Creating Router Interface Subscriber Session
Example: Activating Services for a Group of Subscriber Sessions
Classifying DHCP Subscribers
Selecting DHCP Classification Criteria
Configuring DHCP Classification Targets
Selecting DHCP Parameters
Setting DHCP Parameters with DHCP Options
Creating DHCP Profiles
Overview of Plug-Ins Included with the SAE
How Internal Plug-Ins Work
Plug-In Pool
Event Publishers
Types of Internal Plug-Ins
Authorization Plug-Ins
Tracking Plug-Ins
Customizing RADIUS Packets with Plug-Ins
Assigning DHCP Addresses to Subscribers
Creating and Tracking Subscriber Sessions
Activating and Tracking Service Sessions
Configuring Internal, External, and Synchronization Plug-Ins with the SRC CLI
Configuring Internal Plug-Ins
Configuring the SAE for External Plug-Ins
Configuring the State Synchronization Plug-In Interface
Overview of Configuring Plug-Ins for Solaris Platforms
Configuring Plug-Ins with SDX Configuration Editor
Accessing the Plug-In Configuration
Creating Plug-In Instances
Configuring Internal Plug-Ins
Configuring the SAE for External Plug-Ins
Configuring the State Synchronization Plug-In Interface
Configuring Plug-Ins with SDX Admin
Configuring External Plug-Ins
Configuring Internal and Hosted Plug-Ins
Defining RADIUS Packets
Setting Up the Plug-In Instance to Use a Template
Configuring Event Publishers
Example: LDAP Authentication Plug-In
Example: Basic RADIUS Accounting Plug-In
Configuring Authorization and Accounting Plug-Ins with SDX Configuration Editor
Configuring Tracking Plug-Ins
Configuring Flat File Accounting Plug-Ins
Configuring Headers for Flat File Accounting Plug-Ins
Configuring Basic RADIUS Accounting Plug-Ins
Configuring Flexible RADIUS Accounting Plug-Ins
Configuring Custom RADIUS Accounting-Plug-Ins
Configuring Authorization Plug-Ins
Limiting Subscribers on Router Interfaces
Configuring Basic RADIUS Authentication Plug-Ins
Configuring Flexible RADIUS Authentication Plug-Ins
Configuring Custom RADIUS Authentication Plug-Ins
Configuring LDAP Authentication Plug-Ins
Using RADIUS Plug-In Fields
Configuring UDP Ports for RADIUS Plug-Ins
Configuring Global UDP Ports
Global RADIUS UDP Port Field
Creating RADIUS Peers
Defining RADIUS Packets for Flexible RADIUS Plug-Ins with SDX Configuration Editor
Creating and Using RADIUS Templates
Configuring RADIUS Attributes
More About Using Flexible RADIUS Packet Definitions
Setting Values in Authentication Response Packets
Selecting IP Address Pools Using DHCP Response Packets
Configuring Event Publishers
Configuring Global and Default Retailer Event Publishers
Configuring Service-Specific Event Publishers
Configuring Retailer-Specific Event Publishers
Configuring Virtual Router-Specific Event Publishers
Configuring Accounting and Authentication Plug-Ins with the SRC CLI
Creating RADIUS Peers
Related Information
Configuring Tracking Plug-Ins
Configuring Flat File Accounting Plug-Ins
Related Information
Configuring Headers for Flat File Accounting Plug-Ins
Configuring Basic RADIUS Accounting Plug-Ins
Related Information
Configuring Flexible RADIUS Accounting Plug-Ins
Related Information
Configuring Custom RADIUS Accounting-Plug-Ins
Related Information
Configuring Authentication Plug-Ins
Limiting Subscribers on Router Interfaces
Configuring Basic RADIUS Authentication Plug-Ins
Related Information
Configuring Flexible RADIUS Authentication Plug-Ins
Related Information
Configuring Custom RADIUS Authentication Plug-Ins
Related Information
Configuring LDAP Authentication Plug-Ins
Related Information
Configuring UDP Ports for RADIUS Plug-Ins
Configuring Global UDP Ports
Defining RADIUS Packets for Flexible RADIUS Plug-Ins with the SRC CLI
Using Default RADIUS Templates
Naming RADIUS Attribute Instances
Defining RADIUS Attributes
Standard RADIUS Attributes
Juniper Networks VSAs
Defining the Values of RADIUS Attributes
Configuring a RADIUS Packet Template
More About Using Flexible RADIUS Packet Definitions
Setting Values in Authentication Response Packets
Selecting IP Address Pools Using DHCP Response Packets
Configuring Event Publishers
Configuring Global and Default Retailer Event Publishers
Related Information
Configuring Service-Specific Event Publishers
Configuring Retailer-Specific Event Publishers
Configuring Virtual Router-Specific Event Publishers
Configuring Subscribers and Subscriptions with SDX Admin
Overview of Configuring Subscribers and Subscriptions
LDAP Model for Subscribers
Subscriptions
Specifying the Activation Order for Subscriptions
LDAP Model for Subscriptions
Operators
Read Privileges
Management Privileges
Operators That Control All Retailers
LDAP Model for Operators
Tools for Adding Subscribers and Subscriptions
Inheritance of Properties and Subscriptions
Encryption Methods for Passwords
Adding Subscribers
Adding Retailers
Retailer Fields
Assigning Service Scopes
Adding Subscriber Folders
Subscriber Folder Fields
Adding Residential Subscribers
Residential Subscriber Fields
Adding Enterprises
Enterprise Fields
Adding Sites
Site Fields
Adding Routers as Subscribers
Router Subscriber Fields
Adding Operators
Operator Fields
Configuring Subscriptions
Configuring Subscriptions to Value-Added Services
Value-Added Subscription Fields
Allowing Multiple Subscriptions per Subscriber
Configuring Subscriptions to Outsourced Services
Outsource Service Subscription Fields
Configuring Access Subscriptions
Access Subscription Fields
Configuring RADIUS Subscriptions
RADIUS Subscription Fields
Configuring Substitutions for Subscriptions
Adding Substitutions
Substitutions to a Transmission Rate for a Scheduled Action
Modifying Substitutions
Validating Substitutions
Deleting Substitutions
Modifying and Deleting Subscribers and Subscriptions
Configuring Subscribers and Subscriptions with the SRC CLI
Overview of Configuring Subscribers and Subscriptions
Specifying the Activation Order for Subscriptions
Inheritance of Properties and Subscriptions
Enabling the Subscriber and Subscription Configuration on the SRC CLI
Adding Subscribers
Adding Retailers
Configuring Administrative Information for Retailers
Adding Subscriber Folders
Adding Residential Subscribers
Configuring Administrative Information for Residential Subscribers
Adding Enterprises
Configuring Administrative Information for Enterprise Subscribers
Adding Sites
Adding Devices as Subscribers
Adding Managers
Configuring Subscriptions
Allowing Multiple Subscriptions per Subscriber
Configuring Accesses
Overview of the Residential Portal
How Subscribers Use a Residential Portal
Overview of a Residential Portal
Subscriptions to Services
Service Schedules in a Residential Portal
Equipment Registration for DHCP Login
Overview of the Sample Residential Portal
Web Application Architecture
Model Components
View Components
Control Components
Behaviors for the Sample Residential Portal
Installing and Configuring the Sample Residential Portal
Before You Install and Configure the Sample Residential Portal
Configuring Equipment Registration Behavior
Configuring ISP Service Behavior
Configuring Cable Behavior
Authenticating Subscribers Through RADIUS
Customizing How the Sample Residential Portal Handles Unrecognized IP Subscribers
Overview of Configuration Files for the Sample Residential Portal
WEB-INF/portalBehavior.properties
WEB-INF/struts-config.xml
WEB-INF/tiles-defs.xml
Installing the Sample Residential Portal
Preparing the Application for Customization
Configuring the Sample Residential Portal
Deploying the Updated WAR File
Testing a Portal Application
Removing Access to the Sample Residential Portal
How Subscribers Use the Sample Residential Portal
Overview of the Sample Residential Portal
Before You Use the Sample Residential Portal
Logging In to the Sample Residential Portal Using a Simulated User Profile
Logging In to the Sample Residential Portal
Managing Services from the Sample Residential Portal
Starting and Stopping Services
Getting Usage Information
Setting Up the Type of Service Activation
Setting Up Service Schedules
Specifying Values for Times
Setting Times
Setting Actions
Subscribing to Services
Registering Equipment for DHCP Login
Disabling Equipment Registration
Logging Out of the Sample Residential Portal
Using the Sample Residential Portal from PDAs
Developing a Residential Portal
Before You Develop a Residential Portal
Development Tools to Create a Residential Portal
Virtual IP Address for Policies
Configuring a Virtual Portal Address with SDX Configuration Editor
Virtual Portal Address Field
Redirecting Traffic to a Captive Portal Web Page
Sequence for Redirecting Traffic
Configuring the SRC Software in a Multihop Environment
Managing Security for Public Wireless LAN Applications
Developing a Portal Based on the Sample Residential Portal
Preparing to Develop a Portal Based on the Sample Residential Portal
Creating a Portal Project
Building the Portal
Deploying the Portal
Testing a Portal Application
Redirecting Subscriber Traffic
Overview of Traffic Redirection
Proxy Request Management
HTTP Proxy and DNS
Redirect Server Redundancy
Before You Configure Redundancy for the Redirect Server
Protection Against Denial-of-Service Attacks
Configuring Traffic Redirection with the SRC CLI
Configuration Statements for the Redirect Server
Before You Configure the Redirect Server on a C-Series System
Configuring the Redirect Server
Configuring General Properties for the Redirect Server
Configuring a Connection Between the Redirect Server and the Directory
Defining Traffic to Transmit to the Redirect Server
Changing The Number of Requests That the Redirect Server Accepts
Specifying Extensions for Files that the Redirect Server Accepts
Verifying Configuration for the Redirect Server
Configuring the DNS Server for the Redirect Server
Configuring the Redirect Server to Support HTTP Proxies
Configuring a Redundant Redirect Server
Configuring Logging for the Redirect Server
Changing the Configuration for the Redirect Server
Assessing Load for Redirect Server
Configuring Traffic Redirection on a Solaris Platform
Installing the Redirect Server
Configuration Overview for Redirect Server
Configuring IP Filter
Example: Creating a Rule to Redirect Traffic to a Different Port Number
Example: Creating a Rule to Redirect Unauthorized Traffic
Configuring Redirect Server from the redir.properties File
Configuration Properties for the Redirect Server
Configuring Logging for Redirect Server
Changing the Configuration for Redirect Server
Reviewing and Configuring Policies and Services for Enterprise Manager Portal
Overview of Services for Enterprise Manager Portal
Directory Structure
Priorities for Subscriptions
Before You Configure Services for Enterprise Manager Portal
Configuring Firewall Policies and Services for Enterprise Manager Portal
Overview of Basic Firewall Services and Policies
Tasks to Configure Firewall Policies and Services
Configuring Basic Firewall Policies
Configuring Basic Firewall Services
Reviewing the fwrule Policy Group for Exceptions to Stateful Firewalls
Reviewing the FirewallRule Service for Exceptions to Stateful Firewalls
Reviewing Services for Exceptions to Stateless Firewalls
Parameter Values Used by Services for Exceptions to Stateless Firewalls
Planning Services for Custom Firewall Exceptions
Configuring Policies for Custom Firewall Exceptions
Configuring Services for Custom Firewall Exceptions
Configuring Priorities for Stateless or Stateful Firewall Services
Configuring Priorities to Have Enterprise Services Work Together
Configuring Global Priority Ranges from Policy Editor
Configuring Global Priority Ranges from SDX Admin
Configuring Priorities for Individual Scopes by Defining Them in Services
Using Stateless Firewall and BoD Applications Together
Configuring NAT Policies and Services for Enterprise Manager Portal
Configuring the dynsrcnat Policy Group
Reviewing the DynSrcNat Service
Configuring the staticdstnat Policy Group
Configuring the StaticDstNat Service
Configuring the staticsrcnat Policy Group
Configuring the StaticSrcNat Service
Configuring Bandwidth Policies and Services for Enterprise Manager Portal
Parameter Values Used by BoD Services
Bandwidth Policies for Different Routing Platforms
Configuring Basic BoD Policies
Configuring Basic BoD Services
Configuring BoD Policies
Configuring BoD Services
Using BoD Services to Assign Traffic to Bandwidth Categories
Using BoD and Basic BoD Services Together to Supply Class of Service
Setting Up Forwarding Preferences—Example 1
Setting Up Forwarding Preferences—Example 2
Enabling Schedules for Subscriptions for Enterprise Manager Portal
Configuring VPNs for Enterprise Manager Portal
Before You Configure VPN Policies and Services
Configuring Policies for BoD Traffic Destined for VPNs
Configuring Services for BoD Traffic Destined for VPNs
Billing Subscribers Through SCU/DCU for JUNOS Routing Platforms
Adding VPNs from JUNOS Routing Platforms with the SRC CLI
Before You Add a JUNOS VPN to the SRC Configuration
Configuring VPNs to Integrate into an SRC Network
Configuration Statements for Adding VPNs and Extranet Clients
Adding VPNs for Retailers and Enterprises
Verifying and Updating Configuration of Extranets for VPNs
Adding VPNs from JUNOS Routing Platforms
Overview of VPNs in the SRC Network
Implementing a Routing Scheme for VPNs
Configuring VPNs to Integrate into an SRC Network
Adding VPNs with a Data Integrator
Adding VPNs with SDX Admin
VPN Fields
Modifying VPNs
Adding Extranet Clients to VPNs
Removing Extranet Clients
Locating and Removing Inactive Subscriptions to a VPN
Deleting VPNs from the Directory
Overview of Enterprise Service Portals
Function of Enterprise Service Portals
Consistency of Data in the Directory
Privileges of IT Managers
Developing and Customizing Enterprise Service Portals
Identifying the SAE
Enterprise Service Portals Provided with the SRC Software
Sample Enterprise Service Portal
Enterprise Manager Portal
NAT Address Management Portal
Enterprise Service Portal Audit Plug-In
Network Information Collector with Enterprise Service Portals
Service Parameters
Substitutions and the Parameter Acquisition Path
Power of Substitutions
Substituting Values for Policy Parameters
Managing Subscriptions to Aggregate Services
Configuring Your Web Browser to Use an Enterprise Service Portal
Accessing Enterprise Service Portals
Planning Deployment for Enterprise Service Portals
Architecture of Enterprise Service Portals
Elements for an Enterprise Service Portal
Communication Protocols
Deployment Scenario for an Enterprise Service Portal
Deciding Which Enterprise Service Portal to Use
Planning Number of Instances of an Enterprise Service Portal
Planning Namespace Hierarchy for an Enterprise Service Portal
Installing and Configuring Enterprise Service Portals
Before You Install an Enterprise Service Portal
Installing Enterprise Service Portals
Preparing the Web Applications for Customization
Configuring Connections to the Directory
Initialization Properties for Enterprise Service Portals
Configuring Deployment Settings for Enterprise Manager Portal
Deployment Properties for Enterprise Manager Portal
Deploying the Enterprise Service Portals
Configuring the URL for an Enterprise Service Portal
Writing an Application to Allow a Machine to Provide Public IP Addresses for NAT
Configuring an Enterprise Service Portal
Accessing the Configuration Files
Configuring Connections to the Subscriber Directory
Configuring Connections to the Service Directory on Solaris Platforms
Configuring Search Bases for Each Directory
Configuring the Logging Properties
Configuring a NIC Proxy
Configuring Directory Eventing for SAE Identification
Exporting the Configuration to the Directory
Configuring an Enterprise Service Portal Audit Plug-In
Overview of Configuration for an Enterprise Service Portal Audit Plug-In
Configuring the Sample Enterprise Service Portal Audit Plug-In
Configuring a Customized Enterprise Service Portal Audit Plug-In
Managing Enterprise Service Portals
Displaying Information About Your Control in the Enterprise
Updating Data That the Enterprise Service Portal Displays
Managing Operators
Creating Managers
Managers Fields
Modifying Managers
Deleting Managers
Managing Services with Enterprise Manager Portal
Overview of Enterprise Manager Portal
Getting Help on Enterprise Manager Portal
Setting the Configuration Level for Enterprise Manager Portal
Managing Schedules
Creating a Schedule
Applying a Schedule to a Service
Disabling a Schedule for a Service
Changing Schedules
Managing Subscriptions to Bandwidth-on-Demand Services
Planning Subscriptions to BoD Services
Creating a Subscription to BoD Services
Setting a Bandwidth Level
Adding Subscriptions to BoD Services
Modifying Rules for a Subscription to a BoD Service
Modifying the Bandwidth Level
Moving the Bandwidth Level
Deleting a Subscription for a BoD Service
Deleting the Bandwidth Level
Monitoring Use of Subscriptions to BoD Services
Integrating VPNs into an SRC Network
Modifying Subscriber VPN Configuration
Creating Extranets
Deleting Extranets
Sending Traffic to a VPN
Modifying the VPN to Which the Router Sends Traffic
Stopping the Router from Sending Traffic to VPNs
Classifying Traffic for Stateful Firewall Exceptions and NAT Rules
Classifying Traffic
Modifying Values for Traffic Classifications
Deleting Traffic Classifications
Subscribing to Firewall Services
Before You Configure Firewall Exception Rules
Creating Subscriptions to Firewall Services
Creating Firewall Exceptions for Stateless Firewalls
Creating Firewall Exceptions for Stateful Firewalls
Adding a Schedule to a Firewall Exception
Modifying Firewall Exceptions
Deleting Firewall Exceptions
Deleting Basic Firewalls
Monitoring the Use of Subscriptions to Firewall Services
Working with IP Addressing and NAT Services
Requesting Public IP Addresses for NAT Services
Canceling Requests for Public IP Addresses
Returning Public IP Addresses to Service Providers
Applying NAT Rules to Traffic
Configuring Public IP Addresses for Outgoing Traffic
Configuring Public IP Addresses for Incoming Traffic
Configuring Fixed Public Addresses for Outgoing Traffic
Modifying NAT Rules
Deleting NAT Rules
Monitoring the Status of Subscriptions
Troubleshooting Subscriptions That Are Not Functioning Correctly
Troubleshooting Subscriptions of Unknown Status
Using NAT Address Management Portal
Overview of NAT Address Management Portal
Assigning IP Addresses
Acknowledging the Release of IP Addresses
Using the Sample Enterprise Service Portal
Overview of the Sample Enterprise Service Portal
Starting the Sample Enterprise Service Portal
Subscribing to Services
Activating Subscriptions
Deactivating Subscriptions
Suspending Subscriptions
Canceling Suspensions of Subscriptions
Monitoring Use of Subscriptions
Specifying Values for Service Parameters in Subscriptions
Restoring Default Values for Service Parameters In Subscriptions
Deleting Subscriptions
Monitoring Service Sessions for a Subscription
Defining Networks for Departments in an Enterprise
Modifying Network Definitions for Departments in an Enterprise
Deleting Network Definitions for Departments in an Enterprise
Developing an Enterprise Service Portal
Developing a Portal Based on the Sample Enterprise Service Portal
Preparing to Develop a Sample-Based Enterprise Service Portal
Creating a Portal Project for a Sample-Based Enterprise Service Portal
Building a Sample-Based Enterprise Service Portal
Deploying a Sample-Based Enterprise Service Portal
Testing a Sample-Based Enterprise Service Portal
Using a Virtual Address for the Portal
Index