Configuring CoA Script Services
To support CoA message exchange in an SRC network, configure a script service that can be activated on a third-party device. The script service defines the parameters needed to activate or deactivate services for a subscriber session, such as the address of the third-party device. This script service is activated for the subscriber session whose services are activated or deactivated. For detailed information about configuring script services, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.
When you use the CoA script service with third-party devices that do not notify the SAE about subscriber events, you must set up the Monitoring Agent application to handle RADIUS accounting request packets.
For information about configuring services on the third-party device, see the device's software documentation.
The tasks to set up the SRC software for CoA message exchange are:
- Configuring Monitoring Agent to Receive RADIUS Accounting Messages
- Creating the CoA Script Service with the SRC CLI
- Configuring the CoA Script Service with the SRC CLI
- Configuring Subscriptions to the CoA Script Service
The SRC software includes a sample script service that you can configure to exchange CoA messages with the third-party device. You can use the sample service definition and customize it for your environment by modifying the service substitutions. For information about the sample CoA script service, see
Example: Using the Sample CoA Script Service.Configuring Monitoring Agent to Receive RADIUS Accounting Messages
If you install the Monitoring Agent application on the same host as the RADIUS server, you must disable the MonAgent.radius.server property.
You can configure Monitoring Agent to act as a pseudo-RADIUS server that listens for RADIUS accounting packets sent to the RADIUS accounting port. To receive RADIUS packets from RADIUS clients:
- Make sure there is no other RADIUS server listening on the RADIUS accounting port, and enable the MonAgent.radius.server property.
- Configure the shared secret between the RADIUS server and the RADIUS client by specifying the MonAgent.radius.secret.<IP address> property.
For information about installing and using Monitoring Agent, see the SRC Sample Applications Guide.
Creating the CoA Script Service with the SRC CLI
- From configuration mode, enter the service configuration. In this sample procedure, the service is configured in the global service scope, and CoAservice is the name of the service.
user@host#edit services global service CoAservice
- Configure the type of service.
[edit services global service CoAservice]user@host#set type script
- (Optional) Specify whether the service is visible only to administrators who have permission to see secret information.
[edit services global service CoAservice]user@host#set secret
- Configure URL as the type of script that the sample CoA script service uses.
[edit services global service CoAservice]user@host#set script script-type url
- Configure net.juniper.smgt.sae.coa.CoaService as the name of the class that implements the script service.
[edit services global service CoAservice]user@host#set script class-name net.juniper.smgt.sae.coa.CoaService
- Configure the URL of the script service or the path and filename of the service. Copy the /lib/coa.jar file used by the script service to a location that is accessible by a URL (such as an FTP or HTTP server). In this sample procedure, the coa.jar file was copied to the /opt/UMC/sae/var/run directory.
[edit services global service CoAservice]user@host#set file file:///opt/UMC/sae/var/run/coa.jar
- (Optional) Verify your configuration.
[edit services global service CoAservice]user@host#show
type script;status active;available;script {script-type url;class-name net.juniper.smgt.sae.coa.CoaService;file file:///opt/UMC/sae/var/run/coa.jar;}After you create the script service, you need to configure parameters for the script service. For more information about configuring script services and parameters, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.
Configuring the CoA Script Service with the SRC CLI
To configure the script service, you provide parameter substitutions with the values that are in the service definitions.
- From configuration mode, enter the service parameter configuration. In this sample procedure, the service called CoAservice is configured in the global service scope.
user@host#edit services global service CoAservice parameter
- (Optional) Configure actual values for other parameters.
[edit services global service CoAservice parameter]user@host#set substitution
[substitution...
]Table 8 lists the parameters specified by the sample CoA script service, which is the /SDK/scriptServices/coa/ldif/BOD1M.ldif file in the SRC software distribution. You can use the sample script service as a starting point.
You can also configure dynamic RADIUS requests with the sendDynamicRadius method of the ServiceSessionInfo interface (see Defining RADIUS Attributes for CoA Requests with the API).
For detailed information about configuring services, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.
Configuring Subscriptions to the CoA Script Service
You need to configure subscriptions to the CoA script service. You can set up the subscriptions to activate immediately on login.
For more information, see SRC-PE Subscribers and Subscriptions Guide, Chapter 12, Configuring Subscribers and Subscriptions with the SRC CLI.