[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring CoA Script Services

To support CoA message exchange in an SRC network, configure a script service that can be activated on a third-party device. The script service defines the parameters needed to activate or deactivate services for a subscriber session, such as the address of the third-party device. This script service is activated for the subscriber session whose services are activated or deactivated. For detailed information about configuring script services, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.

When you use the CoA script service with third-party devices that do not notify the SAE about subscriber events, you must set up the Monitoring Agent application to handle RADIUS accounting request packets.

For information about configuring services on the third-party device, see the device's software documentation.

The tasks to set up the SRC software for CoA message exchange are:

The SRC software includes a sample script service that you can configure to exchange CoA messages with the third-party device. You can use the sample service definition and customize it for your environment by modifying the service substitutions. For information about the sample CoA script service, see
Example: Using the Sample CoA Script Service.

Configuring Monitoring Agent to Receive RADIUS Accounting Messages

If you install the Monitoring Agent application on the same host as the RADIUS server, you must disable the MonAgent.radius.server property.

You can configure Monitoring Agent to act as a pseudo-RADIUS server that listens for RADIUS accounting packets sent to the RADIUS accounting port. To receive RADIUS packets from RADIUS clients:

For information about installing and using Monitoring Agent, see the SRC Sample Applications Guide.

Creating the CoA Script Service with the SRC CLI

To create the script service:

  1. From configuration mode, enter the service configuration. In this sample procedure, the service is configured in the global service scope, and CoAservice is the name of the service.
  2. user@host# edit services global service CoAservice 
    
    
    
  3. Configure the type of service.
  4. [edit services global service CoAservice]
    
    user@host# set type script 
    
    
    
  5. (Optional) Specify whether the service is visible only to administrators who have permission to see secret information.
  6. [edit services global service CoAservice]
    
    user@host# set secret
    
    
    
  7. Configure URL as the type of script that the sample CoA script service uses.
  8. [edit services global service CoAservice]
    
    user@host# set script script-type url 
    
    
    
  9. Configure net.juniper.smgt.sae.coa.CoaService as the name of the class that implements the script service.
  10. [edit services global service CoAservice]
    
    user@host# set script class-name net.juniper.smgt.sae.coa.CoaService 
    
    
    
  11. Configure the URL of the script service or the path and filename of the service. Copy the /lib/coa.jar file used by the script service to a location that is accessible by a URL (such as an FTP or HTTP server). In this sample procedure, the coa.jar file was copied to the /opt/UMC/sae/var/run directory.
  12. [edit services global service CoAservice]
    
    user@host# set file file:///opt/UMC/sae/var/run/coa.jar 
    
    
    
  13. (Optional) Verify your configuration.
  14. [edit services global service CoAservice]
    
    user@host# show 
    
    type script;
    
    status active;
    
    available;
    
    script { 
    
      script-type url;
    
      class-name net.juniper.smgt.sae.coa.CoaService;
    
      file file:///opt/UMC/sae/var/run/coa.jar;
    
    }
    
    
    

After you create the script service, you need to configure parameters for the script service. For more information about configuring script services and parameters, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.

Configuring the CoA Script Service with the SRC CLI

To configure the script service, you provide parameter substitutions with the values that are in the service definitions.

To configure parameters:

  1. From configuration mode, enter the service parameter configuration. In this sample procedure, the service called CoAservice is configured in the global service scope.
  2. user@host# edit services global service CoAservice parameter 
    
    
    
  3. (Optional) Configure actual values for other parameters.
  4. [edit services global service CoAservice parameter]
    
    user@host# set substitution [substitution...] 
    
    
    

Table 8 lists the parameters specified by the sample CoA script service, which is the /SDK/scriptServices/coa/ldif/BOD1M.ldif file in the SRC software distribution. You can use the sample script service as a starting point.




Table 8: Parameter Substitutions for CoA Services 
Parameter Name
Description

dynClientIp

IP address of the third-party device.

dynClientPort

UDP port number of the third-party device.

dynSecret

Shared secret between RADIUS server and RADIUS client.

dynRetry

Number of retries for sending CoA messages when no RADIUS response is received. The retry interval is 3 seconds.

dynConfig

Content of service definition in the format <action>. <radiusAttributeName>=<pluginEventAttribute>\n

  • action—Action that is executed on packet content (attribute):
  • start
  • stop
  • start-stop
  • svcstart
  • svcstop
  • radiusAttributeName—Valid RADIUS attribute specified as follows:
  • Standard RADIUS attribute name or number
  • Third-party VSA in the format vendor-specific.<vendor#>.<vsa#>.string
  • pluginEventAttribute—Valid expression in the format:
  • Python expression
  • <commandCode><serviceName>; the entire expression must be enclosed in single quotation marks and you must use three backslashes (\\\) to escape the backslash that starts a <commandCode> For example: \x0b would be replaced by \\\\x0b
  • \n—New-line character included between the lines of a configuration containing multiple lines; the entire configuration must be enclosed in quotation marks.

For example:

start-stop.Acct-Session-Id = ifSessionId

"start-stop.Acct-Session-Id=ifSessionId\nsvcstart.vendor-specific.9. 252.string='\\\\x0bBOD1M'\nsvcstop.vendor-specific.9.252.string= '\\\\x0cBOD1M'\n"

You can also configure dynamic RADIUS requests with the sendDynamicRadius method of the ServiceSessionInfo interface (see Defining RADIUS Attributes for CoA Requests with the API).

For detailed information about configuring services, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.

Configuring Subscriptions to the CoA Script Service

You need to configure subscriptions to the CoA script service. You can set up the subscriptions to activate immediately on login.

For more information, see SRC-PE Subscribers and Subscriptions Guide, Chapter 12, Configuring Subscribers and Subscriptions with the SRC CLI.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]