[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring Subscriber Access for a Wireless Location

Tasks to use the SAE to manage a wireless access point that participates in a roaming agreement are:

  1. Configuring RADIUS Authentication
  2. Creating Subscriber Access to an ISP
  3. Creating Web Access
  4. Setting Idle Timeout Options for the SAE

Configuring RADIUS Authentication

You configure RADIUS authentication for users who connect from a wireless location, and set up RADIUS authentication to support a roaming environment between wireless Internet service providers. You can use the Flexible RADIUS Authentication plug-in that is provided with the SRC software, or you can create a custom RADIUS authentication plug-in.

Configuring a Custom RADIUS Authentication Plug-In

If you create a custom plug-in, be sure that it supports the same RADIUS attributes as those configured for the flexible RADIUS authentication plug-in. See Configuring the Flexible RADIUS Authentication Plug-In.

For information about creating a custom plug-in, see SAE CORBA Plug-In Service Provider Interface (SPI) in the SRC software distribution in the folder SDK/doc/idl or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx/api-index.html

Configuring the Flexible RADIUS Authentication Plug-In

The default flexible RADIUS authentication plug-in, flexRadiusAuth, provides support for RADIUS vendor-specific attributes for WISPr, which are listed in the following procedure. These attributes use the IANA private enterprise number 14122 assigned to the Wi-FI Alliance. For more information about these attributes, see

http://www.wi-fialliance.org/opensection/wispr.asp

You should be familiar with the general procedure for configuring the flexible RADIUS authentication plug-in before configuring it to include the WISPr attributes. For information about configuring the flexible RADIUS authentication plug-in, see SRC-PE Subscribers and Subscriptions Guide, Chapter 11, Configuring Accounting and Authentication Plug-Ins with the SRC CLI.

When you configure the plug-in, you can use the following standard attribute values to set values in authentication response packets:

Examples in the following procedure show how you can use these attribute values.

To configure the plug-in to support a roaming environment:

  1. Configure attributes.

This attribute can be an interface description (ifAlias) or other value that identifies the JUNOSe interface to which the wireless access point connects.

For example:

vendor-specific.WISPr.Redirection-URL=setProperty("startURL=%s" % 
ATTR)

The default configuration sets a session property named startURL.

For example:

vendor-specific.WISPr.Bandwidth-Max-Up=setSubstitution("max_up_rate=
%s" % ATTR)

For example:

vendor-specific.WISPr.Bandwidth-Max-Down=setSubstitution("max_down_r
ate=%s" % \  ATTR)

For example:

vendor-specific.WISPr.Session-Terminate-Time=setTerminateTime(ATTR)

If the operator of the wireless location does not support daily billing, do not configure this attribute, and remove it if present.

  1. For each attribute that you configure, configure the packet type to which the attribute applies. Table 6 shows the packet types associated with each attribute.
  2. 
    
    
    
    Table 6: Packet Types for RADIUS Attributes 
    RADIUS Attribute
    Associated RADIUS Packet Definition

    vendor-specific.WISPr.Location-ID

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Location-ID

    vendor-specific.WISPr.Redirection-URL

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Redirection-URL

    vendor-specific.WISPr.Logoff-URL

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Logoff-URL

    vendor-specific.WISPr.Bandwidth-Max-Up

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Bandwidth-Max-Up

    vendor-specific.WISPr.Maximum-Max-Down

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Maximum-Max-Down

    vendor-specific.WISPr.Location-Name

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Location-Name

    vendor-specific.WISPr.Session-Terminate-Time

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Session-Terminate-Time

    vendor-specific.WISPr.Session-Terminate-End-Of-Day

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Session-Terminate-End-Of-Day

    vendor-specific.WISPr.Billing-Class-Of-Service

    RadiusPacket.stdAuth.auth.vendor-specific.WISPr.Billing-Class-Of-Service

Creating Subscriber Access to an ISP

Configure a service that lets subscribers connect to an ISP through a captive portal, a single Web page to which subscribers connect. The policies associated with the service should specify a JUNOS policing or JUNOSe rate-limiting policy to set the maximum bandwidth at which:

When you configure the policies, define the bandwidth values as parameters so that the policies can be applied across a number of subscribers.

To configure a service to access the ISP:

  1. Create the SRC service to use RADIUS authentication.

See SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI.

  1. Create a policy group the sets the maximum bandwidth at which a subscriber can send traffic, and the maximum bandwidth at which a subscriber can receive traffic. Use parameters to set these values.

To configure policies with Policy Editor, see SRC-PE Services and Policies Guide, Chapter 11, Configuring and Managing Policies with Policy Editor and SRC-PE Services and Policies Guide, Chapter 14, Defining and Acquiring Values for Parameters.

To configure policies with the SRC CLI, see SRC-PE Services and Policies Guide, Chapter 10, Configuring and Managing Policies with the SRC CLI and SRC-PE Services and Policies Guide, Chapter 9, Configuring Local and Global Parameters with the SRC CLI.

The example in Figure 5 shows a policy configuration that includes:


Figure 5: Sample Rate-Limiting Policies with Bandwidth Parameters

Substitutions for these parameters can then be referenced in the RADIUS attributes:

vendor-specific.WISPr.Bandwidth-Max-Up=setSubstitution("max_up_rate=%s" 
% ATTR)
vendor-specific.WISPr.Bandwidth-Max-Down=setSubstitution("max_down_rate=%s" 
% ATTR)

Creating Web Access

When subscribers connect to and log in to a wireless access point, they are directed to a single Web page that is referred to as a captive portal page. This page is part of a service selection portal. A captive portal page receives and manages redirected Web requests. The SRC Application Library provides an unsupported, demonstration application for a residential service selection portal.

When creating a captive portal page for a wireless roaming environment, configure the page to:

You can retrieve the URL of the start page from the service session property startURL. Note that startURL is the default name used for the flexible RADIUS authentication plug-in; you can assign a different name to this property.

You can use the Subscriber.readSubscription() method in the Common Object Request Broker Architecture (CORBA) remote application programming interface (API) to retrieve the redirect URL.

Note that when you develop the portal, you can use the following methods in the SAE CORBA remote API to retrieve session data after the access service starts:

For more information about these methods, see the SAE CORBA remote API documentation in the SRC software distribution in the folder SDK/doc/idl or on the Juniper Networks Web site at

http://www.juniper.net/techpubs/software/management/sdx/api-index.html

Setting Idle Timeout Options for the SAE

You can configure the following options to ensure that the timeout values are consistent with the requirements for your environment:

To configure the timeout settings:

  1. Configure the service activation authentication through a RADIUS server to return an idle timeout. This configuration requires that the RADIUS server returns the idle timeout vendor-specific attribute (VSA).

or

Configure the idle timeout in the SRC service definition. For example:

[edit services global service service1]
user@host# set idle-timeout 5

Although an interval up to 5 minutes is typically recommended, for the SRC software, we recommend a minimum of 15 minutes.

  1. Configure the adjust-session-time statement for the SAE to ensure that session time is accurately reported for accounting purposes. For example:
  2. [edit shared sae group wireless configuration]
    
    user@host# set idle-timeout adjust-session-time
    
    
    

Related Topics

http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/swconfig84-system-basics.pdf

http://www.juniper.net/techpubs/software/erx/junose82/bookpdfs/swconfig-broadband.pdf


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]