- play_arrow Overview
- play_arrow Juniper BNG CUPS Controller CLI Configuration Statements
- play_arrow Juniper BNG CUPS Controller CLI Operational Statements
- play_arrow Juniper BNG User Plane CLI Configuration Statements
- Juniper BNG User Plane CLI Configuration Statements
- auto-configure
- captive-portal-content-delivery-profile (Services)
- dynamic-profile (Stacked VLAN)
- flexible-vlan-tagging (Interfaces)
- hierarchical-scheduler
- ranges (Dynamic Stacked VLAN)
- service-set (Dynamic Service Sets)
- service-set-options
- services (Captive Portal Content Delivery)
- stacked-vlan-tagging
- play_arrow Juniper BNG User Plane CLI Operational Commands
Use Juniper BNG CUPS Captive Portal and Content Delivery Services
This document presents conceptual information and sample configurations that you can use to help you set up Captive Portal and Content Delivery services in your Juniper BNG CUPS environment.
Captive Portal and Content Delivery Overview
Captive Portal and Content Delivery (CPCD) also known as HTTP redirect services is supported in Juniper BNG CUPS. When CPCD is enabled, HTTP request traffic from subscribers is intercepted and redirected to an external captive portal device. The captive portal is often the initial page a subscriber sees after logging into the network. The captive portal typically provides authentication and authorization services for redirected subscribers before granting access to protected servers outside of a walled garden. A walled garden, also known as an allow list, defines a group of servers where access is provided to subscribers without reauthorization through a captive portal. These walled gardens enable you to increase revenue by marketing various services to your customers.
Figure 1 shows the network elements that are involved in the BNG CUPS CPCD function.
The BNG CUPS CPCD functionality is disaggregated to run on both the BNG CUPS Controller and the BNG User Planes. This functionality is described in the “Traffic Redirection” section of the 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Interface between the Control Plane and the User Plane Nodes; Stage 3 specification.
Enabling subscribers for CPCD and provisioning service filter is handled in the BNG CUPS Controller while processing of packets for redirection is done in the BNG User Planes. The Routing Engine of the BNG User Plane performs the redirect function and additional service card is not required in the BNG User Plane.
There are two modes which are supported, redirect and rewrite. For redirect, the portal server URL is returned for the HTTP requests. For rewrite, the IP address destination is modified and traffic is sent to the portal server.
Configure CPCD
- BNG CUPS Controller CPCD Configuration
- BNG User Plane CPCD Configuration
- BNG CUPS Controller Operational Commands
- BNG User Plane Operational Commands
BNG CUPS Controller CPCD Configuration
Configure the service filter on the BNG CUPS Controller, as follows:
[edit groups bbe-common-|0 - 4| firewall]
family inet {
service-filter http-reverse-v4 {
term http {
from {
source-address {
192.100.1.100/32;
}
}
then {
count httpv4_reverse_count;
service;
}
}
term skip {
then {
count httpv4_reverse_skip_count;
skip;
}
}
}
service-filter redirect-in {
term http {
from {
destination-port [ 80 8080 https ];
}
then {
count httpv4_redirect_count;
service;
}
}
term skip {
then {
count httpv4_redirect_skip_count;
skip;
}
}
}
}
family inet6 {
service-filter http-reverse-v6 {
term http6 {
from {
source-address {
1000:1:2::1/128;
}
}
then {
count httpv6_reverse_count;
service;
}
}
term skip6 {
then {
count httpv6_reverse_skip_count;
skip;
}
}
}
service-filter redirectv6-in {
term http6 {
from {
destination-port [ 80 8080 https ];
}
then {
count httpv6_redirect_count;
service;
}
}
term skip6 {
then {
count httpv6_redirect_skip_count;
skip;
}
}
}
}Configure the service set on the BNG CUPS Controller, as follows:
[edit groups bbe-common-|0 - 4| services]
captive-portal-content-delivery {
profile cpcd_dyn_cpcd {
dynamic;
}
}
service-set sset-redirect-dyn {
service-set-options {
routing-engine-services;
}
captive-portal-content-delivery-profile cpcd_dyn_cpcd;
}Configure the HTTP redirect profile on the BNG CUPS Controller, as follows:
[edit groups bbe-common-|0 - 4| dynamic-profiles http-redirect-re-dyn]
variables {
redirect-url default-value https://www.juniper.net;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
service {
input {
service-set sset-redirect-dyn service-filter redirectin;
}
output {
service-set sset-redirect-dyn service-filter http-reverse-v4;
}
}
}
family inet6 {
service {
input {
service-set sset-redirect-dyn service-filter redirectv6-in;
}
output {
service-set sset-redirect-dyn service-filter httpreverse-v6;
}
}
}
}
}
}
services {
captive-portal-content-delivery {
rule r1 {
match-direction input;
term 1 {
then {
redirect "$redirect-url";
}
}
}
}
}To enable the subscriber to use the HTTP redirect service, the following must be provisioned on the AAA server:
cpcduser Cleartext-Password—"cpcd123"
Auth-Type—Local,
Service-Type—Framed-User
Framed-Pool—"v4pool"
Framed-IPv6-Pool—"v6-na-pool-0"
ERX-Service-Activate:1 +—'http-redirect-re-dyn(https://www.juniper.net)'
Configure the HTTP rewrite profile on the BNG CUPS Controller, as follows:
[edit groups bbe-common-|0 - 4| dynamic-profiles http-rewrite-re-dyn]
variables {
rewrite-ip default-value 7.1.1.2;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
service {
input {
service-set sset-redirect-dyn service-filter redirectin;
}
output {
service-set sset-redirect-dyn;
}
}
}
family inet6 {
service {
input {
service-set sset-redirect-dyn service-filter redirectv6-in;
}
output {
service-set sset-redirect-dyn;
}
}
}
}
}
}
services {
captive-portal-content-delivery {
rule r1 {
match-direction input;
term t1 {
then {
rewrite destination-address $rewrite-ip;
}
}
}
}
}[edit groups bbe-common-|0 - 4| dynamic-profiles http-rewrite-v6-re-dyn]
variables {
rewrite-ip default-value 1000:1:2::2;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
service {
input {
service-set sset-redirect-dyn service-filter redirectin;
}
output {
service-set sset-redirect-dyn;
}
}
}
family inet6 {
service {
input {
service-set sset-redirect-dyn service-filter redirectv6-in;
}
output {
service-set sset-redirect-dyn;
}
}
}
}
}
}
services {
captive-portal-content-delivery {
rule r1 {
match-direction input;
term t1 {
then {
rewrite destination-address $rewrite-ip;
}
}
}
}
}To enable the subscriber to use the rewrite service, the following must be provisioned on the AAA server.
cpcdrewrite Cleartext-Password—"joshua"
Auth-Type—Local
Service-Type—Framed-User
Framed-Pool—"v4pool"
Framed-IPv6-Pool—"v6-na-pool-0"
ERX-Service-Activate:1 +—'http-rewrite-dyn(7.1.1.2)'
BNG User Plane CPCD Configuration
Configure the service set on the BNG User Plane, as follows:
The configured service-set name must match the BNG CUPS
Controller provisioned service-set name.
[edit configuration services]
captive-portal-content-delivery {
profile cpcd_dyn_cpcd {
dynamic;
}
}
service-set sset-redirect-dyn {
service-set-options {
routing-engine-services;
}
captive-portal-content-delivery-profile cpcd_dyn_cpcd;
interface-service {
service-interface si-0/0/0;
}
}[edit configuration interfaces]
si-0/0/0 {
unit 0 {
family inet;
family inet6;
}
}BNG CUPS Controller Operational Commands
To view the subscribers that are enabled for CPCD, you can use the show subscribers user-plane up-name
bng-user-plane-name command.
BNG User Plane Operational Commands
To view the subscribers that are enabled for CPCD, you can use the show services captive-portal-content-delivery command.
