Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Versioning for Dynamic Profiles

Enabling Dynamic Profiles to Use Multiple Versions

You can create new versions of dynamic profiles that are currently in use by subscribers. Any subscriber that logs in following a dynamic profile modification uses the latest version of the dynamic profile. Subscribers that are already active continue to use the older version of the dynamic profile until they log out or their session terminates.

Note:

You must enable or disable dynamic profile version creation before creating or using any dynamic profiles on the router. Enabling or disabling dynamic profile version creation after dynamic profiles are configured is not supported.

To configure versioning for dynamic profiles:

  1. Access the router system hierarchy level.
  2. Access the global dynamic profile options.
  3. Enable version creation for dynamic profiles on the router.

Modifying Dynamic Profiles with Versioning Disabled

You use dynamic profiles to configure large groups of subscribers. However, after you have configured and applied dynamic profiles, be cautious when modifying any dynamic profiles that are in use by active subscribers on the router if you have not enabled the router to use dynamic profile versioning. This section provides guidelines and procedures for modifying existing profiles and applying them to subscriber interfaces if dynamic profile versioning is not enabled on the router.

When modifying dynamic profiles, keep the following considerations in mind:

  • Do not modify a dynamic profile when dynamic profile versioning is disabled and the dynamic profile is in use by active subscribers.

  • Modifying a dynamic profile when dynamic profile versioning is disabled and when the dynamic profile is in use by active subscribers can lead to unpredictable behavior.

When a dynamic profile is modified and committed when dynamic profile versioning is not enabled, the router:

  1. Logs a warning that the profiles are being modified and committed.

  2. Determines whether the profile is currently being use by any subscriber.

  3. If the profile is in use by a subscriber, the commit fails and the router logs errors to report the conflict.

We recommend that you only modify dynamic profiles when you have enabled dynamic profile versioning on the router. However, to properly modify a dynamic profile when dynamic profile versioning is disabled on the router:

  1. Ensure that no subscribers are using the dynamic profile.
  2. Create a new dynamic profile with a different name that contains the desired changes:

    Original Profile

    Original DHCP Configuration

    New Profile

    Modified DHCP Configuration

  3. Commit the configuration containing the modified profile.

    The modified profile is used for any new subscribers that access the router.

Distinguishing Profile Versions with a Configurable Alias

You can configure a version alias to identify a specific configuration variant of a base dynamic client profile. The version alias is a text description that lets you decide how to name different profile variants, so they have an identifier independent of the dynamic version name that is automatically created by the BNG.

The need for a version alias results from the practice of using a given base dynamic profile across multiple BNGs in a network. Dynamic versioning enables you to modify a base dynamic profile to provide specific capabilities to subscribers that subsequently log in with the base dynamic profile. The different variations might be for subscribers on different BNGs or to new subscribers on a given BNG.

Dynamic versioning assigns a name to each new variation in the base profile. Consequently, the version name may vary for subscribers on one BNG or across multiple BNGs. In either case, RADIUS cannot determine which version of a profile is in use by any subscriber. This creates an operational challenge because RADIUS is unable to return corresponding attributes and VSAs in a CoA message that are compatible with that version of the profile.

When you configure a version alias for a dynamic client profile, the BNG sends the version alias to the RADIUS server during authentication. It is conveyed in the Juniper Networks client-profile-name VSA (26–4874–174). The version alias is an independent tag that enables you to track which profile variations are in use. Because RADIUS can distinguish the different profile versions, you can normalize the RADIUS back-end configuration for efficient use of CoA messages.

By default, the Client-Profile-Name VSA carries the name of the base dynamic profile. The version alias string is concatenated to the end of the profile name in the VSA, like this:

client-profile-name:version-alias-string

  • To configure a version alias for a dynamic client profile:

  • To display the alias for a dynamic client profile: