Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Service Activation and Deactivation Using the CLI Instead of RADIUS

CLI-Activated Subscriber Services

Subscriber management enables you to use the Junos OS CLI to locally activate and deactivate dynamic subscriber services. CLI-based activation and deactivation provides local control for dynamic subscriber services that is similar to subscriber management’s change of authorization (CoA) feature. CoA is considered a remote activation method because the commands, or triggers, are received from a remote server, such as a RADIUS or provisioning server. Both the CoA and CLI-based methods enable you to manage services for subscribers who are currently logged in to the network—you can activate a new service for the subscriber or deactivate a current service.

The CLI-based feature activates the specified service—you cannot use it to modify a subscriber’s dynamic profile instantiation or to modify user-defined variables in a dynamic profile. You can, however, include variables that are defined for the service in the dynamic profile.

Subscriber management does not support accounting for CLI-activated subscriber services. Accounting for any service is disabled by default. Therefore when you use the CLI to activate a service, it is activated with accounting disabled, and there is no way to explicitly enable accounting for the service. CLI deactivation of a service previously activated (such as by RADIUS) has no effect on accounting for that service.

CLI-based activation and deactivation is useful in service provider networks that do not use provisioning servers or RADIUS servers to activate and deactivate subscriber services. The local control provided by the CLI-based operations enables service providers to add and remove services for existing subscribers without requiring that the subscriber log out and than log in again to complete the change. For example, a service provider might allow subscribers to log in and initially use the default service, which provides basic features. After the default service is established, the provider might then use CLI-activation to upgrade qualified subscribers to an advanced service, in addition to retaining the initial service. Later, the provider can use CLI-deactivation to terminate the subscriber’s advanced service session. The subscriber retains the initial service until the service is deactivated.

CLI-based activation or deactivation of a subscriber service fails if any of the following conditions exist:

  • A RADIUS CoA operation or a previous CLI-based activation or deactivation is currently in progress for the subscriber. Only one dynamic request can be active for the subscriber.

  • A unified in-service software upgrade (unified ISSU) operation is active.

  • The specified service could not be activated or deactivated.

A CLI-based activation or deactivation of a subscriber service also fails if a PCRF has successfully activated any services for the subscriber. You must override the PCRF provisioning to be able to activate or deactivate services for such a subscriber. For more information, see Disabling PCRF Control of a Subscriber Session.

Local and Remote Service Activation and Deactivation Using the CLI

Subscriber management enables you to use the Junos OS CLI to locally activate or deactivate dynamic subscriber services for subscribers who are currently logged in to the network. You can activate an initial service for the subscriber, provide an additional service, or deactivate the subscriber’s current service. This method is an alternative to using external actions by your RADIUS server.

Starting in Junos OS Release 18.3R1, when the dynamic service profile is configured with the profile-type remote-device-service statement, the CLI statements trigger the remote device services manager (RDSM) to provision or deprovision the service on a remote device.

Note:

A CLI-based activation or deactivation of a subscriber service fails if any of the following conditions exist:

  • A RADIUS CoA operation or a previous CLI-based activation or deactivation is active for the subscriber.

  • A unified in-service software upgrade (unified ISSU) operation is active.

  • The specified service could not be activated or deactivated.

A CLI-based activation or deactivation of a subscriber service also fails if a PCRF has successfully activated any services for the subscriber. You must override the PCRF provisioning to be able to activate or deactivate services for such a subscriber. For more information, see Disabling PCRF Control of a Subscriber Session.

However, this caveat does not apply if the service was provisioned on a remote device by the RDSM at the request of PCRF as the external authority supplying the service information. When you issue the command to activate or deactivate such a service, RDSM handles the service action.

To use the CLI to activate a subscriber service:

  1. (Optional) Verify the subscriber’s ID, and ensure that provisioning is not enabled. To display the session IDs of all current subscribers, use the show subscribers detail or show network-access aaa subscribers command.
  2. Activate the service for the subscriber.
  3. (Optional) Verify that the new service is activated for the subscriber. (The initial basic-service is also listed because it has not been deactivated.)

To use the CLI to deactivate a subscriber service:

  1. Display the active services for the specified subscriber. The following example shows that the basic-service and gold-service are active.

  2. Deactivate the service for the subscriber. The following example deletes the subscriber’s basic-service service.

  3. (Optional) Verify that the deleted service is no longer active for the subscriber. (The gold-service is still listed because it has not been deactivated.)

The following sample commands illustrate CLI activation and deactivation for remote services applied by RDSM to remote devices.