Service Activation and Deactivation Using the CLI Instead of RADIUS
CLI-Activated Subscriber Services
Subscriber management enables you to use the Junos OS CLI to locally activate and deactivate dynamic subscriber services. CLI-based activation and deactivation provides local control for dynamic subscriber services that is similar to subscriber management’s change of authorization (CoA) feature. CoA is considered a remote activation method because the commands, or triggers, are received from a remote server, such as a RADIUS or provisioning server. Both the CoA and CLI-based methods enable you to manage services for subscribers who are currently logged in to the network—you can activate a new service for the subscriber or deactivate a current service.
The CLI-based feature activates the specified service—you cannot use it to modify a subscriber’s dynamic profile instantiation or to modify user-defined variables in a dynamic profile. You can, however, include variables that are defined for the service in the dynamic profile.
Subscriber management does not support accounting for CLI-activated subscriber services. Accounting for any service is disabled by default. Therefore when you use the CLI to activate a service, it is activated with accounting disabled, and there is no way to explicitly enable accounting for the service. CLI deactivation of a service previously activated (such as by RADIUS) has no effect on accounting for that service.
CLI-based activation and deactivation is useful in service provider networks that do not use provisioning servers or RADIUS servers to activate and deactivate subscriber services. The local control provided by the CLI-based operations enables service providers to add and remove services for existing subscribers without requiring that the subscriber log out and than log in again to complete the change. For example, a service provider might allow subscribers to log in and initially use the default service, which provides basic features. After the default service is established, the provider might then use CLI-activation to upgrade qualified subscribers to an advanced service, in addition to retaining the initial service. Later, the provider can use CLI-deactivation to terminate the subscriber’s advanced service session. The subscriber retains the initial service until the service is deactivated.
CLI-based activation or deactivation of a subscriber service fails if any of the following conditions exist:
A RADIUS CoA operation or a previous CLI-based activation or deactivation is currently in progress for the subscriber. Only one dynamic request can be active for the subscriber.
A unified in-service software upgrade (unified ISSU) operation is active.
The specified service could not be activated or deactivated.
A CLI-based activation or deactivation of a subscriber service also fails if a PCRF has successfully activated any services for the subscriber. You must override the PCRF provisioning to be able to activate or deactivate services for such a subscriber. For more information, see Disabling PCRF Control of a Subscriber Session.
See Also
Local and Remote Service Activation and Deactivation Using the CLI
Subscriber management enables you to use the Junos OS CLI to locally activate or deactivate dynamic subscriber services for subscribers who are currently logged in to the network. You can activate an initial service for the subscriber, provide an additional service, or deactivate the subscriber’s current service. This method is an alternative to using external actions by your RADIUS server.
Starting in Junos OS Release 18.3R1, when the dynamic service profile is configured with the profile-type remote-device-service
statement, the CLI statements trigger the remote device services manager (RDSM) to provision or deprovision the service on a remote device.
A CLI-based activation or deactivation of a subscriber service fails if any of the following conditions exist:
A RADIUS CoA operation or a previous CLI-based activation or deactivation is active for the subscriber.
A unified in-service software upgrade (unified ISSU) operation is active.
The specified service could not be activated or deactivated.
A CLI-based activation or deactivation of a subscriber service also fails if a PCRF has successfully activated any services for the subscriber. You must override the PCRF provisioning to be able to activate or deactivate services for such a subscriber. For more information, see Disabling PCRF Control of a Subscriber Session.
However, this caveat does not apply if the service was provisioned on a remote device by the RDSM at the request of PCRF as the external authority supplying the service information. When you issue the command to activate or deactivate such a service, RDSM handles the service action.
To use the CLI to activate a subscriber service:
To use the CLI to deactivate a subscriber service:
Display the active services for the specified subscriber. The following example shows that the
basic-service
andgold-service
are active.user@host> show network-access aaa subscribers session-id 55 detail Type: dhcp Username: user23@example.net Stripped username: user23 AAA Logical system/Routing instance: default:default Target Logical system/Routing instance: default:retail-onlinecompany-ca Access-profile:retailer-onlinecompany-sjc Session ID: 55 Accounting Session ID: 55 Multi Accounting Session ID: 0 IP Address: 192.168.44.104 Authentication State: AuthStateActive Accounting State: Acc-Start-Send Provisioning-type: none Service name: basic-service Service State: SvcActive Session ID: 56 Session uptime: 00:02:15 Service name: gold-service Service State: SvcActive Session ID: 57 Session uptime: 00:00:30
Deactivate the service for the subscriber. The following example deletes the subscriber’s
basic-service
service.user@host> request network-access aaa subscriber delete session-id 55 service-profile basic-service
(Optional) Verify that the deleted service is no longer active for the subscriber. (The
gold-service
is still listed because it has not been deactivated.)user@host> show network-access aaa subscribers session-id 55 detail Type: dhcp Username: user23@example.net Stripped username: user23 AAA Logical system/Routing instance: default:default Target Logical system/Routing instance: default:retail-onlinecompany-ca Access-profile:retailer-onlinecompany-sjc Session ID: 55 Accounting Session ID: 55 Multi Accounting Session ID: 0 IP Address: 192.168.44.104 Authentication State: AuthStateActive Accounting State: Acc-Start-Send Provisioning-type: none Service name: gold-service Service State: SvcActive Session ID: 57 Session uptime: 00:00:30
The following sample commands illustrate CLI activation and deactivation for remote services applied by RDSM to remote devices.
user@host> request network-access aaa subscriber add session-id 131 service-profile “upstreamBandwidth(100,100,100)” Successful completion
user@host> request network-access aaa subscriber delete session-id 131 service-profile “upstreamBandwidth(100,100,100)” Successful completion