RADIUS VSAs and Broadband Subscriber Management Wholesale Configuration Overview
You can use RADIUS to assign various values through the use of dynamic variables within dynamic profiles. However, the configuration of at least one of the two VSAs described in Table 1 is required for a wholesale network to function.
Attribute Number |
Attribute Name |
Description |
Value |
|---|---|---|---|
26-1 |
LSRI-Name |
Client logical system/routing instance membership name. Allowed only from RADIUS server for “default” logical system/routing instance membership. |
string: logical system:routing instance |
26-25 |
Redirect-LSRI-Name |
Client logical system/routing instance membership name indicating to which logical system/routing instance membership the request is redirected for user authentication. |
string: logical system:routing instance |
Specifying the $junos-routing-instance dynamic variable
in a dynamic profile triggers a RADIUS access-accept response of either
the LSRI-Name VSA or the Redirect-LSRI-Name VSA. Returning an LSRI-Name
attribute in the access-accept response provides the logical system
and routing instance in which the logical interface is to be created and the router updates the session database with
the specified routing instance value. Returning a Redirect-LSRI-Name
attribute in the access-accept response results in the router immediately
sending a second access-request message (sometimes referred to as
a double-dip) to the RADIUS server specified
by the logical system:routing instance attribute specified by the
Redirect-LSRI-Name VSA.
Attributes returned as a result of a second access-request message to the logical system/routing instance membership specified by the Redirect-LSRI-Name VSA override any prior attributes returned by initial access-accept responses to the default logical system/routing instance membership.