Subscriber Access Management - Juniper JUNOS OS 10.4 - RELEASE NOTES Release Note

New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers

Subscriber Access Management

Redirecting HTTP redirect requests (MX Series routers)—Enables support for HTTP
traffic requests from subscribers to be aggregated from access networks onto a BRAS
router, where HTTP traffic can be intercepted and redirected to a captive portal. A
captive portal provides authentication and authorization services for redirected
subscribers before granting access to protected servers outside of a walled garden. A
walled garden defines a group of servers where access is provided to subscribers
without reauthorization through a captive portal. You can use a captive portal page as
the initial page a subscriber sees after logging in to a subscriber session and as a page
used to receive and manage HTTP requests to unauthorized Web resources. An HTTP
redirect remote server that resides in a walled garden behind Junos OS routers processes
HTTP requests redirected to it and responds with a redirect URL to a captive portal.
To configure HTTP redirect, include the captive-portal-content-delivery statement at
the hierarchy level.
[edit services]
[Subscriber Access]
Filter support for service packet counting—You can count service packets, applying
them to a specific named counter (__junos-dyn-service-counter), for use by RADIUS.
To enable service packet accounting, specify the action at the
service-accounting [edit
hierarchy level.
firewall family family-name filter filter-name term term-name then]
[Policy Framework, Subscriber Access]
Support for domain maps that apply configuration options based on subscriber
domain names (MX Series and M Series routers)—You use domain maps to apply
access options and session-specific parameters to subscribers whose domain name
corresponds to the domain map name. You can also create a default domain map that
the router uses for subscribers whose username does not include a domain name or
has a non-matching domain name.
Domain maps apply subscriber-related characteristics such as profiles (access,
dynamic, and tunnel), target and AAA logical system mapping, address pool usage,
and PADN routing information.
You configure domain maps at the hierarchy level.
[edit access domain]
[Subscriber Access]
L2TP LAC support for subscriber management (MX Series routers)—You can now
configure an L2TP access concentrator (LAC) on MPC-equipped MX Series routers.
As part of the new L2TP LAC support, you can configure how the router selects a tunnel
for a PPP subscriber from among a set of available tunnels. The default tunnel selection
method is to fail over between tunnel preference levels. When a PPP user tries to log
in to a domain, the router attempts to connect to a destination in that domain by means
of the associated tunnel with the highest preference level. If the destination is
unreachable, the router then moves to the next lower preference level and repeats the
process. No configuration is required for this tunnel selection method.
You can include the fail-over-within-preference statement at the [edit services l2tp]
hierarchy level to configure tunnel selection failover within a preference level. With this
Copyright © 2010, Juniper Networks, Inc. 23