Using The Aaa Logical Line Identifier To Track Subscribers; How The Router Obtains And Uses The Llid - Juniper JUNOSE SOFTWARE 11.2.X - BROADBAND ACCESS CONFIGURATION GUIDE 7-20-2010 Configuration Manual

Using the AAA Logical Line Identifier to Track Subscribers

How the Router Obtains and Uses the LLID

Copyright © 2010, Juniper Networks, Inc.
Use the no version to delete the instance of the RADIUS route-download server.
See radius route-download server
You can configure the router to support the AAA logical line identification feature. This
feature enables service providers to track subscribers on the basis of a virtual port known
as the logical line ID (LLID).
The LLID is an alphanumeric string that logically identifies a subscriber line. The service
provider maps each subscriber to an LLID based on the user name and circuit ID from
which the customer's calls originate. When a subscriber moves to a new physical line,
the service provider's customer profile database is updated to map to the same LLID.
Because a subscriber's LLID remains the same regardless of the subscriber's physical
location, using the LLID gives service providers a more secure mechanism for tracking
subscribers and maintaining the customer database.
To obtain an LLID for a subscriber, the router must issue two RADIUS access requests:
a preauthentication request to obtain the LLID, followed by an authentication request
encoded with the LLID returned in response to the preauthentication request.
To configure this feature, you:
Create an AAA profile that supports preauthentication (by using the pre-authenticate
1.
command in AAA Profile Configuration mode).
Specify the IP address of a RADIUS preauthentication server (by using the radius
2.
pre-authentication server command in Global Configuration mode) and of an
authentication server (by using the radius authentication server command in Global
Configuration mode).
The following steps describe how the router uses RADIUS to obtain and use the LLID. It
is assumed that you have already configured an AAA profile for preauthentication and
have defined both a RADIUS preauthentication server and a RADIUS authentication
server. Typically, the preauthentication server and the authentication server reside in the
same virtual router context in which the PPP subscriber is authenticated.
The router obtains and uses the LLID as follows:
A PPP subscriber requests authentication through RADIUS.
1.
The router sends an Access-Request message to the RADIUS preauthentication
2.
server to obtain an LLID for the subscriber.
This step is referred to as the preauthentication request because it occurs before
user authentication and authorization.
The preauthentication server returns the LLID to the router in the Calling-Station-Id
3.
(RADIUS attribute 31) of an Access-Accept message.
Chapter 1: Configuring Remote Access
73