After authentication, the mechanism to set up, modify, and tear down a data triggered dynamic service is the same as for RADIUS-triggered Dynamic Data Services associated with an IPoE or PPPoE session as a control channel.
The auto-provisioning of a data-triggered dynamic service is initiated by the RADIUS messages or local authentication as listed in Table: Dynamic service script actions.
Notes:
Using the Nas-Port-Id as a key in a CoA or Disconnect-Message targets the corresponding dynamic services SAP; this also occurs when the Nas-Port-Id corresponds with the SAP ID of a data trigger.
Using the Acct-Session-Id as a key in a CoA or Disconnect-Message targets:
the corresponding dynamic services SAP if the Acct-Session-Id belongs to a dynamic services SAP that is not a dynamic services data trigger SAP
the data trigger SAP if the Acct-Session-Id belongs to the dynamic services data trigger SAP
In the event of a tear down, if the dynamic services SAP ID is a dynamic service data trigger SAP ID, all dynamic services associated with that dynamic services data trigger are also removed.
Action |
Dynamic service script action |
Comments |
|
|---|---|---|---|
Rx Access-Accept or local authentication (dynamic services data trigger authentication) |
Setup |
Up to 32 dynamic data services SAPs in a single message The dynamic services SAP that corresponds with the data trigger (also referred to as the dynamic services data trigger sap-id) must be part of this list. The Alc-Dyn-Serv-Script-Action VSA is optional for RADIUS authentication. |
|
Modify / Teardown |
Not supported |
||
Rx CoA (Nas-Port-Id or Acct-Session-Id of a dynamic service SAP different from the data trigger) |
Setup |
Not supported |
|
Modify |
Only a single dynamic data service per message Mandatory VSAs: Alc-Dyn-Serv-Script-Action Alc-Dyn-Serv-Script-Params |
||
Teardown |
Tear down the dynamic service of the dynamic services SAP identified by the Acct-Session-Id or Nas-Port-Id. Alc-Dyn-Serv-Script-Action VSA is mandatory |
||
Rx CoA (Nas-Port-Id of a data trigger) |
Setup |
Not supported. Nas-Port-Id always targets the dynamic services SAP and not the data trigger. |
|
Modify |
Only a single dynamic data service per message Mandatory VSAs: Alc-Dyn-Serv-Script-Action Alc-Dyn-Serv-Script-Params |
||
Teardown |
Tear down the dynamic service of the dynamic services SAP identified by the Nas-Port-Id. Because this is the data trigger SAP that is deleted, all dynamic services SAPs associated with the data trigger are also deleted. Alc-Dyn-Serv-Script-Action VSA is mandatory |
||
Rx CoA (Acct-Session-Id of a data trigger) |
Setup |
Only a single dynamic service SAP per message When successful, the dynamic services SAP is associated with the data trigger identified by the specified Acct-Session-Id. Mandatory VSAs: Alc-Dyn-Serv-Script-Action Alc-Dyn-Serv-SAP-Id Alc-Dyn-Serv-Script-Params Alc-Dyn-Serv-Policy (if no ‟default” policy configured) |
|
Modify |
Only a single dynamic service per message Modify the dynamic service of the dynamic services SAP identified by the Alc-Dyn-Serv-SAP-Id. The dynamic services SAP must be associated with the data trigger identified with the specified Acct-Session-Id. Mandatory VSAs: Alc-Dyn-Serv-Script-Action Alc-Dyn-Serv-SAP-Id Alc-Dyn-Serv-Script-Params |
||
Teardown |
Tear down the dynamic service of the dynamic services SAP identified by the Alc-Dyn-Serv-SAP-Id. The dynamic services SAP must be associated with the data trigger identified with the specified Acct-Session-Id. If the dynamic services SAP identified by the Alc-Dyn-Serv-SAP-Id is a data trigger sap, then teardown the dynamic services of all dynamic services saps associated with that data trigger Mandatory VSAs: Alc-Dyn-Serv-Script-Action Alc-Dyn-Serv-SAP-Id |
||
Rx Disconnect Message (Nas-Port-Id or Acct-Session-Id of a dynamic service SAP different from a data trigger) |
N/A |
Tear down the dynamic service of the dynamic services SAP identified by the Acct-Session-Id or Nas-Port-Id |
|
Rx Disconnect Message (Nas-Port-Id or Acct-Session-Id of a data trigger) |
N/A |
Tear down the dynamic services of all dynamic services SAPs associated with the data trigger identified by the Acct-Session-Id or Nas-Port-Id |
|
A data-triggered dynamic service must be explicitly removed by one of the following:
with a RADIUS Disconnect message containing the Acct-Session-Id or NAS-Port-Id as key
with a RADIUS CoA message containing the Acct-Session-Id or NAS-Port-Id as key and Alc-Dyn-Serv-Script-Action VSA with value 3 (teardown)
with a CLI clear command: clear>service>dynamic-services>data-trigger sap sap-id
All dynamic service SAPs associated with the dynamic services data trigger is removed.
with a CLI tools command: tools>perform>service>dynamic-services> evaluate-script sap sap-id control-session acct-session-id action teardown
The control session accounting session ID corresponds to the dynamic services data trigger accounting session ID.
The removal of a dynamic service SAP that is a data trigger SAP results in the removal (teardown) of all dynamic service SAPs associated with that dynamic services data trigger.
To prevent a data-triggered dynamic service from being immediately set up again after it was removed (because traffic is still being received), the following procedures can be used:
Authentication failure
Update the configuration of the RADIUS server or local authentication such that the authentication for the dynamic service data trigger fails
Tear down the dynamic service
The dynamic service is not set up again because the data trigger authentication fails, resulting in a host-lockout when provisioned.
VID filter on the capture-sap
Add the data trigger encapsulation to a VID filter (ingress MAC filter of type vid) that is applied on the data trigger capture-sap
Tear down the dynamic service
The dynamic service is not set up again because the data trigger is now dropped by the VID filter applied on the capture-sap