The SR OS RADIUS Python interface is used to interpret the parameters specified in the subscriber service-specific VSAs and to generate an internal proprietary format VSA representing the subscriber service instance to activate or deactivate, as shown in Figure: RADIUS Python interface.
The SR OS only requires the Alc-Sub-Serv-Internal VSA [26-6527-155] to activate or deactivate the subscriber service. Subscriber service-specific VSAs [26-6527-151..154] are available to be used in the subscriber service Python script but are ignored in the SR OS.
See the Python script section for details on the subscriber services Python script functions and operation.
A Python script must be configured for RADIUS Access-Accept and CoA messages; for example:
config
python
python-script "subsvc-1" create
primary-url "ftp://user:pwd@10.1.1.1/./py/subsvc-1.py"
no shutdown
exit
python-policy "py-policy-subsvc-1" create
radius access-accept direction ingress script "subsvc-1"
radius change-of-authorization-request direction ingress script "subsvc-
1"
exit
exit
The Python policy must then be applied to the radius-server-policy to pass the Access-Accept messages to the Python script and to the RADIUS server to pass the CoA messages to the Python script. For example:
configure
router
radius-server
server "server-1" address 10.1.1.2 secret <secret> create
accept-coa
python-policy "py-policy-subsvc-1"
exit
exit
exit
aaa
radius-server-policy "aaa-server-policy-1" create
python-policy "py-policy-subsvc-1"
servers
access-algorithm round-robin
router "Base"
server 1 name "server-1"
exit
exit
exit