The authorization action handler obtains authorization data for a specific subscriber identity from external AAA servers. The authorization action handler is an asynchronous function. It collects identity information from Subscriber Attribute Database (SADB) as well as the user credential data based on the identifier type specified in the CLI. This information along with method list name is sent to the AAA authorization coordinator. Once the AAA processing is done, the control is returned to the Policy Rule Engine (PRE) action handler to complete the event processing. The configuration example is as follows:
1 authorize aaa list <list-name> [identifier <identifier-type> | format <format_name> password ['use-from-line'| <user-cfg-password>
Password is a mandatory, regardless of whether the user selects use-from-line or provides a specific value to use for authorization.
Authentication Action Handler
The authentication action handler gathers information like protocol type, service type, authentication type, user name, chap attributes, and user password and passes them to the AAA coordinator along with the AAA method list name. The authentication action handler is an asynchronous function. Once the AAA processing is done, the control is returned to the PRE action handler to complete the event processing. The configuration example is as follows:
1 authenticate aaa list <list-name>
Disconnect Action Handler
The disconnect action handler is called to
disconnect a subscriber. For a subscriber disconnect, the PRE informs the Policy Plane Session Manager (PPSM)
to notify all clients about the subscriber disconnect. The PPSM reports
back to the PRE to complete the disconnection. The PRE puts the subscriber in
the disconnect state. The PRE also cleans-up the record history data that stores
policy execution history and the control block containing the
subscriber label. When PRE processing is done, control is returned to the PPSM for
Activate Action Handler
The activate action handler enables local
dynamic templates or remote AAA services on the subscriber's
The results of this action are either immediate or asynchronous. The PRE gathers information like the AAA method list name, template type, and template name and sends to the SVM for processing. The SVM returns the control after completing template processing, and the PRE resumes processing the action list from the place it had stopped. The configuration example is as follows:
1 activate dynamic-template <template-name> [aaa list <list-name>]
Deactivate Action Handler
The deactivate action handler disables local
dynamic templates or remote AAA services from the subscriber's
The result of this action is asynchronous. The PRE collects information like AAA list, template type, and template name and sends to the SVM. to request it to not apply the service. The AAA list is used to derive a key used in SVM. SVM returns control after completing template processing, and the PRE restarts processing the action list from where it had stopped. The configuration example is as follows:
1 deactivate dynamic-template <template-name> [aaa list <list-name>]
Set Timer and Stop Timer Action Handlers
The set timer action handler sets an active named timer for a defined time period on the subscriber session. The stop timer stops an active named timer on the subscriber session. Enabling the set timer action handler allows the service provider to have one or more timed-policy-expiry events to be triggered on a subscriber. This in turn provides better subscriber management over the subscriber life cycle. These action handlers provide functions like scheduled validation of subscriber state status (checking if the subscriber is authenticated or unauthenticated) and periodically changing subscriber policy (such as forcing re-authentication on a daily or hourly basis).
An action with a timer value of 0, triggers the action immediately.
There are two methods to stop an active timer:
Allow the timer to expire.
Stop the active running timer using the stop-timer action command.