Configuring a NIC Scenario with the SRC CLI
The OnePop configuration scenario is the default configuration for NIC. If you want to use another configuration scenario, you first clear data for the configuration scenario and change the static DN that identifies the scenario, see Changing NIC Configurations with the SRC CLI.
When you select a NIC configuration scenario, the software adds the default configuration for most properties. You can modify the NIC properties, including those for agents.
To specify a NIC configuration scenario for NIC to use:
- Make sure that the NIC component is running.
- From configuration mode, access the statement that configures a NIC configuration scenario, and specify the name of a scenario.
user@host> show component
Installed Components
Name Version Status
...
nic Release: 7.0 Build: GATEWAY.A.7.0.0.0168 running
...
[edit]
user@host#edit shared nic scenarioname
[edit]
user@host# edit shared nic scenario OnePopLogin
- View the default configuration for the configuration scenario. For example:
- (Optional) Update logging configuration.
[edit shared nic scenario OnePopLogin]
user@host# show
hosts {
DemoHost {
configuration {
hosted-resolvers "/realms/login/A1, /realms/login/B1, /realms/login/C1, /realms/login/D1, /realms/ip/A1, /realms/ip/B1, /realms/ip/C1";
hosted-agents "/agents/LoginNameVr, /agents/VrSaeId, /agents/IpLoginName,
/agents/PoolVr";
}
}
OnePopBO {
configuration {
hosted-resolvers "/realms/login/A1, /realms/login/C1, /realms/ip/A1, /real
ms/ip/C1";
hosted-agents /agents/VrSaeId;
}
}
OnePopH1 {
configuration {
hosted-resolvers "/realms/login/B1, /realms/login/D1, /realms/ip/B1";
hosted-agents "/agents/LoginNameVr, /agents/IpLoginName, /agents/PoolVr";
}
}
}
agents {
VrSaeId {
configuration {
directory {
search-base o=Network,<base>;
search-filter (objectclass=umcVirtualRouter);
search-scope 2;
server-url ldap://127.0.0.1:389/;
backup-servers-url ;
principal cn=nic,ou=Components,o=Operators,<base>;
credentials ********;
}
}
}
LoginNameVr {
configuration {
sae-plug-in {
event-filter "(&(!(PA_USER_TYPE=INTF))(!(PA_LOGIN_NAME=[None])))";
number-of-events-sent-in-a-synchronization-call 50;
}
}
}
IpLoginName {
configuration {
sae-plug-in {
number-of-events-sent-in-a-synchronization-call 50;
}
}
}
PoolVr {
configuration {
directory {
search-base o=Network,<base>;
search-filter (objectclass=umcVirtualRouter);
search-scope 2;
server-url ldap://127.0.0.1:389/;
backup-servers-url ;
principal cn=nic,ou=Components,o=Operators,<base>;
credentials ********;
}
}
}
}
See SRC-PE Monitoring and Troubleshooting Guide, Chapter 3, Configuring Logging for SRC Components with the CLI.
By default, NIC has the following logging enabled for a NIC host:
logger file-1 {
file {
filter !ConfigMgr,!DES,/debug-;
filename var/log/nicdebug.log;
rollover-filename var/log/nicdebug.alt;
maximum-file-size 10000000;
}
}
logger file-2 {
file {
filter /info-;
filename var/log/nicinfo.log;
}
}
logger file-3 {
file {
filter /error-;
filename var/log/nicerror.log;
- For each agent that the NIC configuration scenario includes, if needed update NIC agent configuration to define properties specific to your environment, such as directory properties.
Each type of agent has different configuration properties. The output from the show command identifies the type of agent under the agents hierarchy. For example:
VrSaeId {
configuration {
directory {
LoginNameVr {
configuration {
sae-plug-in {
For information about agent configuration, see the following sections:
Configuring Directory Agents
Use the following configuration statements to configure NIC directory agents:
shared nic scenarionameagentsagentconfiguration directory {
search-base search-base;
search-filter search-filter;
search-scope (0 | 1 | 2);
server-url server-url;
backup-servers-url backup-servers-url;
principal principal;
credentials credentials;
}
To configure a directory agent:
- From configuration mode, access the statement that specifies the configuration for the agent.
[edit]
user@host#edit shared nic scenarionameagentsagentconfiguration directory
[edit]
user@host#edit shared nic scenarioOnePopLoginagentsVrSaeId configuration directory
[edit shared nic scenario OnePopLogin agents VrSaeId configuration directory]
user@host# show
search-base o=Network,<base>;
search-filter (objectclass=umcVirtualRouter);
search-scope 2;
server-url ldap://127.0.0.1:389/;
directory-backup-urls ;
principal cn=nic,ou=Components,o=Operators,<base>;
credentials ********;
- (Optional) Change the distinguished name (DN) of the location in the directory from which the agent should read information.
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set search-base search-base
[edit shared nic scenario OnePop agents PoolVr configuration directory]
user@host# set search-base o=myNetwork,<base>
You can use <base> in the DN to refer to the globally configured base DN.
- (Optional) Change the directory search filter that the agent should use.
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set search-filter search-filter
[edit shared nic scenario OnePop agents PoolVr configuration directory]
user@host# set search-filter objectclass=umcVirtualRouter
- (Optional) Change the location in the directory relative to the base DN from which the NIC agent can retrieve information.
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set search-scope (0 | 1 | 2)
- 0—Entry specified in the
search-basestatement - 1—Entry specified in the
search-basestatement and objects that are subordinate by one level - 2—Subtree of entry specified in the
search-basestatement
- For an installation on a Solaris platform, specify the location of the directory in URL string format.
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set server-url ldap:// host:portNumber
For example, to specify the directory on a C-series Controller:
[edit shared nic scenario OnePop agents PoolVr configuration directory]
user@host#set server-urlldap://127.0.0.1:389/
- List the URLs of redundant directories. Separate URLs with semicolons.
- Specify the DN that contains the username that the directory server uses to authenticate the NIC agent.
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set directory-backup-urls backup-servers-urls
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set principal principal
[edit shared nic scenario OnePop agents PoolVr configuration directory]
user@host# set principal cn=nic,ou=Components,o=Operators,<base>
- Specify the password that the directory server uses to authenticate the NIC agent.
- Restart the NIC agent.
[edit shared nic scenarionameagentsnameconfiguration directory]
user@host# set credentials credentials
user@host>request nic restart agent namename
Configuring SAE Plug-In Agents
By default, the CORBA naming server on a C-series Controller uses port 2809. The NIC host is configured to communicate with this naming server; you do not need to change JacORB properties.
Use the following configuration statements to configure NIC SAE plug-in agents:
shared nic scenarionameagentsagentconfiguration sae-plug-in{
event-filter event-filter;
number-of-events number-of-events;
}
If you plan to change the event filter for the agent, make sure that you are familiar with:
See SRC-PE Subscribers and Subscriptions Guide, Chapter 11, Configuring Accounting and Authentication Plug-Ins with the SRC CLI.
See the documentation for the SAE CORBA Remote API in the SAE Core API documentation on the Juniper Networks Web site at:
http://www.juniper.net/techpubs/software/management/sdx/api-index.html
To configure an SAE plug-in agent:
- From configuration mode, access the statement that specifies the configuration for the agent.
[edit]
user@host#editshared nic scenarionameagentsagentconfiguration sae-plug-in
[edit]
user@host#edit shared nic scenarioOnePopLoginagentsLoginNameVr configuration sae plug-in
[edit shared nic scenario OnePopLogin agents LoginNameVr configuration sae-plug-in]
user@host# show
event-filter "(&(!(PA_USER_TYPE=INTF))(!(PA_LOGIN_NAME=[None])))";
number-of-events-sent-in-a-synchronization-call 50;
- (Optional) Change an LDAP filter that change the events that the agent collects.
[edit shared nic scenarionameagentsagentconfiguration sae-plug-in]
user@host# set event-filter event-filter
Typically, you do not need to change this value. If you do want to filter other events, use the format pluginAttribute=attributeValue format for event filters, where:
[edit shared nic scenarionameagentsagentconfiguration sae-plug-in]
user@host# set event-filter PA_USER_TYPE=INTF
- Specify the number of events that the SAE sends to the agent at one time during state synchronization.
[edit shared nic scenarionameagentsagentconfiguration sae-plug-in]
user@host# set number-of-events number-of-events
[edit shared nic scenario OnePopLogin agents LoginNameVr configuration sae plug-in]
user@host# set number-of-events 50
Configuring the SAE to Communicate with SAE Plug-In Agents When You Use NIC Replication
For each NIC host that uses SAE plug-in agents, configure a corresponding external plug-in for the SAE. By default, the SAE plug-in agents share events with the single SAE plug-in. You must also configure the SAE to communicate with the SAE plug-in agent in each NIC host that you use in the NIC replication.
For information about configuring an external plug-in for the SAE, see SRC-PE Subscribers and Subscriptions Guide, Chapter 11, Configuring Accounting and Authentication Plug-Ins with the SRC CLI.
To configure an external plug-in:
- From configuration mode, access the statement that specifies the configuration for an external plug-in for the SAE that communicates with the agent, and assign the plug-in a unique name.
- Configure CORBA object reference for the plug-in.
[edit]
user@host#shared sae configuration plug-ins namename
[shared sae configuration plug-ins name name external]
user@host#corba-object-referencecorba-object-reference
For the CORBA object reference, use the following syntax:
host:port-number/NameService#plugInName
For local host, use the IP address 127.0.0.1.
The default port number is 2809.
Use the format nicsae_groupname/saePort where groupname is the name of the replication group. (When replication is not used, the format is nicsae/saePort.)
[shared sae configuration plug-ins name name external]
user@host# set corba-object-reference
corbaname::127.0.0.1:2809/NameService#nicsae/saePort
- Configure attributes that are sent to the external plug-in for a NIC host. Because the SAE plug-in agents share the event by default, you configure only one for a NIC host.
[shared sae configuration plug-ins name name external]
user@host#set attr
[( router-name | user-dn | session-id | user-type | user-ip-address | login-name)]
Specify the plug-in options that the agent uses. You must specify the options session-id and router-name, and other options that you specified for the agent's network data types and the agent's event filter. Do not specify attributes options of the PAT_OPAQUE attribute type, such as the option dhcp-packet.
 |
- Reference the NIC as a subscriber tracking plug-in.
[edit shared sae group name configuration plugins event-publishers]
user@host#set subscriber-trackingpool-name
For example, for a pool named nic:
[edit shared sae group name configuration plugins event-publishers]
user@host# set subscriber-tracking nic
Obtaining Interface Configuration Information for OnePopStaticRouteIp
If you use the OnePopStaticRouteIp configuration scenario, you must obtain JUNOS interface configuration information for NIC. To get this information, you must run Network Publisher on a Solaris platform to gather the interface information.
To run Network Publisher on a Solaris platform:
See SRC-PE Getting Started Guide, Chapter 33, Installing the SRC Software on a Solaris Platform.
- On the Solaris platform, edit the /opt/UMC/nic/etc/networkPublisher/config.properties file and run Network Publisher. When you specify the directory configuration in the file, configure the connection to the directory on a C-series Controller.
See Chapter 12, Obtaining Interface Configuration for OnePopStaticRouteIp on Solaris Platforms.