Configuring a NIC Scenario (SRC CLI)

The following topics provide procedures for configuring a NIC scenario with the SRC CLI:

• Defining the NIC Configuration to Use
• Configuring Directory Agents
• Configuring SAE Client Agents
• Configuring SAE Plug-In Agents
• Configuring the SAE to Communicate with SAE Plug-In Agents When You Use NIC Replication

Defining the NIC Configuration to Use

The OnePop configuration scenario is the default configuration for NIC. If you want to use another configuration scenario, you first clear data for the configuration scenario and change the scenario name that identifies the scenario, see Changing NIC Configurations (SRC CLI).

When you select a NIC configuration scenario, the software adds the default configuration for most properties. You can modify the NIC properties, including those for agents.

Caution: We recommend that you change only those statements visible at the basic editing level. Contact Juniper Professional Services or Juniper Customer Support before you change any of the NIC statements not visible at the basic editing level.

To specify a NIC configuration scenario for NIC to use:

1. Make sure that the NIC component is running.

   user@host> show component 
   Installed Components
   Name      Version                                            Status
   ...
   nic       Release: 7.0 Build: GATEWAY.A.7.0.0.0168           running 
   ...

2. From configuration mode, access the statement that configures a NIC configuration scenario, and specify the name of a scenario.

   [edit]

   user@host# edit shared nic scenario name

   For example:

   [edit]

   user@host# edit shared nic scenario OnePopLogin

3. View the default configuration for the configuration scenario. For example:

   [edit shared nic scenario OnePopLogin]
   user@host# show
   

   hosts { 
     DemoHost {
       configuration { 
         hosted-resolvers "/realms/login/A1, /realms/login/B1, /realms/login/C1, /realms/login/D1, /realms/ip/A1, /realms/ip/B1, /realms/ip/C1";
         hosted-agents "/agents/LoginNameVr, /agents/VrSaeId, /agents/IpLoginName, 
   /agents/PoolVr";
       }
     }
     OnePopBO {
       configuration { 
         hosted-resolvers "/realms/login/A1, /realms/login/C1, /realms/ip/A1, /real
   ms/ip/C1";
         hosted-agents /agents/VrSaeId;
       }
     }
     OnePopH1 {
       configuration { 
         hosted-resolvers "/realms/login/B1, /realms/login/D1, /realms/ip/B1";
         hosted-agents "/agents/LoginNameVr, /agents/IpLoginName, /agents/PoolVr";
       }
     }
   }
   agents { 
     VrSaeId {
       configuration { 
         directory { 
           search-base o=Network,<base>;
           search-filter (objectclass=umcVirtualRouter);
           search-scope 2;
           server-url ldap://127.0.0.1:389/;
           backup-servers-url ;
           principal cn=nic,ou=Components,o=Operators,<base>;
    ' '' '' '' '' '' '' 'credentials ********;
         }
       }
     }
     LoginNameVr {
       configuration { 
         sae-plug-in { 
           event-filter "(&(!(PA_USER_TYPE=INTF))(!(PA_LOGIN_NAME=[None])))";
           number-of-events-sent-in-a-synchronization-call 50;
         }
       }
     }
     IpLoginName {
       configuration { 
         sae-plug-in { 
   number-of-events-sent-in-a-synchronization-call 50;
         }
       }
     }
     PoolVr {
       configuration { 
         directory { 
           search-base o=Network,<base>;
           search-filter (objectclass=umcVirtualRouter);
           search-scope 2;
           server-url ldap://127.0.0.1:389/;
           backup-servers-url ;
    ' '' '' '' '' '' '' 'principal cn=nic,ou=Components,o=Operators,<base>;
    ' '' '' '' '' '' '' 'credentials ********;
         }
       }
     }
   }

4. (Optional) Update logging configuration.

   See Overview of Logging for SRC Components.

   By default, NIC has the following logging enabled for a NIC host:

   logger file-1 {

   file {

   filter !ConfigMgr,!DES,/debug-;

   filename var/log/nicdebug.log;

   rollover-filename var/log/nicdebug.alt;

   maximum-file-size 10000000;

   }

   }

   logger file-2 {

   file {

   filter /info-;

   filename var/log/nicinfo.log;

   }

   }

   logger file-3 {

   file {

   filter /error-;

   filename var/log/nicerror.log;

   }

   }

5. For each agent that the NIC configuration scenario includes, if needed update NIC agent configuration to define properties specific to your environment, such as directory properties.

   Each type of agent has different configuration properties. The output from the show command identifies the type of agent under the agents hierarchy. For example:

   VrSaeId {
       configuration { 
         directory { 

   LoginNameVr {
       configuration { 
         sae-plug-in { 

Configuring Directory Agents

Use the following configuration statements to configure NIC directory agents:

To configure a directory agent:

1. From configuration mode, access the statement that specifies the configuration for the agent.

   [edit]

   user@host# edit shared nic scenario name agents agent configuration directory

   For example:

   [edit]

   user@host# edit shared nic scenario OnePopLogin agents VrSaeId configuration directory

2. Review the default configuration for the agent. For example:

   [edit shared nic scenario OnePopLogin agents VrSaeId configuration directory]
   user@host#  show  
   search-base o=Network,<base>;
   search-filter (objectclass=umcVirtualRouter);
   search-scope 2;
   server-url ldap://127.0.0.1:389/;
   directory-backup-urls ;
   principal cn=nic,ou=Components,o=Operators,<base>;
   credentials ********;
   

3. (Optional) Change the distinguished name (DN) of the location in the directory from which the agent should read information.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set search-base search-base

   For example:

   [edit shared nic scenario OnePop agents PoolVr configuration directory]

   user@host# set search-base o=myNetwork,<base>

   You can use <base> in the DN to refer to the globally configured base DN.

4. (Optional) Change the directory search filter that the agent should use.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set search-filter search-filter

   For example:

   [edit shared nic scenario OnePop agents PoolVr configuration directory]

   user@host# set search-filter objectclass=umcVirtualRouter

5. (Optional) Change the location in the directory relative to the base DN from which the NIC agent can retrieve information.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set search-scope (0 | 1 | 2)

   where:

   • 0—Entry specified in the search-base statement
   • 1—Entry specified in the search-base statement and objects that are subordinate by one level
   • 2—Subtree of entry specified in the search-base statement
6. For an installation on a Solaris platform, specify the location of the directory in URL string format.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set server-url ldap:// host:portNumber

   For example, to specify the directory on a C Series Controller:

   [edit shared nic scenario OnePop agents PoolVr configuration directory]

   user@host# set server-urlldap://127.0.0.1:389/

7. List the URLs of redundant directories. Separate URLs with semicolons.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set directory-backup-urls backup-servers-urls

8. Specify the DN that contains the username that the directory server uses to authenticate the NIC agent.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set principal principal

   For example:

   [edit shared nic scenario OnePop agents PoolVr configuration directory]

   user@host# set principal cn=nic,ou=Components,o=Operators,<base>

9. Specify the password that the directory server uses to authenticate the NIC agent.

   [edit shared nic scenario name agents name configuration directory]

   user@host# set credentials credentials

10. Restart the NIC agent.

    user@host>request nic restart agent name name

Configuring SAE Client Agents

Use the following configuration statements to configure NIC SAE client agents:

To configure an SAE client agent:

1. From configuration mode, access the statement that specifies the configuration for the agent.

   [edit]

   user@host# edit shared nic scenario name agents agent configuration sae-client

   For example:

   [edit]

   user@host# edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client

2. Review the default configuration for the agent. For example:

   [edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client]
   user@host# show 
   principal cn=umcadmin,<base>;
   credentials ********;
   subscriber-id user-ip-address;
   search-base ou=sspadmurls,o=Servers,;
   search-filter (objectclass=corbaObjectReference);
   search-scope sub-tree;
   server-url ldap://127.0.0.1:389/; directory-backup-urls "";

3. (Optional) Change the authentication DN.

   For example:

   [edit edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client ]

   user@host# set principal cn=umcadmin, <base>

4. (Optional) Change the password that the NIC uses to access the directory. For example:

   [edit edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client ]

   user@host# set credentials —

5. Specify the part of the directory that you want the network publsiher to search.

   [edit edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client ]

   user@host# set search-base search-base

6. (Optional) Change the URL that identifies the primary Juniper Networks database to which the NIC agent connects.

   [edit edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client ]

   user@host# set server-url server-url

7. Specify the type of subscriber ID that the agent uses to identify the subscriber. The type can be user-ip-address, dn, login-name, or interface-name. For example, to specify an IP address:

   [edit edit shared nic scenario OnePopLoginPull agents IpSaeId configuration sae-client ]

   user@host# set subscriber-id use-ip-address

Configuring SAE Plug-In Agents

By default, the CORBA naming server on a C Series Controller uses port 2809. The NIC host is configured to communicate with this naming server; you do not need to change JacORB properties.

Use the following configuration statements to configure NIC SAE plug-in agents:

If you plan to change the event filter for the agent, make sure that you are familiar with:

• Plug-in attributes and values

  See Types of Tracking Plug-Ins .

• Filter syntax

  See the documentation for the SAE CORBA Remote API in the SAE Core API documentation on the Juniper Networks Web site at:

  http://www.juniper.net/techpubs/software/management/src/api-index.html

To configure an SAE plug-in agent:

1. From configuration mode, access the statement that specifies the configuration for the agent.

   [edit]

   user@host# edit shared nic scenario name agents agent configuration sae-plug-in

   For example:

   [edit]

   user@host# edit shared nic scenario OnePopLogin agents LoginNameVr configuration sae plug-in

2. Review the default configuration for the agent. For example:

   [edit shared nic scenario OnePopLogin agents LoginNameVr configuration sae-plug-in]
   user@host#  show  
   event-filter "(&(!(PA_USER_TYPE=INTF))(!(PA_LOGIN_NAME=[None])))";
   number-of-events-sent-in-a-synchronization-call 50;
   

3. (Optional) Change an LDAP filter that change the events that the agent collects.

   [edit shared nic scenario name agents agent configuration sae-plug-in]

   user@host# set event-filter event-filter

   Typically, you do not need to change this value. If you do want to filter other events, use the format pluginAttribute=attributeValue format for event filters, where:

   • pluginAttribute —Plug-in attribute name
   • attributeValue —Value of filter

     For example:

     [edit shared nic scenario name agents agent configuration sae-plug-in]

     user@host# set event-filter PA_USER_TYPE=INTF

4. Specify the number of events that the SAE sends to the agent at one time during state synchronization.

   [edit shared nic scenario name agents agent configuration sae-plug-in]

   user@host# set number-of-events number-of-events

   For example:

   [edit shared nic scenario OnePopLogin agents LoginNameVr configuration sae plug-in]

   user@host# set number-of-events 50

Configuring the SAE to Communicate with SAE Plug-In Agents When You Use NIC Replication

For each NIC host that uses SAE plug-in agents, configure a corresponding external plug-in for the SAE. By default, the SAE plug-in agents share events with the single SAE plug-in. You must also configure the SAE to communicate with the SAE plug-in agent in each NIC host that you use in the NIC replication.

For information about configuring an external plug-in for the SAE, see Configuring the SAE for External Plug-Ins.

To configure an external plug-in:

1. From configuration mode, access the statement that specifies the configuration for an external plug-in for the SAE that communicates with the agent, and assign the plug-in a unique name.

   [edit]

   user@host# shared sae configuration plug-ins name name

2. Configure CORBA object reference for the plug-in.

   [shared sae configuration plug-ins name name external]

   user@host# corba-object-reference corba-object-reference

   For the CORBA object reference, use the following syntax:

   host : port-number /NameService# plugInName

   where:

   • host —IP address or name of the machine on which you installed the NIC host that supports the agent

     For local host, use the IP address 127.0.0.1.

   • port-number —Port on which the name server runs

     The default port number is 2809.

   • plugInName —Name under which the agent is registered in the naming service

     Use the format nicsae_ groupname /saePort where groupname is the name of the replication group. (When replication is not used, the format is nicsae/saePort.)

     For example:

     [shared sae configuration plug-ins name name external]

     user@host# set corba-object-reference corbaname::127.0.0.1:2809/NameService#nicsae/saePort

3. Configure attributes that are sent to the external plug-in for a NIC host. Because the SAE plug-in agents share the event by default, you configure only one for a NIC host.

   [shared sae configuration plug-ins name name external]

   user@host# set attr

   [( router-name | user-dn | session-id | user-type | user-ip-address | login-name)]

   Specify the plug-in options that the agent uses. You must specify the options session-id and router-name, and other options that you specified for the agent’s network data types and the agent’s event filter. Do not specify attributes options of the PAT_OPAQUE attribute type, such as the option dhcp-packet.

   Note: Do not include attributes that are not needed.

4. Reference the NIC as a subscriber tracking plug-in.

   [edit shared sae group name configuration plugins event-publishers]

   user@host# set subscriber-tracking pool-name

   For example, for a pool named nic:

   [edit shared sae group name configuration plugins event-publishers]

   user@host# set subscriber-tracking nic

Related Topics

• Configuring a NIC Scenario (C-Web Interface)
• Configuring the NIC (SRC CLI)
• Verifying Configuration for the NIC (SRC CLI)
• Configuration Statements for the NIC
• Overview of NIC Configuration Scenarios

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.