 |
Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
You can perform the following tasks to configure tracking plug-ins:
Flat file accounting plug-ins write information to a file in a comma-separated format. The SRC software has a default flat file accounting plug-in instance called fileAcct. The fileAcct instance logs all possible attributes for 24-hour periods in the file var/acct/log.
Another item that you can configure for flat files is the names of the headers that appear in the file.
Use the following configuration statements to create flat-file accounting plug-in instances:
- shared sae configuration plug-ins name name file-accounting {
- filename filename ;
- template template ;
- interval interval ;
- fields [(status | nas-id | host | router-name | interface-name
| interface-alias | interface-descr | port-id | user-ip-address |
login-name | accounting-id | auth-user-id | if-radius-class | if-session-id
| service-name | radius-class | event-time | session-id | terminate-cause
| session-time | in-octets | out-octets | in-packets | out-packets
| nas-ip | user-mac-address | service-session-name | service-session-tag
| user-type | user-radius-class | user-session-id | primary-user-name
| subscription-name | login-id | if-index | event-time-millisecond
| nas-port | operational | user-inet-address | nas-inet-address |
router-type | interface-speed)...];
- }
To create flat-file accounting plug-ins:
- [edit shared sae group west-region configuration plug-ins
name fileAcct file-accounting]
- user@host# set fields [(status | nas-id | host | router-name | interface-name | interface-alias
| interface-descr | port-id | user-ip-address | login-name | accounting-id
| auth-user-id | if-radius-class | if-session-id | service-name |
radius-class | event-time | session-id | terminate-cause | session-time
| in-octets | out-octets | in-packets | out-packets | nas-ip | user-mac-address
| service-session-name | service-session-tag | user-type | user-radius-class
| user-session-id | primary-user-name | subscription-name | login-id
| if-index | event-time-millisecond | nas-port | operational | user-inet-address
| nas-inet-address | router-type | interface-speed)...]
[edit shared sae group west-region configuration plug-ins name fileAcct file-accounting] user@host# show filename var/acct/log; template FileAccounting.std; interval 24; fields [ status nas-id host router-name interface-name interface-alias interface-descr port-id user-inet-address login-name accounting-id auth-user-id if-session-id service-name event-time session-id terminate-cause session-time in-octets out-octets in-packets out-packets nas-inet-address user-mac-address service-session-name service-session-tag user-type user-session-id ];
When the SAE writes data to a flat file, it writes into the first line the headers that identify the attributes in the file. For example, in the following accounting file, the first line lists headers for all attribute fields in the file, and the following lines list the actual data in each field:
- Accounting Status,NAS ID,SSP Host,Router Name,Interface
Name,Interface Alias,Interface Description,NAS port ID,User IP Address,User
ID,User Accounting ID,User Authentication ID,INTF Radius Class,INTF,SessionId,
Service Name,Radius Class,Timestamp,SessionId, Terminate Cause,Session
Time,Input Octets,Output Octets,Input Packets,Output Packets,NAS IP,User
Mac address,Service Session Name,Service Session Tag,User Session
Type,User Session Radius Class,User Session ID
- start,SSP.uelmo,uelmo,default@erx7_ssp57,FastEthernet1/1.1,,IP1/1.1,default@erx7_ssp57
FastEthernet1/1:65535, 10.10.10.20,pebbles@virneo.net,,,,erx fastEthernet
1/1:0001048619,Video-Gold,Video-Gold,Fri Jan 30 14:23:29 EDT 2004,
VideoGold:null:1064946209182, 0,0,0,0,0,0, 10.10.7.17,,,,PPP,, pebbles:1064946144841
You can assign your own names to the headers that appear in the file. To do so, define the header names in a template, and then set up file accounting plug-in instances to use the template. The default template, FileAccounting.std, defines header names for all possible attributes. You can use the default template or create your own templates.
Use the following configuration statements to create a file accounting template:
- shared sae configuration file-accounting-template name ...
- shared sae configuration file-accounting-template name attributes (status | nas-id | host | router-name
| interface-name | interface-alias | interface-descr | port-id | user-ip-address
| login-name | accounting-id | auth-user-id | if-radius-class | if-session-id
| service-name | radius-class | event-time | session-id | terminate-cause
| session-time | in-octets | out-octets | in-packets | out-packets
| nas-ip | user-mac-address | service-session-name | service-session-tag
| user-type | user-radius-class | user-session-id | primary-user-name
| subscription-name | login-id | if-index | event-time-millisecond
| nas-port | operational | user-inet-address | nas-inet-address |
router-type | interface-speed | service-bundle | user-dn | uid | domain
| retailer-dn | password | service-scope | session-timeout | downstream-bandwidth
| upstream-bandwidth | dhcp-packet | aggr-session-id | aggr-login-name
| aggr-user-dn | aggr-user-inet-address | aggr-accounting-id | aggr-auth-user-id)
{
- value ;
- }
To set up a file accounting template:
- [edit shared sae group west-region configuration file-accounting-template
std]
- user@host# set attributes attribute value
For example:
[edit shared sae group west-region configuration file-accounting-template std]
user@host# show
attributes {
terminate-cause "RADIUS Termination Cause";
service-session-name "Service Session Name";
}You can use basic RADIUS accounting plug-ins to send accounting information to an external RADIUS accounting server or to a group of redundant servers. To communicate with nonredundant servers, you need to create multiple instances of the plug-in.
Use the following configuration statements to configure RADIUS accounting plug-ins:
- shared sae configuration plug-ins name name radius-accounting {
- load-balancing-mode (failover | roundRobin);
- failback-timer failback-timer ;
- nas-ip (SspIp | ErxIp);
- retry-interval retry-interval ;
- maximum-queue-length maximum-queue-length ;
- bind-address bind-address ;
- udp-port udp-port ;
- username (login-name | accounting-id | auth-user-name |
manager-id);
- calling-station-id (mac | no);
- default-peer default-peer ;
- }
To set up basic RADIUS accounting plug-ins:
[edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting] user@host# show load-balancing-mode failover; failback-timer -1; retry-interval 3000; maximum-queue-length 10000; username login-name; calling-station-id no; default-peer peer1;
Flexible RADIUS accounting plug-ins provide the same features as basic RADIUS accounting plug-ins. In addition, they allow you to customize RADIUS accounting packets that the SAE sends to RADIUS servers. You can specify which fields are included in the RADIUS accounting packets and what information is contained in the fields.
Use the following configuration statements to configure flexible RADIUS accounting plug-ins:
- shared sae configuration plug-ins name name flex-radius-accounting {
- load-balancing-mode (failover | roundRobin);
- failback-timer failback-timer ;
- timeout timeout ;
- retry-interval retry-interval ;
- maximum-queue-length maximum-queue-length ;
- bind-address bind-address ;
- udp-port udp-port ;
- error-handling (0 | 1);
- default-peer default-peer ;
- template template ;
- }
To set up flexible RADIUS accounting plug-ins:
[edit shared sae group west-region configuration plug-ins name flexRadiusAct flex-radius-accounting]
user@host# show
load-balancing-mode failover;
failback-timer -1;
timeout 15000;
retry-interval 3000;
maximum-queue-length 10000;
error-handling 0;
default-peer peer2;
template stdAcct;
peer-group peer2 {
server-address 10.10.1.1;
server-port 1818;
secret ********;
}The custom RADIUS accounting plug-ins provide the same functions as the flexible RADIUS accounting plug-ins, but are designed to deliver better system performance. To use a custom plug-in, you must provide a Java class that implements the service provider interface (SPI) defined in the RADIUS client library. Use this SPI to specify which fields and field values to include in RADIUS accounting packets. The RADIUS client library is part of the SAE core application programming interface (API).
See the documentation for the RADIUS client library in the SAE core API documentation on the Juniper Networks Web site at
For a sample implementation, see the SDK+AppSupport+Demos+Samples.tar.gz file on the
Juniper Networks Web site at: https://www.juniper.net/support/csc/swdist-erx/src.html . The application is located the following directory:
SDK/plugin/java/src/net/juniper/smgt/sample/radiuslib/RadiusPacketHandlerImpl.java.
Use the following configuration statements to set up custom RADIUS accounting plug-ins:
- shared sae configuration plug-ins name name custom-radius-accounting {
- java-class-radius-packet-handler java-class-radius-packet-handler ;
- class-path-radius-packet-handler class-path-radius-packet-handler ;
- append-acct-status-type-attribute;
- require-mandatory-attributes;
- load-balancing-mode (failover | roundRobin);
- failback-timer failback-timer;
- timeout timeout;
- retry-interval retry-interval;
- maximum-queue-length maximum-queue-length;
- bind-address bind-address;
- udp-port udp-port;
- default-peer default-peer;
- }
To set up custom RADIUS accounting plug-ins:
[edit shared sae group west-region configuration plug-ins name customRadiusAct custom-radius-accounting] user@host# show java-class-radius-packet-handler net.juniper.smgt.radius.RadiusPacketHandlerImpl; append-acct-status-type-attribute; load-balancing-mode failover; failback-timer -1; timeout 15000; retry-interval 3000; maximum-queue-length 10000; default-peer peer3;
|
Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |