A
- access lines 1
- accesses
- configuring subscriptions
- accounting
- anonymous subscriber
- attributes
- authenticated subscriber
- authentication plug-ins
- authorization plug-ins
B
C
- captive portal
- classification scripts
- conditions 1
- configuring
- descriptions
- DHCP classification, C Series Controller
- interface classification, C Series Controller
- structure
- subscriber classification, C Series Controller
- target, C Series Controller
- component interactions
- conventions
- COPS (Common Open Policy Service)
- custom RADIUS accounting plug-ins 1
- configuring
- custom RADIUS authentication plug-ins 1
- configuring
- customer support 1
D
- default retailer authentication plug-ins
- configuring
- default retailer DHCP authentication plug-ins
- configuring
- denial-of-service attacks
- DHCP (Dynamic Host Configuration Protocol)
- address assignment
- classification scripts. See classification scripts
- options
- profiles
- subscribers
- documentation
E
- enterprise
- enterprise subscribers 1
- adding
- enterprise subscribers, login process
- event publishers
- configuring
- default retailer authentication, configuring
- default retailer DHCP authentication, configuring
- description
- retailer-specific
- service-specific
- virtual router-specific
- external plug-ins
- configuring
F
- file upload settings for log rotation
- configuring
- flat file accounting plug-ins 1
- flexible RADIUS accounting plug-ins 1
- attributes, defining
- configuring
- RADIUS packets, defining
- flexible RADIUS authentication plug-ins 1
- attributes, defining
- configuring
- RADIUS packets, defining
- setting responses
- FTP server for log rotation
G
- general properties
- configuring
H
- HTTP proxy 1, 2
- HTTPS traffic
I
- interface classification scripts. See classification scripts
- interim accounting, configuring on SAE
- internal plug-ins
- configuring
L
- LDAP authentication plug-in 1
- configuring
- limiting subscribers plug-in 1
- configuring
- log rotation
- overview
- logging
- login events, description
- login process
- login registration
- configuring
- logout process, residential
M
- managers
- manuals
N
- NAT (Network Address Translation)
- notice icons
P
- plug-ins
- activating service sessions
- authentication
- authorization
- basic RADIUS accounting 1
- basic RADIUS authentication 1
- creating subscriber sessions
- custom RADIUS accounting 1
- custom RADIUS authentication 1
- defining RADIUS packets
- DHCP address assignment
- event publishers. See event publishers
- external
- flat file accounting 1
- flexible RADIUS accounting 1
- flexible RADIUS authentication 1
- internal 1
- LDAP authentication 1
- limiting subscribers 1
- state synchronization
- tracking
- policy groups
- policy management
- PPP subscribers
- prevention, use of unauthorized resources
- protocols
- proxy HTTP 1, 2
- proxy request management
- public addresses, VPNs
Q
R
- RADIUS accounting
- RADIUS attributes
- defining in RADIUS plug-ins
- examples, defining in RADIUS plug-ins
- RADIUS client library, custom RADIUS plug-ins
- RADIUS packets, customizing in plug-ins
- RADIUS peers
- configuring in plug-ins
- RADIUS plug-ins 1, See also plug-ins
- redirect server
- assessing load
- configuration statements
- configuring
- configuring DNS server for
- configuring HTTP proxy support
- configuring redundant
- directory connection
- failover
- file extensions
- logging
- number of requests
- protection against denial-of-service attacks
- redundancy 1, 2, 3
- static route to router
- traffic definition
- verifying
- redundancy
- residential subscribers 1
- adding
- login process. See login process
- retailers
- subscribers 1
- router subscribers 1
- adding
- routing instances
- routing scheme
S
- SAE (service activation engine)
- classification scripts. See classification scripts
- login events
- login process. See login process
- SAE (service activation engine), configuring
- service activation engine. See SAE
- service sessions
- sites 1, 2, 3
- subscriber 1
- state synchronization plug-in interface
- configuring
- static IP subscribers, login process
- static routing
- subscriber classification scripts. See classification scripts
- subscriber folders 1
- adding
- subscriber sessions
- subscribers
- 3gpp attributes (Gx router driver)
- adding
- enterprise 1
- inheriting properties
- inheriting subscriptions
- residential 1
- retailer 1
- router 1
- sessions
- sites 1
- types
- subscriptions 1
- access, configuring
- an orderly deactivation, activation order, specifying
- configuring
- multiple per subscriber
- support, technical See technical support
T
- targets. See classification scripts
- technical support
- text conventions defined
- tracking plug-ins 1
- configuring
U
- UDP ports
- User Datagram Protocol. See UDP
V
- validating
- virtual private networks. See VPNs
- VPNs (virtual private networks)
- adding
- configuration requirements
- configuration statements
- extranet clients, modifying
- invalid subscriptions
- modifying
- routing schemes
- using NAT
- validating
Download This Guide
Related Documentation
- Classification Scripts Overview
- Classifying Interfaces (SRC CLI).
- Classifying Interfaces (C-Web Interface)
- Classifying Subscribers (SRC CLI)
- Classifying Subscribers (C-Web Interface)
- Classifying DHCP Subscribers (SRC CLI)
- Classifying DHCP Subscribers (C-Web Interface)
Configuring Classification Scripts Overview
Classification scripts are organized into rules. Each rule has a target and one or more match conditions. For example:
Subscriber Classifiers
subscriber-classifier {
.
.
.
rule rule-2 {
target <-unauthenticatedUserDn->;
condition {
"loginType == \"ADDR\"";
"loginType == \"AUTHADDR\"";
}
}
}
DHCP Classifiers
dhcp-classifier {
.
.
.
rule rule-2 {
target cn=default,<-dhcpProfileDN->;
condition {
1;
}
}
}
Interface Classifiers
interface-classifier {
.
.
.
rule rule-5 {
target /sample/junose/DHCP;
condition {
"interfaceName=\"fastEthernet*\"";
"interfaceName=\"atm*/*.*\"";
}
}
}
Classification Targets
A target is the result of the classification script that gets returned to the SAE. There are two special types of targets:
- No-match targets—Targets that begin with a - (single dash) are interpreted as no match. If the conditions of this target are matched, a no-match message is returned to SAE. You can use this type of target to exclude certain patterns or to shortcut known nonmatches. To speed up processing, use this target to specify interfaces that you do not want the SAE to manage.
- Script targets—The content of the script rule is
interpreted when the classifier is initially loaded. The script rule
can contain definitions of custom functions, which can be called during
the matching process. Because you can insert arbitrary code into a
script, you can use classification scripts to perform arbitrary tasks.
Because script targets use * (asterisks), you cannot use * in other types of targets.
Target Expressions
A target can contain expressions. These expressions can refer to an object in the SAE’s memory or configuration, to specific matching conditions, or to another function or script.
Suppose the classification object in a subscriber classifier contains a field called userName. The classifier target uniqueId=<- userName -> is expanded to contain the actual content of the userName field before it is returned to the SAE; for example, for userName=juser, uniqueId=juser is returned.
Target expressions are enclosed in angle brackets and hyphens; for example, <-retailerDn->. The classifier expands expressions before it returns the target to the SAE. The expression is interpreted by an embedded Python interpreter and can contain variables and Python operations. In the simplest case an expression can be a single variable that is replaced with its current contents. Available variable names are all fields of the object passed to the classifier and names created with regular expression matching.
Because a scripting interpreter interprets expressions, more complex operations are possible. Examples are:
- Indexing—var[index] returns the element index of a sequence. The first element is at index 0.
- Slicing—var[start : end] creates a substring of the variable var starting at index start up to, but not including, index end; for example, var=Hello, var[2:4] = ll
Classification Conditions
You can configure multiple classification conditions for a rule. For example:
If you prefix a condition with an & (ampersand) character, the condition is examined only if the previous condition matches.
If you prefix a condition with a | (pipe) character, the condition is examined only if the previous conditions have not produced a positive match.
You can use glob or regular expression matching to configure each target’s conditions.
Glob Matching
Glob matches are of the form:
where match is a pattern similar to UNIX filename matching. Glob matches are case insensitive. “field != match” is true, if field=match is not true.
- *—Matches any substring.
- ?—Matches any single character.
- [range]—Matches a single character in the specified range. Ranges can have the form a-z or abcd.
- [!range]—Matches a single character outside the specified range.
- C—Matches the single character c.
The available field names are described for the specific classifiers. Examples are:
- interfaceName = fastEthernet3/0 # matches the string “fastEthernet3/0” directly.
- interfaceName = fast*3/1 # matches any string that starts with “fast” and ends with “3/1”
- interfaceName = fast*3/1.* # starts with “fast”, contains “3/1.” arbitrary ending
- interfaceName = fast*3/[2-57] # starts with “fast”, contains “3/” followed by 2,3,4,5 or 7
Regular Expression Matching
Regular expression matches are of the form:
where field !~ re is true if field =~ re is not true. The regular expression is re. For a complete description of the syntax, see: https://docs.python.org/2/howto/regex.html.
You can group regular expressions with pairs of parentheses. If such an expression matches, the contents of the groups are made available for target expressions. Group number n is available as G[n], where n is the number of the opening parenthesis of the group. You can also name groups by using the special notation (?P<name>…).
Examples:
Related Documentation
- Classification Scripts Overview
- Classifying Interfaces (SRC CLI).
- Classifying Interfaces (C-Web Interface)
- Classifying Subscribers (SRC CLI)
- Classifying Subscribers (C-Web Interface)
- Classifying DHCP Subscribers (SRC CLI)
- Classifying DHCP Subscribers (C-Web Interface)
