Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Example: Basic SIC Group Configuration (SRC CLI)

This sample configuration uses the default SIC group called default-group, and the default SIC server called default-server.

An editing rule called username specifies that if the source, which is the request attribute User-Name, contains the @test.com suffix, the suffix is to be removed, and the resulting value placed in the target, which is the request attribute User-Name. A second editing rule, called vpnid, specifies that the target, which is the SIC variable vpn-id, should be replaced with the value of the source, which is the request attribute NAS-Identifier.

The SIC group (default-group) includes the default device model called default-model, which are both using the default dictionary called radius.

The accounting listener for the SIC listens on port 1813 for incoming accounting events. An upstream network element called netpc is using the default device model called default-model. The netpc network element contains four accounting clients called netpc13, netpc14, netpc15, and netpc16. The IP addresses and shared secrets of these accounting clients are provided as examples only. The outbound transport uses port 0.

The accounting route called test-route specifies that the editing rule called vpnid is to be applied before the request is routed to the accounting target.

Table 30 lists the attribute mapping defined between the SIC and the SAE plug-in attributes.

Table 30: Sample Configuration Attribute Associations

SIC Variable or Attribute

SAE Plug-In Attribute

Request-attribute User-Name

Login-name

Request-attribute Calling-Station-Id

Property.calling-station-id

Variable ReceiveTime

Property.session-start-time

Variable UserStatusType

Property.session-state

Request-attribute Framed-IP-Address

User-inet-address

Three log streams are configured, including the default log stream called default-logger, which captures events for the log groups at the event levels listed in Table 31.

Table 31: Log Groups and Associated Event Level for Log Stream=default logger

Log Group

Event Level

Administration

Warning

Configuration

Warning

Packet

Debug

PacketTrace

Warning

PacketTraceRaw

Warning

System

Warning

Two additional log streams are configured, called debug-logger and error-logger, which capture events for the log groups at the event levels listed in Table 32 and Table 33.

Table 32: Log Groups and Associated Event Level for Log Stream=debug-logger

Log Group

Event Level

Administration

Debug

Configuration

Debug

Packet

Debug

PacketTrace

Debug

PacketTraceRaw

Debug

System

Debug

Table 33: Log Groups and Associated Event Level for Log Stream=error-logger

Log Group

Event Level

Administration

Warning

Configuration

Warning

Packet

Warning

PacketTrace

Warning

PacketTraceRaw

Warning

System

Warning

user@host# show slot 0 sic

initial {
  directory-connection {
    credentials ********;
    entry-dn l=SIC,ou=staticConfiguration,ou=Configuration,o=Management,o=umc;
    filter (objectClass=*);
    port 389;
    principal cn=umcadmin,o=umc;
    url 127.0.0.1;
  }
}
server {
  name default-server;
}
[edit]


********

user@host# show shared sic group default-group editing
username {
    mode replace;
    source {
      request-attribute {
        User-Name {
          remove-suffix @test.com;
        }
      }
    }
    target {
      request-attribute User-Name;
    }
}
vpnid {
    mode replace;
    source {
      request-attribute {
        NAS-Identifier;
      }
    }
    target {
      variable vpn-id;
    }
}

[edit]


********

user@host# show shared sic group default-group radius
accounting-listener {
  transport {
    1813 {
      connect-timeout 1000;
      connections-per-thread 15;
      disconnect-timeout 1000;
      port 1813;
    }
  }
}
network-element netpc {
  upstream {
    model default-model;
    accounting-client {
      netpc13 {
        accounting-secret secret;
        address 10.227.6.213;
      }
      netpc14 {
        accounting-secret secret;
        address 10.227.6.214;
      }
      netpc15 {
        accounting-secret secret;
        address 10.227.6.215;
      }
      netpc16 {
        accounting-secret secret;
        address 10.227.6.216;
      }
    }
  }
}
outbound-transport {
  default-outbound-transport {
    connect-timeout 1000;
    connections-per-thread 15;
    disconnect-timeout 1000;
    port 0;
  }
}

[edit]
user@host# show shared sic group default-group dictionary radius
attribute ARAP-Challenge-Response {
  radius {
    format octets;
    type 84;
  }
}
attribute ARAP-Features {
  radius {
    format octets;
    type 71;
  }
}
attribute ARAP-Password {
  radius {
    format octets;
    type 70;
  }

 }
 attribute Proxy-State {
   radius {
     format string;
     type 33;
   }
 }
 attribute Reply-Message {
   radius {
     format string;
     type 18;
   }
 }
 attribute Service-Type {
   radius {
     constant Administrative {
       6;
     }
     constant Authenticate-Only {
       8;
     }
     constant Authorize-Only {
       17;
     }
     constant Call-Check {
       10;
     }
     constant Callback-Administrative {
       11;
     }
     constant Callback-Framed {
       4;
     }
     constant Callback-Login {
       3;
     }
     constant Callback-NAS-Prompt {
       9;
     }
     constant Fax {
       13;
     }
     constant Framed {
       2;
     }
     constant IAPP-AP-Check {
       16;
     }
     constant IAPP-Register {
       15;
     }
     constant Login {
       1;
     }
     constant Modem-Relay {
       14;
     }
     constant NAS-Prompt {
       7;
     }
     constant Outbound {
       5;
     }
     constant Voice {
       12;
     }
     format integer;
     type 6;
   }
 }
 attribute Session-Timeout {
   radius {
     format integer;
     type 27;
   }
 }
 attribute State {
   radius {
     format string;
     type 24;
   }
 }
 attribute TeliaSonera-Chargeable-User-Id {
   radius {
     format string;
     type 192;
     vendor-id 15297;
   }
 }
 attribute TeliaSonera-Location-Info {
   radius {
     format string;
     type 194;
     vendor-id 15297;
   }
 }
 attribute TeliaSonera-Location-Name {
   radius {
     format string;
     type 195;
     vendor-id 15297;
   }
 }
 attribute TeliaSonera-Operator-Name {
   radius {
     format string;
     type 193;
     vendor-id 15297;
   }
 }
 attribute TeliaSonera-Visited-Operator-ID {
   radius {
     format string;
     type 196;
     vendor-id 15297;
   }
 }
 attribute Termination-Action {
   radius {
     constant Default {
       0;
     }
     constant RADIUS-Request {
       1;
     }
     format integer;
     type 29;
   }
 }
 attribute Tunnel-Assignment-ID {
   radius {
     format string;
     tagged;
     type 82;
   }
 }
 attribute Tunnel-Client-Auth-ID {
   radius {
     format string;
     tagged;
     type 90;
   }
 }
 attribute Tunnel-Client-Endpoint {
   radius {
     format string;
     tagged;
     type 66;
   }
 }
 attribute Tunnel-Medium-Type {
   radius {
     constant 802 {
       6;
     }
     constant ATM {
       3;
     }
     constant Appletalk {
       12;
     }
     constant BBN-1822 {
       5;
     }
     constant Banyan-Vines {
       14;
     }
     constant Decnet-IV {
       13;
     }
     constant E.163 {
       7;
     }
     constant E.164 {
       8;
     }
     constant E.164-NSAP-subaddress {
       15;
     }
     constant F.69 {
       9;
     }
     constant Frame-Relay {
       4;
     }
     constant IP {
       1;
     }
     constant IPX {
       11;
     }
     constant X.121 {
       10;
     }
     constant X.25 {
       2;
     }
     format integer;
     tagged;
     type 65;
   }
 }
 attribute Tunnel-Password {
   radius {
     format string;
     salt-encrypt;
     tagged;
     type 69;
   }
 }
 attribute Tunnel-Preference {
   radius {
     format integer;
     tagged;
     type 83;
   }
 }
 attribute Tunnel-Private-Group-ID {
   radius {
     format string;
     tagged;
     type 81;
   }
 }
 attribute Tunnel-Server-Auth-ID {
   radius {
     format string;
     tagged;
     type 91;
   }
 }
 attribute Tunnel-Server-Endpoint {
   radius {
     format string;
     tagged;
     type 67;
   }
 }
 attribute Tunnel-Type {
   radius {
     constant AH {
       6;
     }
     constant ATMP {
       4;
     }
     constant DVS {
       11;
     }
     constant ESP {
       9;
     }
     constant GRE {
       10;
     }
     constant IP-IP {
       7;
     }
     constant IP-IP-Tunneling {
       12;
     }
     constant L2F {
       2;
     }
     constant L2TP {
       3;
     }
     constant MIN-IP-IP {
       8;
     }
     constant PPTP {
       1;
     }
     constant VLAN {
       13;
     }
     constant VTP {
       5;
     }
     format integer;
     tagged;
     type 64;
   }
 }
 attribute User-Name {
   radius {
     format string;
     type 1;
   }
 }
 attribute User-Password {
   radius {
     format string;
     type 2;
   }
 }
user@host# show default-model
dictionary radius;

********

user@host# show shared sic group default-group server
default-server {
  accounting-route {
    test-route {
      editing {
        vpnid;
      }
      target {
        accounting-method default-method;
      }
    }
    default-route {
      target {
        accounting-method default-method;
      }
    }
  }
  logger {
    debug-logger {
      file {
        filename sic_debug;
        filter /debug-error;
        flush-after-writes;
        maximum-file-size 0;
        prepend-message-header;
        rollover-interval 86400;
      }
      group {
        administration events debug;
        configuration events debug;
        packet events debug;
        packet-trace events debug;
        packet-trace-raw events debug;
        system events debug;
      }
    }
    default-logger {
      file {
        filename sic;
        filter customized;
        flush-after-writes;
        maximum-file-size 0;
        prepend-message-header;
        rollover-interval 86400;
      }
      group {
        administration events warning;
        configuration events warning;
        packet events debug;
        packet-trace events warning;
        packet-trace-raw events warning;
        system events warning;
      }
    }
    error-logger {
      file {
        filename sic_error;
        filter /error;
        flush-after-writes;
        maximum-file-size 0;
        prepend-message-header;
        rollover-interval 86400;
      }
      group {
        administration events warning;
        configuration events warning;
        packet events warning;
        packet-trace events warning;
        packet-trace-raw events warning;
        system events warning;
      }
    }
  }
}

[edit]

Related Documentation

Modified: 2017-08-03