Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Request Routing (SRC CLI)

    Configuration Statements for SIC Explicit Accounting Routing Rules

    Use the following statements to configure explicit routing rules for the SIC at the [edit] hierarchy level:

    shared sic group identifier server identifier accounting-route
    shared sic group identifier server identifier accounting-route id condition realm {(present | not-present);}
    shared sic group identifier server identifier accounting-route id condition realm does-not-equal valueshared sic group identifier server identifier accounting-route id condition realm equals valueshared sic group identifier server identifier accounting-route id condition realm has-prefix valueshared sic group identifier server identifier accounting-route id condition realm has-suffix valueshared sic group identifier server identifier accounting-route id condition realm range { low low; high high; }shared sic group identifier server identifier accounting-route id condition request
    shared sic group identifier server identifier accounting-route id condition request attribute attribute-name {(present | not-present);}
    shared sic group identifier server identifier accounting-route id condition request attribute attribute-name does-not-equal valueshared sic group identifier server identifier accounting-route id condition request attribute attribute-name equals valueshared sic group identifier server identifier accounting-route id condition request attribute attribute-name has-prefix valueshared sic group identifier server identifier accounting-route id condition request attribute attribute-name has-suffix valueshared sic group identifier server identifier accounting-route id condition request attribute attribute-name range { low low; high high; }
    shared sic group identifier server identifier accounting-route id condition user-identity {(present | not-present);}
    shared sic group identifier server identifier accounting-route id condition user-identity does-not-equal valueshared sic group identifier server identifier accounting-route id condition user-identity equals valueshared sic group identifier server identifier accounting-route id condition user-identity has-prefix valueshared sic group identifier server identifier accounting-route id condition user-identity has-suffix valueshared sic group identifier server identifier accounting-route id condition user-identity range { low low; high high; }

    Configuration Statements for SIC Explicit Authentication Routing Rules

    Use the following statements to configure explicit routing rules for the SIC at the [edit] hierarchy level:

    shared sic group identifier server identifier authentication-route idshared sic group identifier server identifier authentication-route id editing editing-rule
    shared sic group identifier server identifier authentication-route id target {}
    shared sic group identifier server identifier authentication-route id condition user-identity {(present | not-present);}
    shared sic group identifier server identifier authentication-route id condition user-identity range {low low;high high;}
    shared sic group identifier server identifier authentication-route id condition user-identity equals value shared sic group identifier server identifier authentication-route id condition user-identity does-not-equal value shared sic group identifier server identifier authentication-route id condition user-identity has-prefix value shared sic group identifier server identifier authentication-route id condition user-identity has-suffix value
    shared sic group identifier server identifier authentication-route id condition realm {(present | not-present);}
    shared sic group identifier server identifier authentication-route id condition realm range {low low;high high;}
    shared sic group identifier server identifier authentication-route id condition realm equals value shared sic group identifier server identifier authentication-route id condition realm does-not-equal value shared sic group identifier server identifier authentication-route id condition realm has-prefix value shared sic group identifier server identifier authentication-route id condition realm has-suffix value
    shared sic group identifier server identifier authentication-route id condition request {}
    shared sic group identifier server identifier authentication-route id condition request attribute attribute-name {(present | not-present);}
    shared sic group identifier server identifier authentication-route id condition request attribute attribute-name range {low low;high high;}
    shared sic group identifier server identifier authentication-route id condition request attribute attribute-name equals value shared sic group identifier server identifier authentication-route id condition request attribute attribute-name does-not-equal value shared sic group identifier server identifier authentication-route id condition request attribute attribute-name has-prefix value shared sic group identifier server identifier authentication-route id condition request attribute attribute-name has-suffix value

    Configuring Explicit Routing (SRC CLI)

    Explicit routing rules can be configured for accounting and authentication requests. When you configure an accounting or authentication route, you specify:

    • (Optional) An editing rule you want to apply to the request before it is forwarded to the target.
    • A predefined accounting method that is the target for the route.
    • A predefined authentication route target (network element).
    • (Optional) A set of conditions that must be matched in the request for the route to be selected.

      When multiple routes are configured, they are evaluated in the order they are displayed by the show command. A newly created route is displayed last among the routes and has the lowest priority, so it is evaluated last. You can use the SRC CLI insert command to move a route before or after another route to change its evaluation order. The higher a route is displayed on the list, the sooner it is evaluated.

      You can specify any combination of match conditions and condition tests as described in Table 1. For a complete list of statements used to configure explicit routing rules, see Configuration Statements for SIC Explicit Accounting Routing Rules and Configuration Statements for SIC Explicit Authentication Routing Rules.

      Table 1: Explicit Routing Rule Conditions

      Match Condition

      Condition Tests

      • Realm
      • User identity
      • Request attribute
      • Present
      • Not present
      • Equals
      • Does not equal
      • Has suffix
      • Has prefix
      • Within range

      For a complete list of statements you use to configure accounting routes, see Configuration Statements for SIC Explicit Accounting Routing Rules. For a complete list of statements you use to configure authentication routes, see Configuration Statements for SIC Explicit Authentication Routing Rules.

    To configure explicit routes:

    1. From configuration mode, access the configuration statement used to configure explicit routes. For example, to configure an accounting route called route66 for the server svr1, in a group called g1:
      [edit]user@host# edit shared sic group g1 server svr1 accounting-route route66
    2. (Optional) Specify the name of the predefined editing rule you want applied to the request before it is forwarded to the target. For example to apply an editing rule called er1:
      [edit shared sic group g1 server svr1 accounting-route route66]user@host# edit editing er1
    3. Specify a predefined accounting method or authentication routing target to use as the target of the route. If this route is selected, packets are routed to this target. For example, to specify an accounting method called acctg-meth1 as the target:
      [edit shared sic group g1 server svr1 accounting-route route66 editing er1]user@host# up[edit shared sic group g1 server svr1 accounting-route route66 editing]user@host# up[edit shared sic group g1 server svr1 accounting-route route66]user@host# edit target[edit shared sic group g1 server svr1 accounting-route route66 target]user@host# set accounting-method acctg-meth1
    4. (Optional) Specify the conditions that must be matched for the route to be selected. For example, to specify that the request must contain a realm=abc.com:
      [edit shared sic group g1 server svr1 accounting-route route66 target]user@host# up[edit shared sic group g1 server svr1 accounting-route route66]user@host# edit condition realm equals abc.com[edit shared sic group g1 server svr1 accounting-route route66 condition realm equals abc.com]user@host#
    5. Commit the configuration.
      user@host# commitcommit complete.
    6. Verify the routing configuration.
      [edit shared sic group g1 server svr1 accounting-route route66 condition realm equals abc.com]user@host# up[edit shared sic group g1 server svr1 accounting-route route66 condition realm]user@host# up[edit shared sic group g1 server svr1 accounting-route route66 condition]user@host# up[edit shared sic group g1 server svr1 accounting-route route66]user@host# show
      condition {
  realm {
    equals abc.com;
  }
}
editing {
  er1;
}
target {
  accounting-method acctg-meth1;
}

[edit shared sic group g1 server svr1 accounting-route route66]
user@host#

    Configuring Implicit Routing (SRC CLI)

    You configure implicit accounting and authentication routes by specifying the name of a previously configured network element that has the proxy function assigned to it. You can also define a default route used for all requests from all realms, or you can specify that only requests from specific realms are routed to the proxy AAA server. When you specify specific realms, you have the option to set a condition of either an exact match of the realm string, or a match on the prefix of the realm string.

    Use the following statements to configure implicit routes for the SIC:

    shared sic group identifier radius network-element id proxy { }shared sic group identifier radius network-element id proxy realm realmValue { condition (exact | prefix); }

    To configure implicit routes for the SIC:

    1. From configuration mode, access the statement that configures the remote AAA server as a proxy. For example, to configure the AAA server in a network element called ne1 as a proxy:
      [edit]user@host# edit shared sic group group1 radius network-element ne1 proxy
    2. (Optional) Specify that only requests from specific realms are routed to the proxy AAA server by specifying the names of the realms. For example, to specify that all requests from the realm called abc.com are routed to the proxy AAA server:
      [edit shared sic group group1 radius network-element ne1 proxy]user@host# edit realms abc.com
    3. (Optional) Specify the match condition for the realm.
      [edit shared sic group group1 radius network-element ne1 proxy realm abc.com]user@host# set condition exact | prefix
    4. (Optional) Specify whether you want this proxy AAA server to be the default route for requests from all realms.
      [edit shared sic group group1 radius network-element ne1 proxy]user@host# set default-route-for-all-realms

    Modified: 2016-12-29

    Previous Page Next Page