Configuring Parameters for the Script Service for Packet Mirroring

Provide parameter substitutions with the values that are in the service definitions for the script service.

Table 6 lists the parameters specified by the sample packet-mirroring script service. In most cases, you can use the sample script service without modification.

Table 6: Parameter Substitutions for Packet-Mirroring Services

Parameter Name

Description

dynAnalyzerIPAddress

RADIUS VSA that is the IP address of the analyzer device. This attribute is required.

dynAnalyzerPortNumber

RADIUS VSA that is the UDP port number of the monitoring application in the analyzer device. If specified, dynMirrorIdentifier must also be specified.

dynMirrorIdentifier

RADIUS VSA in the form of a hexadecimal string. If specified, dynAnalyzerPortNumber must also be specified.

dynClientIp

IP address of the dynamic RADIUS client.

dynClientPort

UDP port number of the dynamic RADIUS client.

dynServerIp

IP address of the C Series Controller.

dynServerPort

UDP port number of the C Series Controller.

dynSecret

Shared secret.

dynRetry

Number of retries for sending dynamic RADIUS packet when no RADIUS response is received. The retry interval is 3 seconds.

dynConfig

Content of dynamic RADIUS request packets in the format <action>. <radiusAttributeName>=<pluginEventAttribute>\n

  • action—Action that is executed on packet content (attribute)
    • start
    • stop
    • start-stop
  • radiusAttributeName—Valid RADIUS attribute specified as follows:
    • Standard RADIUS attribute name or number.
    • JunosE VSA in one of the following formats:

      vendor-specific.4874.<vsa#>[.salt]

      26.4874.<vsa#>[.salt]

      where .salt indicates that the attribute is MD5 salt-encrypted in the RADIUS packet.
  • pluginEventAttribute—Valid Python expression
  • \n—New-line character included between the lines of a configuration containing multiple lines; the entire configuration must be enclosed in quotation marks

    For example:

    start-stop.Acct-Session-Id = ifSessionId

    “ start-stop.Acct-Session-Id=ifSessionId\n start.vendor-specific.4874.58.salt=1\n start.vendor-specific.JUNIPER.Unisphere- Med-Dev-Handle.salt= custom['dynMirrorIdentifier'] \n start.vendor-specific. JUNIPER.Unisphere-Med-Ip-Address.salt=intIp(custom['dynAnalyzerIPAddress'])\n start.vendor-specific. JUNIPER.Unisphere-Med- Port-Number.salt= int(custom ['dynAnalyzerPortNumber'])\n stop.vendor- specific.4874.58.salt=0"

To configure substitutions for the script parameters:

  1. At the hierarchy for the script service, specify substitutions for the parameters. For example:
    [edit services global service packetMirroring]user@host# set parameter substitution [ dynAnalyzerIPAddress=10.227.6.221
    dynAnalyzerPortNumber=9100 dynMirrorIdentifier=0x0000000100000001
    dynSecret=\”secret\” dynRetry=2 dynClientIp=10.227.7.111 dynClientPort=9099
    "dynConfig=\"start-stop.Acct-Session-Id =
    ifSessionId\\nstart.vendor-specific.JUNIPER.Unisphere-LI-Action.salt=1\\nstar
    t.vendor-specific.JUNIPER.Unisphere-Med-Dev-Handle.salt=custom['dynMirrorIde
    ntifier']\\nstart.vendor-specific.JUNIPER.Unisphere-Med-Ip-Address.salt=intIp(c
    ustom['dynAnalyzerIPAddress'])\\nstart.vendor-specific.JUNIPER.Unisphere-Me
    d-Port-Number.salt =
    int(custom['dynAnalyzerPortNumber'])\\nstop.vendor-specific.JUNIPER.Unisph
    ere-LI-Action.salt=0\"" ]
  2. Verify the configuration.
    [edit services global service packetMirroring]
    user@host# show 
    type script;
    status active;
    parameter { 
     substitution [ dynAnalyzerIPAddress=10.227.6.221 dynAnalyzerPortNumber=9100 
    dynMirrorIdentifier=0x0000000100000001 dynSecret=secret dynRetry=2
    dynClientIp=10.227.7.111 dynClientPort=9099 "dynConfig=\"start-stop.
    Acct-Session-Id = ifSessionId\\nstart.vendor-specific.JUNIPER.
    Unisphere-LI-Action.salt= 1\\nstart.vendor-specific.JUNIPER.
    Unisphere-Med-Dev-Handle.salt= custom['dynMirrorIdentifier']
    \\nstart.vendor-specific.JUNIPER.
    Unisphere-Med-Ip-Address.salt= intIp(custom['dynAnalyzerIPAddress'])
    \\nstart.vendor-specific.JUNIPER.
    Unisphere-Med-Port-Number.salt = int(custom['dynAnalyzerPortNumber'])
    \\nstop.vendor-specific.JUNIPER.Unisphere-LI-Action.salt=0\"" ]; } script { script-type url; class-name net.juniper.smgt.scriptServices.packetMirroring.LiService; file file:///opt/UMC/sae/lib/pm.jar; }

Related Documentation