Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Basic SIC Group Configuration (SRC CLI)

    This sample configuration uses the default SIC group called default-group, and the default SIC server called default-server.

    An editing rule called username specifies that if the source, which is the request attribute User-Name, contains the @test.com suffix, the suffix is to be removed, and the resulting value placed in the target, which is the request attribute User-Name. A second editing rule, called vpnid, specifies that the target, which is the SIC variable vpn-id, should be replaced with the value of the source, which is the request attribute NAS-Identifier.

    The SIC group (default-group) includes the default device model called default-model, which are both using the default dictionary called radius.

    The accounting listener for the SIC listens on port 1813 for incoming accounting events. An upstream network element called netpc is using the default device model called default-model. The netpc network element contains four accounting clients called netpc13, netpc14, netpc15, and netpc16. The IP addresses and shared secrets of these accounting clients are provided as examples only. The outbound transport uses port 0.

    The accounting route called test-route specifies that the editing rule called vpnid is to be applied before the request is routed to the accounting target, which by default is the SSR database (default-method).

    Table 1 lists the attribute mapping defined between the SIC and the SAE plug-in attributes.

    Table 1: Sample Configuration Attribute Associations

    SIC Variable or Attribute

    SAE Plug-In Attribute

    Request-attribute User-Name

    Login-name

    Request-attribute Calling-Station-Id

    Property.calling-station-id

    Variable ReceiveTime

    Property.session-start-time

    Variable UserStatusType

    Property.session-state

    Request-attribute Framed-IP-Address

    User-inet-address

    Three log streams are configured, including the default log stream called default-logger, which captures events for the log groups at the event levels listed in Table 2.

    Table 2: Log Groups and Associated Event Level for Log Stream=default logger

    Log Group

    Event Level

    Administration

    Warning

    Configuration

    Warning

    Packet

    Debug

    PacketTrace

    Warning

    PacketTraceRaw

    Warning

    System

    Warning

    Two additional log streams are configured, called debug-logger and error-logger, which capture events for the log groups at the event levels listed in Table 3 and Table 4.

    Table 3: Log Groups and Associated Event Level for Log Stream=debug-logger

    Log Group

    Event Level

    Administration

    Debug

    Configuration

    Debug

    Packet

    Debug

    PacketTrace

    Debug

    PacketTraceRaw

    Debug

    System

    Debug

    Table 4: Log Groups and Associated Event Level for Log Stream=error-logger

    Log Group

    Event Level

    Administration

    Warning

    Configuration

    Warning

    Packet

    Warning

    PacketTrace

    Warning

    PacketTraceRaw

    Warning

    System

    Warning

    user@host# show slot 0 sic
    
    initial {
      directory-connection {
        credentials ********;
        entry-dn l=SIC,ou=staticConfiguration,ou=Configuration,o=Management,o=umc;
        filter (objectClass=*);
        port 389;
        principal cn=umcadmin,o=umc;
        url 127.0.0.1;
      }
    }
    server {
      name default-server;
    }
    user@host# show shared sic group default-group accounting-method
    default-method database {
       plug-in-attribute {
         login-name {
           request-attribute User-Name;
         }
         property.calling-station-id {
           request-attribute Calling-Station-Id;
         }
         property.session-start-time {
           variable ReceiveTime;
         }
         property.session-state {
           variable UserStatusType;
         }
         user-inet-address {
           request-attribute Framed-IP-Address;
         }
         vpn-id;
       }
     }
    
    [edit]
    
    
    ********
    
    user@host# show shared sic group default-group editing
    username {
        mode replace;
        source {
          request-attribute {
            User-Name {
              remove-suffix @test.com;
            }
          }
        }
        target {
          request-attribute User-Name;
        }
    }
    vpnid {
        mode replace;
        source {
          request-attribute {
            NAS-Identifier;
          }
        }
        target {
          variable vpn-id;
        }
    }
    
    [edit]
    
    
    ********
    
    user@host# show shared sic group default-group radius
    accounting-listener {
      transport {
        1813 {
          connect-timeout 1000;
          connections-per-thread 15;
          disconnect-timeout 1000;
          port 1813;
        }
      }
    }
    network-element netpc {
      upstream {
        model default-model;
        accounting-client {
          netpc13 {
            accounting-secret secret;
            address 10.227.6.213;
          }
          netpc14 {
            accounting-secret secret;
            address 10.227.6.214;
          }
          netpc15 {
            accounting-secret secret;
            address 10.227.6.215;
          }
          netpc16 {
            accounting-secret secret;
            address 10.227.6.216;
          }
        }
      }
    }
    outbound-transport {
      default-outbound-transport {
        connect-timeout 1000;
        connections-per-thread 15;
        disconnect-timeout 1000;
        port 0;
      }
    }
    
    [edit]
    user@host# show shared sic group default-group dictionary radius
    attribute ARAP-Challenge-Response {
      radius {
        format octets;
        type 84;
      }
    }
    attribute ARAP-Features {
      radius {
        format octets;
        type 71;
      }
    }
    attribute ARAP-Password {
      radius {
        format octets;
        type 70;
      }
    
     }
     attribute Proxy-State {
       radius {
         format string;
         type 33;
       }
     }
     attribute Reply-Message {
       radius {
         format string;
         type 18;
       }
     }
     attribute Service-Type {
       radius {
         constant Administrative {
           6;
         }
         constant Authenticate-Only {
           8;
         }
         constant Authorize-Only {
           17;
         }
         constant Call-Check {
           10;
         }
         constant Callback-Administrative {
           11;
         }
         constant Callback-Framed {
           4;
         }
         constant Callback-Login {
           3;
         }
         constant Callback-NAS-Prompt {
           9;
         }
         constant Fax {
           13;
         }
         constant Framed {
           2;
         }
         constant IAPP-AP-Check {
           16;
         }
         constant IAPP-Register {
           15;
         }
         constant Login {
           1;
         }
         constant Modem-Relay {
           14;
         }
         constant NAS-Prompt {
           7;
         }
         constant Outbound {
           5;
         }
         constant Voice {
           12;
         }
         format integer;
         type 6;
       }
     }
     attribute Session-Timeout {
       radius {
         format integer;
         type 27;
       }
     }
     attribute State {
       radius {
         format string;
         type 24;
       }
     }
     attribute TeliaSonera-Chargeable-User-Id {
       radius {
         format string;
         type 192;
         vendor-id 15297;
       }
     }
     attribute TeliaSonera-Location-Info {
       radius {
         format string;
         type 194;
         vendor-id 15297;
       }
     }
     attribute TeliaSonera-Location-Name {
       radius {
         format string;
         type 195;
         vendor-id 15297;
       }
     }
     attribute TeliaSonera-Operator-Name {
       radius {
         format string;
         type 193;
         vendor-id 15297;
       }
     }
     attribute TeliaSonera-Visited-Operator-ID {
       radius {
         format string;
         type 196;
         vendor-id 15297;
       }
     }
     attribute Termination-Action {
       radius {
         constant Default {
           0;
         }
         constant RADIUS-Request {
           1;
         }
         format integer;
         type 29;
       }
     }
     attribute Tunnel-Assignment-ID {
       radius {
         format string;
         tagged;
         type 82;
       }
     }
     attribute Tunnel-Client-Auth-ID {
       radius {
         format string;
         tagged;
         type 90;
       }
     }
     attribute Tunnel-Client-Endpoint {
       radius {
         format string;
         tagged;
         type 66;
       }
     }
     attribute Tunnel-Medium-Type {
       radius {
         constant 802 {
           6;
         }
         constant ATM {
           3;
         }
         constant Appletalk {
           12;
         }
         constant BBN-1822 {
           5;
         }
         constant Banyan-Vines {
           14;
         }
         constant Decnet-IV {
           13;
         }
         constant E.163 {
           7;
         }
         constant E.164 {
           8;
         }
         constant E.164-NSAP-subaddress {
           15;
         }
         constant F.69 {
           9;
         }
         constant Frame-Relay {
           4;
         }
         constant IP {
           1;
         }
         constant IPX {
           11;
         }
         constant X.121 {
           10;
         }
         constant X.25 {
           2;
         }
         format integer;
         tagged;
         type 65;
       }
     }
     attribute Tunnel-Password {
       radius {
         format string;
         salt-encrypt;
         tagged;
         type 69;
       }
     }
     attribute Tunnel-Preference {
       radius {
         format integer;
         tagged;
         type 83;
       }
     }
     attribute Tunnel-Private-Group-ID {
       radius {
         format string;
         tagged;
         type 81;
       }
     }
     attribute Tunnel-Server-Auth-ID {
       radius {
         format string;
         tagged;
         type 91;
       }
     }
     attribute Tunnel-Server-Endpoint {
       radius {
         format string;
         tagged;
         type 67;
       }
     }
     attribute Tunnel-Type {
       radius {
         constant AH {
           6;
         }
         constant ATMP {
           4;
         }
         constant DVS {
           11;
         }
         constant ESP {
           9;
         }
         constant GRE {
           10;
         }
         constant IP-IP {
           7;
         }
         constant IP-IP-Tunneling {
           12;
         }
         constant L2F {
           2;
         }
         constant L2TP {
           3;
         }
         constant MIN-IP-IP {
           8;
         }
         constant PPTP {
           1;
         }
         constant VLAN {
           13;
         }
         constant VTP {
           5;
         }
         format integer;
         tagged;
         type 64;
       }
     }
     attribute User-Name {
       radius {
         format string;
         type 1;
       }
     }
     attribute User-Password {
       radius {
         format string;
         type 2;
       }
     }
    user@host# show default-model
    dictionary radius;
    
    ********
    
    user@host# show shared sic group default-group server
    default-server {
      accounting-route {
        test-route {
          editing {
            vpnid;
          }
          target {
            accounting-method default-method;
          }
        }
        default-route {
          target {
            accounting-method default-method;
          }
        }
      }
      logger {
        debug-logger {
          file {
            filename sic_debug;
            filter /debug-error;
            flush-after-writes;
            maximum-file-size 0;
            prepend-message-header;
            rollover-interval 86400;
          }
          group {
            administration events debug;
            configuration events debug;
            packet events debug;
            packet-trace events debug;
            packet-trace-raw events debug;
            system events debug;
          }
        }
        default-logger {
          file {
            filename sic;
            filter customized;
            flush-after-writes;
            maximum-file-size 0;
            prepend-message-header;
            rollover-interval 86400;
          }
          group {
            administration events warning;
            configuration events warning;
            packet events debug;
            packet-trace events warning;
            packet-trace-raw events warning;
            system events warning;
          }
        }
        error-logger {
          file {
            filename sic_error;
            filter /error;
            flush-after-writes;
            maximum-file-size 0;
            prepend-message-header;
            rollover-interval 86400;
          }
          group {
            administration events warning;
            configuration events warning;
            packet events warning;
            packet-trace events warning;
            packet-trace-raw events warning;
            system events warning;
          }
        }
      }
    }
    
    [edit]
    

    Published: 2014-06-19