Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Parameters for the Script Service for Packet Mirroring

    Provide parameter substitutions with the values that are in the service definitions for the script service.

    Table 1 lists the parameters specified by the sample packet-mirroring script service. In most cases, you can use the sample script service without modification.

    Table 1: Parameter Substitutions for Packet-Mirroring Services

    Parameter Name

    Description

    dynAnalyzerIPAddress

    RADIUS VSA that is the IP address of the analyzer device. This attribute is required.

    dynAnalyzerPortNumber

    RADIUS VSA that is the UDP port number of the monitoring application in the analyzer device. If specified, dynMirrorIdentifier must also be specified.

    dynMirrorIdentifier

    RADIUS VSA in the form of a hexadecimal string. If specified, dynAnalyzerPortNumber must also be specified.

    dynClientIp

    IP address of the dynamic RADIUS client.

    dynClientPort

    UDP port number of the dynamic RADIUS client.

    dynServerIp

    IP address of the C Series Controller.

    dynServerPort

    UDP port number of the C Series Controller.

    dynSecret

    Shared secret.

    dynRetry

    Number of retries for sending dynamic RADIUS packet when no RADIUS response is received. The retry interval is 3 seconds.

    dynConfig

    Content of dynamic RADIUS request packets in the format <action>. <radiusAttributeName>=<pluginEventAttribute>\n

    • action—Action that is executed on packet content (attribute)
      • start
      • stop
      • start-stop
    • radiusAttributeName—Valid RADIUS attribute specified as follows:
      • Standard RADIUS attribute name or number.
      • JunosE VSA in one of the following formats:

        vendor-specific.4874.<vsa#>[.salt]

        26.4874.<vsa#>[.salt]

        where .salt indicates that the attribute is MD5 salt-encrypted in the RADIUS packet.
    • pluginEventAttribute—Valid Python expression
    • \n—New-line character included between the lines of a configuration containing multiple lines; the entire configuration must be enclosed in quotation marks

      For example:

      start-stop.Acct-Session-Id = ifSessionId

      “ start-stop.Acct-Session-Id=ifSessionId\n start.vendor-specific.4874.58.salt=1\n start.vendor-specific.JUNIPER.Unisphere- Med-Dev-Handle.salt= custom['dynMirrorIdentifier'] \n start.vendor-specific. JUNIPER.Unisphere-Med-Ip-Address.salt=intIp(custom['dynAnalyzerIPAddress'])\n start.vendor-specific. JUNIPER.Unisphere-Med- Port-Number.salt= int(custom ['dynAnalyzerPortNumber'])\n stop.vendor- specific.4874.58.salt=0"

    To configure substitutions for the script parameters:

    1. At the hierarchy for the script service, specify substitutions for the parameters. For example:
      [edit services global service packetMirroring]user@host# set parameter substitution [ dynAnalyzerIPAddress=10.227.6.221
      dynAnalyzerPortNumber=9100 dynMirrorIdentifier=0x0000000100000001
      dynSecret=\”secret\” dynRetry=2 dynClientIp=10.227.7.111 dynClientPort=9099
      "dynConfig=\"start-stop.Acct-Session-Id =
      ifSessionId\\nstart.vendor-specific.JUNIPER.Unisphere-LI-Action.salt=1\\nstar
      t.vendor-specific.JUNIPER.Unisphere-Med-Dev-Handle.salt=custom['dynMirrorIde
      ntifier']\\nstart.vendor-specific.JUNIPER.Unisphere-Med-Ip-Address.salt=intIp(c
      ustom['dynAnalyzerIPAddress'])\\nstart.vendor-specific.JUNIPER.Unisphere-Me
      d-Port-Number.salt =
      int(custom['dynAnalyzerPortNumber'])\\nstop.vendor-specific.JUNIPER.Unisph
      ere-LI-Action.salt=0\"" ]
    2. Verify the configuration.
      [edit services global service packetMirroring]
      user@host# show 
      type script;
      status active;
      parameter { 
       substitution [ dynAnalyzerIPAddress=10.227.6.221 dynAnalyzerPortNumber=9100 
      dynMirrorIdentifier=0x0000000100000001 dynSecret=secret dynRetry=2
      dynClientIp=10.227.7.111 dynClientPort=9099 "dynConfig=\"start-stop.
      Acct-Session-Id = ifSessionId\\nstart.vendor-specific.JUNIPER.
      Unisphere-LI-Action.salt= 1\\nstart.vendor-specific.JUNIPER.
      Unisphere-Med-Dev-Handle.salt= custom['dynMirrorIdentifier']
      \\nstart.vendor-specific.JUNIPER.
      Unisphere-Med-Ip-Address.salt= intIp(custom['dynAnalyzerIPAddress'])
      \\nstart.vendor-specific.JUNIPER.
      Unisphere-Med-Port-Number.salt = int(custom['dynAnalyzerPortNumber'])
      \\nstop.vendor-specific.JUNIPER.Unisphere-LI-Action.salt=0\"" ]; } script { script-type url; class-name net.juniper.smgt.scriptServices.packetMirroring.LiService; file file:///opt/UMC/sae/lib/pm.jar; }

    Published: 2014-06-25