Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring JSRC Policies (SRC CLI)

    Tasks to configure JSRC policies are:

    Configuring JSRC Policy Lists

    To configure policy lists:

    1. From configuration mode, create a policy list. For example, to create a policy list called l1 within a policy group called ise:
      user@host# edit policies group ise list l1
    2. Specify the type of policy list.
      [edit policies group ise list l1] user@host# set role junos-ise
    3. Specify where the policy is applied on the device.
      [edit policies group ise list l1] user@host# set applicability both

    Configuring JSRC Policy Rules

    To configure policy rules:

    1. From configuration mode, create a policy rule inside a policy list that has already been created and configured. For example, to create a policy rule called r1 within policy list l1:
      user@host# edit policies group ise list l1 rule r1
    2. Specify the type of policy rule.
      [edit policies group ise list l1 rule r1] user@host# set type junos-ise

    Configuring Dynamic Profile Actions

    Use this action to install existing dynamic profiles. You can configure dynamic profile actions for devices such as the MX Series routers.

    The profile name must match a dynamic profile configured on the device and the variable name must match a variable configured for the dynamic profile.

    Use the following configuration statements to configure a dynamic profile action:

    policies group name list name rule name dynamic-profile name { profile-name profile-name;description description;}
    policies group name list name rule name dynamic-profile name variables name { value value;type type;}

    To configure a dynamic profile action:

    1. From configuration mode, enter the dynamic profile action configuration. In this sample procedure, dp is the name of the dynamic profile action.
      user@host# edit policies group ise list l1 rule r1 dynamic-profile dp
    2. Enter the profile name to activate.
      [edit policies group ise list l1 rule r1 dynamic-profile dp] user@host# set profile-name profile-name
    3. (Optional) Enter a description for the dynamic profile action.
      [edit policies group ise list l1 rule r1 dynamic-profile dp] user@host# set description description
    4. From configuration mode, enter the parameters used by the profile.
      user@host# edit policies group ise list l1 rule r1 dynamic-profile dp variables name

      For example:

      user@host# edit policies group ise list l1 rule r1 dynamic-profile dp variables upstreamBandwidth
    5. (Optional) Configure the value for the variable.
      [edit policies group ise list l1 rule r1 dynamic-profile dp variables name] user@host# set value value

      For example:

      [edit policies group ise list l1 rule r1 dynamic-profile dp variables upstreamBandwidth] user@host# set value rateParameter
    6. (Optional) Configure the variable type. Variable types are mapped to parameter types.
      [edit policies group ise list l1 rule r1 dynamic-profile dp variables name] user@host# set type type

      For example:

      [edit policies group ise list l1 rule r1 dynamic-profile dp variables upstreamBandwidth] user@host# set type rate

    For more information about dynamic profiles and subscriber access, see the Junos OS Subscriber Management and Services Library.

    Configuring Operation Script for Policy Provisioning (SRC CLI)

    You can use operation scripts to support the policy provisioning for JSRC policy rules. The SRC software passes the operation script values configured by using the operation-script option under the [edit policies group name list name rule name] hierarchy level to the Extensible Subscriber Services Manager Daemon on the MX Series router. You can assign the operation script only to the rules for which the role of the policy list is set as junos-ise and the applicability is set as both.

    Note:

    • AA-Answer message can have both dynamic profile and operation script in the policy rule, whereas the Push-Profile-Request can have either dynamic profile or operation script in the policy rule.
    • In the policy rule configuration, the dynamic-profile and operation-script options are mutually exclusive.

    Use the following configuration statements to configure an operation script for JSRC policy rules:

    policies group name list name rule name operation-script{description description;script-name script-name;script-args-format script-args-format ;}
    policies group name list name rule name operation-script variables name {value value;type type;}

    Note: This configuration is reserved for use with a future MX release version that supports the Extensible Subscriber Services Manager Daemon feature.

    To configure an operation script for JSRC policy rules:

    1. From configuration mode, enter the operation script configuration.
      [edit policies group name list name rule name]user@host# set operation-script
    2. (Optional) Enter a description for the operation script.
      [edit policies group name list name rule name operation-script]user@host# set description description
    3. Enter a name for the operation script.
      [edit policies group name list name rule name operation-script]user@host# set script-name script-name
    4. Enter the operation script arguments.
      [edit policies group name list name rule name operation-script]user@host# set script-args-format script-args-format

      Use the format ‘$[arg1];$[arg2];$[arg3]’.

      For example: '$[user_ipAddress];[vlan]';

      Note:

      • You must enclose the arguments in quotation marks.
      • The operation script argument name must match a variable name configured for policy provisioning.
    5. From configuration mode, enter the parameters used by the operation script for policy provisioning.
      [edit]user@host# set policies group name list name rule name operation-script variables name]
    6. (Optional) Configure a value for the variable.
      [edit policies group name list name rule name operation-script variables name]user@host# set value value
    7. (Optional) Configure the variable type. Variable types are mapped to parameter types.
      [edit policies group name list name rule name operation-script variables name]user@host# set type type
    8. (Optional) Verify the operation script configuration.
      [edit policies group name list name rule name
      	user@host# show
      		operation-script {
        		script-args-format '$[user_ipAddress];$[vlan]';
      		script-name ngcoco;
      		 variables {
          			var1 {
      			      type any;
      			      value user_ipAddress;
         		}
      			var2 {
      			      type any;
      			      value vlan;
         		}
       	 		}
      	}
      type junos-ise;
      

    Published: 2014-06-25