Configuring JSRC Policies (SRC CLI)
Tasks to configure JSRC policies are:
- Configuring JSRC Policy Lists
- Configuring JSRC Policy Rules
- Configuring Dynamic Profile Actions
- Configuring Operation Script for Policy Provisioning (SRC CLI)
Configuring JSRC Policy Lists
To configure policy lists:
- From configuration mode, create a policy list. For example,
to create a policy list called l1 within a policy group called ise: user@host# edit policies group ise list l1
- Specify the type of policy list. [edit policies group ise list l1] user@host# set role junos-ise
- Specify where the policy is applied on the device. [edit policies group ise list l1] user@host# set applicability both
Configuring JSRC Policy Rules
To configure policy rules:
- From configuration mode, create a policy rule inside a
policy list that has already been created and configured. For example,
to create a policy rule called r1 within policy list l1:user@host# edit policies group ise list l1 rule r1
- Specify the type of policy rule. [edit policies group ise list l1 rule r1] user@host# set type junos-ise
Configuring Dynamic Profile Actions
Use this action to install existing dynamic profiles. You can configure dynamic profile actions for devices such as the MX Series routers.
The profile name must match a dynamic profile configured on the device and the variable name must match a variable configured for the dynamic profile.
Use the following configuration statements to configure a dynamic profile action:
To configure a dynamic profile action:
- From configuration mode, enter the dynamic profile action
configuration. In this sample procedure, dp is the name of the dynamic
profile action. user@host# edit policies group ise list l1 rule r1 dynamic-profile dp
- Enter the profile name to activate. [edit policies group ise list l1 rule r1 dynamic-profile dp] user@host# set profile-name profile-name
- (Optional) Enter a description for the dynamic profile
action. [edit policies group ise list l1 rule r1 dynamic-profile dp] user@host# set description description
- From configuration mode, enter the parameters used by
the profile. user@host# edit policies group ise list l1 rule r1 dynamic-profile dp variables name
For example:
user@host# edit policies group ise list l1 rule r1 dynamic-profile dp variables upstreamBandwidth - (Optional) Configure the value for the variable. [edit policies group ise list l1 rule r1 dynamic-profile dp variables name] user@host# set value value
For example:
[edit policies group ise list l1 rule r1 dynamic-profile dp variables upstreamBandwidth] user@host# set value rateParameter - (Optional) Configure the variable type. Variable types
are mapped to parameter types. [edit policies group ise list l1 rule r1 dynamic-profile dp variables name] user@host# set type type
For example:
[edit policies group ise list l1 rule r1 dynamic-profile dp variables upstreamBandwidth] user@host# set type rate
For more information about dynamic profiles and subscriber access, see the Junos OS Broadband Subscriber Management and Services Library.
Configuring Operation Script for Policy Provisioning (SRC CLI)
You can use operation scripts to support the policy provisioning for JSRC policy rules. The SRC software passes the operation script values configured by using the operation-script option under the [edit policies group name list name rule name] hierarchy level to the Extensible Subscriber Services Manager Daemon on the MX Series router. You can assign the operation script only to the rules for which the role of the policy list is set as junos-ise and the applicability is set as both.
![]() | Note:
|
Use the following configuration statements to configure an operation script for JSRC policy rules:
To configure an operation script for JSRC policy rules:
- From configuration mode, enter the operation script configuration.[edit policies group name list name rule name]user@host# set operation-script
- (Optional) Enter a description for the operation script.[edit policies group name list name rule name operation-script]user@host# set description description
- Enter a name for the operation script.[edit policies group name list name rule name operation-script]user@host# set script-name script-name
- Enter the operation script arguments. [edit policies group name list name rule name operation-script]user@host# set script-args-format script-args-format
Use the format ‘$[arg1];$[arg2];$[arg3]’.
For example: '$[user_ipAddress];[vlan]';
Note:
- You must enclose the arguments in quotation marks.
- The operation script argument name must match a variable name configured for policy provisioning.
- From configuration mode, enter the parameters used by
the operation script for policy provisioning.[edit]user@host# set policies group name list name rule name operation-script variables name]
- (Optional) Configure a value for the variable.[edit policies group name list name rule name operation-script variables name]user@host# set value value
- (Optional) Configure the variable type. Variable types
are mapped to parameter types.[edit policies group name list name rule name operation-script variables name]user@host# set type type
- (Optional) Verify the operation script configuration.[edit policies group name list name rule name
user@host# show operation-script { script-args-format '$[user_ipAddress];$[vlan]'; script-name ngcoco; variables { var1 { type any; value user_ipAddress; } var2 { type any; value vlan; } } } type junos-ise;
Related Documentation
- Configuring JSRC on the MX Series Router
- Policy Rules Overview