RADIUS Triggered Dynamic Data Services Command Reference

This command enables the context to configure dynamic services parameters on a capture SAP.

This command disables or enables data-triggered dynamic services on this capture-sap.

This command enables the context to configure dynamic data services. Only available on systems with multi-core CPM (CPM3 or up).

This command creates a new dynamic services policy that can be used to create dynamic data services.

The no form of the command removes the dynamic services policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

This command enables the context to configure the first RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.

This command enables the context to configure the second RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.

This command configures the radius server policy to be used for dynamic data services RADIUS accounting.

The no form of the command removes the radius server policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

This command configures the type of statistics to be reported in dynamic data services RADIUS accounting. A RADIUS specified Stats Type overrides the CLI configured value.

The no form of the command resets the default value.

This command specifies the interval between each RADIUS Accounting Interim-Update message (minimum 5 minutes; maximum 180 days).

The no form of the command disables the sending of Accounting Interim-Update messages.

A RADIUS specified Accounting Interim Interval overrides the CLI configured value.

This command specifies the absolute maximum random delay introduced on the update interval between two RADIUS Accounting Interim Update messages. The effective maximum random delay value is the minimum of the configured absolute jitter value and 10% of the configured update-interval.

A value of zero will send the accounting interim update message without introducing an additional random delay.

The no form of the command sets the default to 10% of the configured update-interval.

This command enables the context to configure authentication parameters for data-triggered dynamic services.

This command configures the local authentication database to be used for local authentication of data-triggered dynamic services.

Local authentication and RADIUS authentication are mutually exclusive.

The no form of the command removes the local authentication database from the configuration and disables local authentication.

This command configures the password to be used for RADIUS authentication of data-triggered dynamic services.The no form of the command removes the password from the configuration.

This command configures the RADIUS server policy to be used for RADIUS authentication of data-triggered dynamic services.

Local authentication and RADIUS authentication are mutually exclusive.

The no form of the command removes the server policy from the configuration and disables RADIUS authentication.

This command creates a local authentication database that can be used for local authentication of data-triggered dynamic services.The no form of the command removes the local authentication database from the configuration.

This command disables or enables the local authentication database. When disabled, the database cannot be used for authentication.

This command creates a user name entry in the local authentication database. The user name entry is used to match with the user name of a local authenticated dynamic service data trigger. The user name of a dynamic service data trigger is fixed to the sap-id. When matched, the corresponding authentication data is used to set up the dynamic data services.The no form of the command removes the user name entry from the local authentication database configuration.

Disables or enables a user name entry in the local authentication database. When disabled, the entry will not be matched.

This command creates an index entry containing authentication data for a dynamic service SAP. Up to 32 indexes can be created per user name entry, representing up to 32 dynamic service SAPs that can be instantiated with a single dynamic service data trigger. One of the dynamic service SAPs must be the data trigger SAP.The no form of the command removes the index entry from the user name entry in the local authentication database configuration.

This command creates a context for one of the two accounting destinations specified in the dynamic services policy. In this context, overrides of RADIUS accounting parameters can be specified.The no form of the command removes the RADIUS accounting overrides context from the configuration

This command specifies whether dynamic service accounting should be enabled or disabled for this destination. RADIUS accounting is enabled by specifying the stats type: volume and time or time only. This command overrides the local configured value in the dynamic services policy.The no form of the command disables RADIUS accounting (stats-type off).

This command specifies the time between each dynamic data service accounting interim update for this accounting destination. This command overrides the local configured value in the dynamic services policy.

The no form of the command disables the generation of interim accounting updates to this destination.

The minimum update interval is 5 minutes.

This command specifies the local configured dynamic data service policy to use for provisioning (local authentication database context) or authentication (capture-sap context) of this dynamic service. If not specified, the dynamic services policy with the name “default” is used. If the default policy does not exist, then the dynamic data service setup or authentication will fail.The no form of the command removes the dynamic services policy from the configuration.

This command specifies the dynamic data service SAP that will be created. A dynamic service SAP ID uniquely identifies a dynamic data service instance. For a local authenticated dynamic service data trigger, one of the dynamic service SAP IDs must be the data trigger SAP.The no form of the command removes the sap-id from the configuration.

This command specifies the first part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions will be called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of the command removes script-parameters-1 from the configuration.

This command specifies the second part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions will be called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of the command removes the script-parameters-2 from the configuration.

This command specifies the third part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions will be called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of the command removes the script-parameters-3 from the configuration

This command specifies the fourth part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions will be called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of the command removes the script-parameters-4 from the configuration.

This command specifies the CLI user to be used to execute the dynamic data services CLI scripts. Via the specified user’s profile, it is possible to further restrict the internal list of allowed commands to be executed via dynamic data service CLI scripts.

The no form of the command sets the CLI user to an internal user with all configuration rights.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

This command specifies a limit for the number of dynamic data service instances (SAPs) that can be setup simultaneously using a given dynamic services policy.

A value of zero (0) means the policy will be drained: existing dynamic data services can be modified and torn down but no new dynamic data services can be setup.

This command specifies the radius script policy to be used to setup the dynamic data services. The script-policy configuration cannot be changed when there are active dynamic data services referencing the policy.

The no form of this command removes the script-policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

This command specifies the service id range that is reserved for dynamic data service creation. The range cannot overlap with existing static configured services. Once configured with active dynamic services in the range, the service-range can only be extended at the end.

The no form of this command removes the service-range from the configuration. This is only allowed when there are no active dynamic data services.

When no service-range is specified, the setup of dynamic data services will fail.

This command enables the context to configure dynamic data services related timers.

This command specifies the time that dynamic data services setup requests from a RADIUS Access-Accept are hold in an internal work queue waiting to be processed. If after the timeout, the dynamic data service setup request is still in the queue (meaning it is not setup), then the dynamic service setup request will be removed from the queue and the setup fails.

The no form of this command resets the timeout to 2 seconds.

Note: See also the description for the enable-dynamic-services-config command.

This command allows a user with admin permissions to configure a system wide password which enables a user to enter a special dynamic services configuration mode.

The minimum length of the password is determined by the minimum-length command. The complexity requirements for the password are determined by the complexity command.

The no form of the command removes the dynsvc password from the configuration

Note: See also the description for the dynsvc-password command.

If the dynsvc-password is configured in the config>system>security>password context, then any user can enter a special dynamic services configuration mode by entering the enable-dynamic-services-config command.

The enable-dynamic-services-config command is not in the default profile. To give access to this command, the user must belong to the administrative profile or a new profile should be created.

Once the enable-dynamic-services-config command is entered, the user is prompted for a password. If the password matches, the user is given access to the dynamic services configuration. Access to static configuration is in this case prohibited.

To verify that a user is in the enable-dynamic-services-config mode, use the show users command. Users in the enable-dynamic-services-config mode lists the letter “D” next to the user’s CLI session.

The no form of this command disables the dynamic services configuration mode for this user.

This command displays the running configuration for the configuration context where it is entered and all branches below that context level.

By default, the command only enters the configuration parameters that vary from the default values.

The detail keyword causes all configuration parameters to be displayed. The include-dynamic objective keyword includes configuration parameters from dynamic sources such as VSD or dynamic data services Python scripts. These dynamic configuration parameters are not saved in the configuration file.

This command enables the context to show dynamic services information.

This command displays the active dynamic services data trigger details.

This command displays the dynamic services policy information.

This command displays the status and statistics of a dynamic services capture. Statistics include counters for the number of data triggers received and data trigger drop reasons.

This command displays the root objects created by dynamic data services.

OID prefix and index — The corresponding SNMP OID prefix and index for this root object.

Snippet name — The name of the python function that created this root object. The name is set to N/A when the root-object is orphaned.

Snippet instance — The instance for which the python function with “Snippet name” created this root object. If the snippet is a result from a dynamic reference, then the snippet instance is the reference-id string passed in the dyn.reference(). If the snippet is not the result from a dynamic reference, then the snippet instance is the dynamic data service SAP-ID. The instance is set to N/A when the root object is orphaned.

Orphan time — Shows the timestamp when the root-object became orphaned (root-object not deleted when corresponding teardown function is called) or N/A if the root-object is not orphaned.

This command displays the dynamic services SAPs (instances) details:

This command enables the context to show dynamic services script information.

This command displays the dynamic services snippets information.

The CLI output generated by a single dynamic service python function call is a snippet instance.

The name of the snippet instance is the function key in the dyn.action() dictionary that caused this function to be called. This name is the dictionary name passed via RADIUS for top-level snippets or the first parameter to dyn.reference() for the others.

The snippet instance is either the dynamic data service SAP id or if the function is called via dynamic reference, the reference-id (that is, second parameter) provided in the dyn.reference() call.

This command displays dynamic service script statistics. Only non-zero values are shown.

The script statistics can be cleared with the “clear service statistics dynamic-services” command.

This command displays the global configuration summary for dynamic services:

This command displays SAP information.

This command resets the dynamic services script statistics. See also show service dynamic-services script statistics.

This command deletes all dynamic services associated with a dynamic services data trigger.

This command enables the context to configure dynamic services debugging.

This command enables the context to configure dynamic services data trigger capture SAP debugging.The no form of the command removes all dynamic services data trigger capture SAP debug configurations.

This command enables or disables the generation of dynamic services data trigger debug events, such as:

Multiple capture SAPs can be specified simultaneously.

Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.

Optionally, the debug output can be restricted to dropped data trigger events only.

This command enables the context to configure dynamic services script debugging.

This command enables/disables the generation of all dynamic data service script debugging events output: cli, errors, executed-cmd, warnings, state-change.

This command enables/disables the generation of a specific dynamic data service script debugging event output: cli.

This command enables/disables the generation of a specific dynamic data service script debugging event output: errors.

This command enables/disables the generation of a specific dynamic data service script debugging event output: executed-cmd.

This command enables/disables the generation of a specific dynamic data service script debugging event output: state-change.

This command enables/disables the generation of a specific dynamic data service script debugging event output: warnings.

This command enables the context to configure dynamic services script debugging for a specific instance.

This command enables the context to configure dynamic services script debugging for a specific script.

This command enables the context to execute dynamic services tools perform commands.

This tools command performs the execution of a dynamic service script action as if the corresponding RADIUS attributes were received from RADIUS. It is possible to setup, modify or teardown a dynamic service associated with the specified control channel.

This command displays the list of supported commands that are allowed to be used in dynamic service CLI scripts.

There are two types of CLI nodes in this list: