16.5. RADIUS Triggered Dynamic Data Services Command Reference

16.5.1. Command Hierarchies

16.5.1.1. RADIUS Triggered Dynamic Data Services Commands

config
— service
dynamic-services
dynamic-services-policy dynsrv-policy-name [create]
— no dynamic-services-policy dynsrv-policy-name
accounting-1
server-policy policy-name
— no server-policy
stats-type {time | volume-time}
— no stats-type
update-interval [hrs hours] [min minutes] [days days]
— no update-interval
update-interval-jitter absolute seconds
— no update-interval-jitter
accounting-2
server-policy policy-name
— no server-policy
stats-type {time | volume-time}
— no stats-type
update-interval [hrs hours] [min minutes] [days days]
— no update-interval
update-interval-jitter absolute seconds
— no update-interval-jitter
authentication
local-auth-db name
— no local-auth-db
password password [hash | hash2 | custom]
— no password
server-policy policy-name
— no server-policy
cli-user name
— no cli-user
description description-string
— no description
sap-limit [limit]
— no sap-limit
script-policy name
— no script-policy
local-auth-db name [create]
— no local-auth-db name
description description-string
— no description
[no] shutdown
user-name name [create]
— no user-name name
description description-string
— no description
index index [create]
— no index index
accounting {1 | 2} [create]
— no accounting {1 | 2}
stats-type {volume-time | time}
— no stats-type
update-interval [hrs hours] [min minutes] [days days]
— no update-interval
dynamic-services-policy name
— no dynamic-services-policy
sap-id sap-string
— no sap-id
script-parameters-1 param-string1
— no script-parameters-1
script-parameters-2 param-string2
— no script-parameters-2
script-parameters-3 param-string3
— no script-parameters-3
script-parameters-4 param-string4
— no script-parameters-4
[no] shutdown
service-range service-id service-id
— no service-range
timers
setup-timeout access-accept timeout
— no setup-timeout

configure
— service
— vpls service-id customer customer-id [create]
— sap sap-id capture-sap [create]
dynamic-services
dynamic-services-policy name
— no dynamic-services-policy
[no] shutdown
host-lockout-policy policy-name
— no host-lockout-policy

config
— system
— security
— password
dynsvc-password password [hash | hash2]
— no dynsvc-password
<global>
[no] enable-dynamic-services-config

16.5.1.2. Basic System Command

<global>
info

16.5.1.3. Show Commands

show
— service
dynamic-services
data-triggers [sap sap-id] [summary]
dynamic-services-policy [policy-name]
root-objects
saps [control-session acct-session-id] [port port-id] [dynsvc-policy policy-name] [summary] [sap sap-id] [svc-id service-id]
script
snippets [detail]
snippets name snippet-name [instance snippet-instance] [detail]
statistics
summary
— id service-id
dynamic-services
capture-sap [statistics] sap-id
sap-using [msap] [dyn-script] [description]

16.5.1.4. Clear Commands

clear
— service
— dynamic-services
data-trigger sap sap-id
— statistics
dynamic-services

16.5.1.5. Debug Commands

debug
[no] dynamic-services
data-triggers
— no data-triggers
capture-sap sap-id [encap-val qtag[.qtag]] [mode mode]
— no capture-sap sap-id
scripts
[no] event
[no] cli
[no] errors
[no] executed-cmd
[no] state-change
[no] warnings
instance instance
[no] event
[no] cli
[no] errors
[no] executed-cmd
[no] state-change
[no] warnings
script script
[no] event
[no] cli
[no] errors
[no] executed-cmd
[no] state-change
[no] warnings

16.5.1.6. Tools Commands

tools
— perform
— service
dynamic-services
evaluate-script sap sap-id control-session acct-session-id action script-action [dynsvc-policy name] [param-string string]
— dump
— service
dynamic-services command-list

16.5.2. RADIUS Triggered Dynamic Data Services Commands

16.5.2.1. Configuration Commands

dynamic-services

Syntax 
dynamic-services
Context 
config>service>vpls>sap
Description 

This command enables the context to configure dynamic services parameters on a capture SAP.

shutdown

Syntax 
[no] shutdown
Context 
config>service>vpls>sap>dyn-svc
Description 

This command disables or enables data-triggered dynamic services on this capture-sap.

dynamic-services

Syntax 
dynamic-services
Context 
config>service
Description 

This command enables the context to configure dynamic data services. Only available on systems with multi-core CPM (CPM3 or up).

dynamic-services-policy

Syntax 
dynamic-services-policy dynsrv-policy-name [create]
no dynamic-services-policy dynsrv-policy-name
Context 
config>service>dynsvc
Description 

This command creates a new dynamic services policy that can be used to create dynamic data services.

The no form of this command removes the dynamic services policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

Parameters 
dynsrv-policy-name—
Specifies a unique name of a dynamic services policy up to 32 characters.

accounting-1

Syntax 
accounting-1
Context 
config>service>dynsvc>policy
Description 

This command enables the context to configure the first RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.

accounting-2

Syntax 
accounting-2
Context 
config>service>dynsvc>policy
Description 

This command enables the context to configure the second RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.

server-policy

Syntax 
server-policy policy-name
no server-policy
Context 
config>service>dynsvc>acct-1
config>service>dynsvc>acct-2
Description 

This command configures the radius server policy to be used for dynamic data services RADIUS accounting.

The no form of this command removes the radius server policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

Parameters 
policy-name—
Specifies the name of the radius server policy.
Values—
Up to 32 characters maximum

 

stats-type

Syntax 
stats-type {time | volume-time}
no stats-type
Context 
config>service>dynsvc>acct-1
config>service>dynsvc>acct-2
Description 

This command configures the type of statistics to be reported in dynamic data services RADIUS accounting. A RADIUS specified Stats Type overrides the CLI configured value.

The no form of this command resets the default value.

Default 

stats-type volume-time

Parameters 
time
Only report Session-Time in the RADIUS Accounting Interim-Update and Stop message.
volume-time
Report both Session-Time and Volume counter attributes in the RADIUS. Accounting Interim-Update and Stop messages.

update-interval

Syntax 
update-interval [hrs hours] [min minutes] [days days]
no update-interval
Context 
config>service>dynsvc>acct-1
config>service>dynsvc>acct-2
Description 

This command specifies the interval between each RADIUS Accounting Interim-Update message (minimum 5 minutes; maximum 180 days).

The no form of this command disables the sending of Accounting Interim-Update messages.

A RADIUS specified Accounting Interim Interval overrides the CLI configured value.

Default 

no update-interval (do not send Accounting Interim-Update messages)

Parameters 
hrs—
specifies the interval in hours.
Values—
1 to 23

 

min—
Specifies the interval in minutes.
Values—
1 to 59

 

days—
specifies the interval in days.
Values—
1 to 180

 

update-interval-jitter

Syntax 
update-interval-jitter absolute seconds
no update-interval-jitter
Context 
config>service>dynsvc>acct-1
config>service>dynsvc>acct-2
Description 

This command specifies the absolute maximum random delay introduced on the update interval between two RADIUS Accounting Interim Update messages. The effective maximum random delay value is the minimum of the configured absolute jitter value and 10% of the configured update-interval.

A value of zero sends the accounting interim update message without introducing an additional random delay.

The no form of this command sets the default to 10% of the configured update-interval.

Default 

no update-interval-jitter (10% of the configured update-interval)

Parameters 
seconds—
Specifies the absolute maximum jitter value in seconds.
Values—
0 to 3600

 

authentication

Syntax 
authentication
Context 
config>service>dynsvc>policy
Description 

This command enables the context to configure authentication parameters for data-triggered dynamic services.

local-auth-db

Syntax 
local-auth-db name
no local-auth-db
Context 
config>service>dynsvc>policy>auth
Description 

This command configures the local authentication database to be used for local authentication of data-triggered dynamic services.

Local authentication and RADIUS authentication are mutually exclusive.

The no form of this command removes the local authentication database from the configuration and disables local authentication.

Parameters 
name—
local authentication database name, up to 32 characters.

password

Syntax 
password password [hash | hash2 | custom]
no password
Context 
config>service>dynsvc>policy>authentication
Description 

This command configures the password to be used for RADIUS authentication of data-triggered dynamic services.The no form of this command removes the password from the configuration.

Parameters 
password—
Specifies the password that is used in RADIUS authentication of a data-triggered dynamic service. The maximum length is 20 characters if unhashed, 32 characters if hashed, and 54 characters if the hash2 keyword is specified.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

server-policy

Syntax 
server-policy policy-name
no server-policy
Context 
config>service>dynsvc>policy>authentication
Description 

This command configures the RADIUS server policy to be used for RADIUS authentication of data-triggered dynamic services.

Local authentication and RADIUS authentication are mutually exclusive.

The no form of this command removes the server policy from the configuration and disables RADIUS authentication.

Parameters 
policy-name—
Specifies a RADIUS server policy name, up to 32 characters.

local-auth-db

Syntax 
local-auth-db name [create]
no local-auth-db name
Context 
config>service>dynsvc
Description 

This command creates a local authentication database that can be used for local authentication of data-triggered dynamic services.The no form of this command removes the local authentication database from the configuration.

Parameters 
name—
Specifies a local authentication database name, up to 32 characters.

shutdown

Syntax 
[no] shutdown
Context 
config>service>dynsvc>ladb
Description 

This command disables or enables the local authentication database. When disabled, the database cannot be used for authentication.

user-name

Syntax 
user-name name [create]
no user-name name
Context 
config>service>dynsvc>ladb
Description 

This command creates a user name entry in the local authentication database. The user name entry is used to match with the user name of a local authenticated dynamic service data trigger. The user name of a dynamic service data trigger is fixed to the sap-id. When matched, the corresponding authentication data is used to set up the dynamic data services.The no form of this command removes the user name entry from the local authentication database configuration.

Parameters 
name—
Specifies the user name entry name, up to 64 characters.

shutdown

Syntax 
[no] shutdown
Context 
config>service>dynsvc>ladb>user
Description 

This command disables or enables a user name entry in the local authentication database. When disabled, the entry is not matched.

index

Syntax 
index index [create]
no index index
Context 
config>service>dynsvc>ladb>user
Description 

This command creates an index entry containing authentication data for a dynamic service SAP. Up to 32 indexes can be created per user name entry, representing up to 32 dynamic service SAPs that can be instantiated with a single dynamic service data trigger. One of the dynamic service SAPs must be the data trigger SAP.The no form of this command removes the index entry from the user name entry in the local authentication database configuration.

Parameters 
index—
Specifies the index entry identifier.
Values—
1 to 32

 

accounting

Syntax 
accounting {1 | 2} [create]
no accounting {1 | 2}
Context 
config>service>dynsvc>ladb>user>idx
Description 

This command creates a context for one of the two accounting destinations specified in the dynamic services policy. In this context, overrides of RADIUS accounting parameters can be specified.The no form of this command removes the RADIUS accounting overrides context from the configuration.

Parameters 
{1 | 2}—
Indicates one of the two RADIUS accounting destinations.

stats-type

Syntax 
stats-type {volume-time | time}
no stats-type
Context 
config>service>dynsvc>ladb>user>idx>acct
Description 

This command specifies whether dynamic service accounting should be enabled or disabled for this destination. RADIUS accounting is enabled by specifying the stats type: volume and time or time only. This command overrides the local configured value in the dynamic services policy.The no form of this command disables RADIUS accounting (stats-type off).

Parameters 
volume-time | time —
Enables RADIUS accounting for this dynamic service and specifies if volume counters should be included (volume-time) or time only (time) in the RADIUS accounting messages.

update-interval

Syntax 
update-interval [hrs hours] [min minutes] [days days]
no update-interval
Context 
config>service>dynsvc>ladb>user>idx>acct
Description 

This command specifies the time between each dynamic data service accounting interim update for this accounting destination. This command overrides the local configured value in the dynamic services policy.

The no form of this command disables the generation of interim accounting updates to this destination.

The minimum update interval is 5 minutes.

Parameters 
hours—
Specifies the interval in hours.
Values—
1 to 23

 

minutes—
Specifies the interval in minutes.
Values—
1 to 59

 

days—
Specifies the interval in days.
Values—
1 to 180

 

dynamic-services-policy

Syntax 
dynamic-services-policy name
no dynamic-services-policy
Context 
config>service>dynsvc>ladb>user>idx
config>service>vpls>sap>dyn-svc
Description 

This command specifies the local configured dynamic data service policy to use for provisioning (local authentication database context) or authentication (capture-sap context) of this dynamic service. If not specified, the dynamic services policy with the name default is used. If the default policy does not exist, then the dynamic data service setup or authentication fails.The no form of this command removes the dynamic services policy from the configuration.

Parameters 
name—
Specifies a dynamic services policy name, up to 32 characters.

host-lockout-policy

Syntax 
host-lockout-policy policy-name
no host-lockout-policy
Context 
config>service>vpls>sap
Description 

This command selects an existing host lockout policy. The host-lockout-policy policy-name is created in the config>subscr-mgmt context.

The no form of this command removes the policy name from the SAP configuration.

Parameters 
policy-name—
Specifies an existing host lockout policy, up to 32 characters, to associate with the SAP.

sap-id

Syntax 
sap-id sap-string
no sap-id
Context 
config>service>dynsvc>ladb>user>idx
Description 

This command specifies the dynamic data service SAP that is created. A dynamic service SAP ID uniquely identifies a dynamic data service instance. For a local authenticated dynamic service data trigger, one of the dynamic service SAP IDs must be the data trigger SAP.The no form of this command removes the sap-id from the configuration.

Parameters 
sap-string—
Specifies a string representing the dynamic service SAP ID (only SAPs on Ethernet ports and LAGs are valid), up to 64 characters.

script-parameters-1

Syntax 
script-parameters-1 param-string1
no script-parameters-1
Context 
config>service>dynsvc>ladb>user>idx
Description 

This command specifies the first part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes script-parameters-1 from the configuration.

Parameters 
param-string1—
Specifies a string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

script-parameters-2

Syntax 
script-parameters-2 param-string2
no script-parameters-2
Context 
config>service>dynsvc>ladb>user>idx
Description 

This command specifies the second part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes the script-parameters-2 from the configuration.

Parameters 
param-string2—
Specifies a string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

script-parameters-3

Syntax 
script-parameters-3 param-string3
no script-parameters-3
Context 
config>service>dynsvc>ladb>user>idx
Description 

This command specifies the third part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes the script-parameters-3 from the configuration.

Parameters 
param-string3—
Specifies string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

script-parameters-4

Syntax 
script-parameters-4 param-string4
no script-parameters-4
Context 
config>service>dynsvc>ladb>user>idx
Description 

This command specifies the fourth part of parameters as input to the dynamic data service Python script. The concatenation of all four script-parameters strings are passed to the Python script and must be formatted as function-key <dictionary>. The function-key specifies which Python functions is called, and <dictionary> contains the actual parameters in a Python dictionary structure format. The no form of this command removes the script-parameters-4 from the configuration.

Parameters 
param-string4—
Specifies a string representing parameters that are used as input for the dynamic service Python script, up to 250 characters.

cli-user

Syntax 
cli-user name
no cli-user
Context 
config>service>dynsvc>policy
Description 

This command specifies the CLI user to be used to execute the dynamic data services CLI scripts. With the specified user’s profile, it is possible to further restrict the internal list of allowed commands to be executed via dynamic data service CLI scripts.

The no form of this command sets the CLI user to an internal user with all configuration rights.

Parameters 
name—
Specifies the CLI user name that must exist in the >config>system>security CLI context.

description

Syntax 
description description-string
no description
Context 
config>service>dynsvc>policy
config>service>dynsvc>ladb
config>service>dynsvc>ladb>user
Description 

This command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Parameters 
description-string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

sap-limit

Syntax 
sap-limit [limit]
no sap-limit
Context 
config>service>dynsvc>policy
Description 

This command specifies a limit for the number of dynamic data service instances (SAPs) that can be setup simultaneously using a given dynamic services policy.

A value of zero (0) means the policy is drained: existing dynamic data services can be modified and torn down but no new dynamic data services can be setup.

Default 

sap-limit 1

Parameters 
limit
Specifies the number of dynamic data service SAPs that can be setup simultaneously using this dynamic services policy.
Values—
0 to 131072

 

script-policy

Syntax 
script-policy name
no script-policy
Context 
config>service>dynsvc>policy
Description 

This command specifies the radius script policy to be used to setup the dynamic data services. The script-policy configuration cannot be changed when there are active dynamic data services referencing the policy.

The no form of this command removes the script-policy from the configuration. This is only allowed when there are no active dynamic data services referencing this policy.

Parameters 
name—
Specifies the RADIUS script policy name.

service-range

Syntax 
service-range service-id service-id
no service-range
Context 
config>service>dynsvc
Description 

This command specifies the service ID range that is reserved for dynamic data service creation. The range cannot overlap with existing static configured services. Once configured with active dynamic services in the range, the service range can only be extended at the end.

The no form of this command removes the service-range from the configuration. This is only allowed when there are no active dynamic data services.

When no service-range is specified, the setup of dynamic data services fails.

Parameters 
service-id—
Specifies the start and end service IDs to define the service range for dynamic services.
Values—
1 to 2147483647

 

timers

Syntax 
timers
Context 
config>service>dynsvc
Description 

This command enables the context to configure dynamic data services related timers.

setup-timeout

Syntax 
setup-timeout access-accept timeout
no setup-timeout
Context 
config>service>dynsvc>timers
Description 

This command specifies the time that dynamic data services setup requests from a RADIUS Access-Accept are hold in an internal work queue waiting to be processed. If after the timeout, the dynamic data service setup request is still in the queue (meaning it is not setup), then the dynamic service setup request is removed from the queue and the setup fails.

The no form of this command reverts to the default value of 30 seconds.

Default 

no setup-timeout

Parameters 
timeout—
Specifies the setup-timeout, in seconds, for setup requests of dynamic services received via Access-Accept.
Values—
2 to 3600

 

dynsvc-password

Syntax 
dynsvc-password password [hash | hash2]
no dynsvc-password
Context 
config>system>security>password
Description 
Note:

See also the description for the enable-dynamic-services-config command.

This command allows a user with admin permissions to configure a system wide password which enables a user to enter a special dynamic services configuration mode.

The minimum length of the password is determined by the minimum-length command. The complexity requirements for the password are determined by the complexity command.

The no form of this command removes the dynsvc password from the configuration.

Parameters 
password—
Configures the password which enables a user to enter a special dynamic services configuration mode. The maximum length can be up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

enable-dynamic-services-config

Syntax 
[no] enable-dynamic-services-config
Context 
<global>
Description 
Note:

See also the description for the dynsvc-password command.

If the dynsvc-password is configured in the config>system>security>password context, then any user can enter a special dynamic services configuration mode by entering the enable-dynamic-services-config command.

The enable-dynamic-services-config command is not in the default profile. To give access to this command, the user must belong to the administrative profile or a new profile should be created.

Once the enable-dynamic-services-config command is entered, the user is prompted for a password. If the password matches, the user is given access to the dynamic services configuration. Access to static configuration is in this case prohibited.

To verify that a user is in the enable-dynamic-services-config mode, use the show users command. Users in the enable-dynamic-services-config mode lists the letter “D” next to the user’s CLI session.

The no form of this command disables the dynamic services configuration mode for this user.

16.5.2.2. Basic System Command

info

Syntax 
info [detail] [objective]
Context 
any configuration context
Description 

This command displays the running configuration for the configuration context where it is entered and all branches below that context level.

By default, the command only enters the configuration parameters that vary from the default values.

The detail keyword causes all configuration parameters to be displayed. The include-dynamic objective keyword includes configuration parameters from dynamic sources such as VSD or dynamic data services Python scripts. These dynamic configuration parameters are not saved in the configuration file.

Parameters 
detail—
Displays all configuration parameters including parameters at their default values.
objective—
Provides an output objective that controls the configuration parameters to be displayed.
Values—
include-dynamic: includes configuration parameters from dynamic sources such as VSD or dynamic data services Python scripts.

 

16.5.2.3. Show Commands

dynamic-services

Syntax 
dynamic-services
Context 
show>service
show>service>id
Description 

This command enables the context to show dynamic services information.

data-triggers

Syntax 
data-triggers [sap sap-id] [summary]
Context 
show>service>dynsvc
Description 

This command displays the active dynamic services data trigger details.

Parameters 
sap-id—
Specifies the dynamic services SAP for which the details are shown.
summary—
Limits the output to one line per data trigger SAP.
Output 

The following output is an example of data trigger information.

Sample Output
# show service dynamic-services data-triggers
===============================================================================
Dynamic Services Data-triggers
===============================================================================
SAP                         : 1/1/4:1214.101
-------------------------------------------------------------------------------
Acct session-ID             : 144DFF0000009156A24138
MAC                         : 00:51:00:dd:01:01
IP                          :
State                       : sapCreated
-------------------------------------------------------------------------------
No. of Data-triggers: 1
=============================================================================== 

Table 180 describes data trigger fields.

Table 180:  Data Trigger Field Descriptions  

Output field

Description

Acct session-ID

The RADIUS accounting session ID for this dynamic services data trigger. This accounting session ID is used as an accounting multi-session ID in RADIUS accounting for the associated dynamic services. It can also be used as a key in CoA or Disconnect Messages to set up or terminate associated dynamic services.

MAC

The MAC address learned to set up this dynamic service data trigger. The MAC address is included in the Access-Request message for RADIUS authentication.

IP

The IPv4 or IPv6 address learned to set up this dynamic service data trigger. If the data trigger packet was not an IP packet, then this field is empty. When available, the IP address is included in the RADIUS authentication and accounting messages.

State

The current state of the dynamic service data trigger:

Pending—(initial state) data trigger received and authentication started

Accepted—(transient state) authentication succeeded; dynsvc script started but not yet completed

sapCreated—(final state) corresponding dynamic services sap created

dynamic-services-policy

Syntax 
dynamic-services-policy [policy-name]
Context 
show>service>dynsvc
Description 

This command displays the dynamic services policy information.

Parameters 
policy-name—
specifies for which dynamic services policy the information is requested.
Output 

The following output is an example of dynamic service policy information.

Sample Output
# show service dynamic-services dynamic-services-policy "dynsvc-policy-1" 
===============================================================================
Dynamic Service Policies
===============================================================================
Dynamic Service Policy      : dynsvc-policy-1
-------------------------------------------------------------------------------
cli-user                    : (Not Specified)
description                 : Dynamic Services Policy 1
script-policy               : script-policy-5
sap-limit                   : 2000
 
Accounting instance 1
Stats type                  : volume-time
server policy               : aaa-server-policy-1
Update interval (minutes)   : 30
Update interval jitter      : 180s
 
Accounting instance 2
Stats type                  : time
server policy               : aaa-server-policy-2
Update interval (minutes)   : 0
Update interval jitter      : 10%
-------------------------------------------------------------------------------
No. of Services-policies: 1
=============================================================================== 
 

Table 181 describes the Dynamic Services policy fields.

Table 181:  Dynamic Services Policy Field Descriptions  

Output Field

Description

dynsrv-policy-name

The unique name of a dynamic services policy, up to 32 characters.

cli-user

The identifier name of the CLI user associated with this Dynamic Services policy.

script-policy

The identifier name of the script policy associated with this Dynamic Services policy.

sap-limit

The limit of the number of SAPs (Service Access Point) that can be created using this Dynamic Services policy.

Stats type

The value used to identify the type of accounting statistics gathered, either volume-time or time.

server policy

The identifier name of a RADIUS server policy to be used for accounting.

update interval (minutes)

The time interval between consecutive accounting updates when using this Dynamic Services policy.

update interval jitter

The amount of jitter to be applied on the update interval.

No. of Services-policies

The total number Dynamic Services policies.

capture-sap

Syntax 
capture-sap [statistics] sap-id
Context 
show>service>id>dynsvc
Description 

This command displays the status and statistics of a dynamic services capture. Statistics include counters for the number of data triggers received and data trigger drop reasons.

Parameters 
sap-id—
Specifies the dynamic services capture SAP.
statistics—
Displays data trigger receive and drop reason counters for this dynamic services capture SAP.
Output 

The following output is an example of capture SAP information.

Sample Output
# show service id 10 dynamic-services capture-sap 1/1/1:10.* 
===============================================================================
Dynamic Services Capture SAP 1/1/1:10.*
===============================================================================
Dynamic services policy      : dyn-svc-1
Administrative state         : in-service
-------------------------------------------------------------------------------
Last Mgmt Change             : 01/20/2016 12:54:06
===============================================================================
# show service id 10 dynamic-services capture-sap 1/1/1:10.*  statistics
===============================================================================
Dynamic Services Capture SAP 1/1/1:10.* Statistics
===============================================================================
Data packets received by SAP                               : 0
-------------------------------------------------------------------------------
Drop Reason Counters
-------------------------------------------------------------------------------
No policy configured at capture SAP level                  : 0
No authentication configured in policy                     : 0
Data-trigger already exists                                : 0
Lockout is active                                          : 0
Reached data-trigger system limit                          : 0
No memory available                                        : 0
Unsuccessful authentication                                : 0
No data-trigger SAP-id in authentication                   : 0
Corresponding dynamic SAP is not created                   : 0
===============================================================================

Table 182 describes the Capture SAP policy fields.

Table 182:  Capture SAP Field Descriptions  

Counter

Description

Data packets received by SAP

The number of dynamic service data triggers received on the capture SAP that reached the CPM.

No policy configured at capture SAP level

There is no dynamic-services-policy configured at the capture SAP. This is required to determine the authentication destination.

No authentication configured in policy

The authentication section in the specified in dynamic services policy is missing or incomplete.

Data-trigger already exists

A new data trigger frame is received for an existing data trigger that is authenticated, but the corresponding dynamic SAP is not yet created. The new data trigger packet is dropped.

Lockout is active

The data trigger for this managed SAP is currently in a lockout state due to previous authentication failures.

Reached data-trigger system limit

The maximum number of dynamic service data triggers supported on the system is reached. Additional data triggers are dropped.

No memory available

There is not enough system memory available to process the data trigger.

Unsuccessful authentication

The authentication for a data trigger on this capture SAP failed or timed out.

No data-trigger SAP-id in authentication

The dynamic services data trigger SAP ID is not provided in authentication. This is a mandatory parameter.

Corresponding dynamic SAP is not created

The data trigger successfully authenticated but the corresponding dynamic SAP was not created. This is typically caused by a dynamic services script error.

root-objects

Syntax 
root-objects
Context 
show>service>dynsvc
Description 

This command displays the root objects created by dynamic data services.

Output 

The following output is an example of dynamic services root object information.

Sample Output
# show service dynamic-services root-objects 
===============================================================================
Dynamic Service Root Objects
===============================================================================
OID prefix                  : svcRowStatus
OID index                   : .100000
Snippet name                : vprn
Snippet instance            : VRF-1
Orphan time                 : N/A
-------------------------------------------------------------------------------
No. of Root Objects: 1
=============================================================================== 
 

Table 183 describes the Root Objects fields.

Table 183:  Root Objects Field Descriptions  

Output field

Description

OID prefix

The corresponding SNMP OID prefix for this root object.

OID index

The corresponding SNMP OID index for this root object.

Snippet name

The name of the python function that created this root object. The name is set to N/A when the root-object is orphaned.

Snippet instance

The instance for which the python function with “Snippet name” created this root object. If the snippet is a result from a dynamic reference, then the snippet instance is the reference-id string passed in the dyn.reference(). If the snippet is not the result from a dynamic reference, then the snippet instance is the dynamic data service SAP-ID. The instance is set to N/A when the root object is orphaned.

Orphan time

The timestamp when the root-object became orphaned (root-object not deleted when corresponding teardown function is called) or N/A if the root-object is not orphaned.

saps

Syntax 
saps [control-session acct-session-id] [port port-id] [dynsvc-policy policy-name] [summary] [sap sap-id] [svc-id service-id]
Context 
show>service>dynsvc
Description 

This command displays Dynamic Services SAPs (instances) details.

Parameters 
summary—
Displays a summary view only.
acct-session-id
Specifies control session accounting session id.
port-id
Specifies Ethernet port.
policy-name
Specifies dynamic services policy.
sap sap-id—
Specifies dynamic services SAP id.
service-id
The service ID of the dynamic service.
Output 

The following output is an example of dynamic service SAP information.

Sample Output
# show service dynamic-services saps 
===============================================================================
Dynamic Services SAP's
===============================================================================
SAP                         : 1/1/1:1.901
-------------------------------------------------------------------------------
Acct session-ID             : 242FFF000001AE512CE4B6
Acct session-ID control     : 242FFF000001AB512CE4B6
Service                     : [100000]
Dynamic Services policy     : dynsvc-policy-1
Number of scripts executed  : 1
Number of scripts w success : 1
Last script action          : setup
Time of last script action  : 2013/02/26 16:37:10
Parameters of last action   : vprn_1={'t':('VRF-1',65000,1000,'cpe-int-1','192.
                            : 168.20.1/24','2001:db8:cafe::1/64',901,901,910,92
                            : 0,'192.168.20.0/24','192.168.20.2')}
 
Accounting instance 1
Status                      : enabled
Stats type                  : volume-time
Update interval (minutes)   : 30
 
Accounting instance 2
Status                      : enabled
Stats type                  : time
Update interval (minutes)   : 0
 
-------------------------------------------------------------------------------
No. of SAP's: 1
===============================================================================
 
 
# show service dynamic-services saps summary 
===============================================================================
Dynamic Services SAP's summary
===============================================================================
SAP                            Acct-Session-ID        Acct-Session-ID-Ctrl   
-------------------------------------------------------------------------------
1/1/1:1.901                    242FFF000001AE512CE4B6 242FFF000001AB512CE4B6  
-------------------------------------------------------------------------------
No. of SAP's: 1
===============================================================================
 

Table 184 describes Dynamic Services SAP fields.

Table 184:  Dynamic Services SAP Field Descriptions 

Output field

Description

SAP

The dynamic service SAP ID.

Acct session-ID

The dynamic service accounting session ID.

Acct session-ID control

The control channel accounting session ID.

Service

The dynamic service ID.

Dynamic Services policy

The policy referenced to setup the dynamic service.

Number of scripts executed

The number of times the script was executed for this dynamic service (setup, modify, revert or teardown).

Number of scripts w success

The number of times the script was executed successfully for this dynamic service.

Last script action

The setup, modify, revert, teardown.

Time of last script action

The timestamp of the last script action.

Parameters of last action

The content of the Dynamic Services Script Parameters attribute corresponding with the last action.

Status

RADIUS accounting is enabled or disabled.

Stats type

The type of statistics reported in accounting.

Update interval (minutes)

The time, in minutes, between Accounting Interim Update messages.

script

Syntax 
script
Context 
show>service>dynsvc
Description 

This command enables the context to show dynamic services script information.

snippets

Syntax 
snippets [detail]
snippets name snippet-name [instance snippet-instance] [detail]
Context 
show>service>dynsvc>script
Description 

This command displays the dynamic services snippets information. A snippet is the name of a set of Python functions to create, modify or destroy configuration; for example: a snippet called 'vprn' to create, modify, or destroy VPRN services.

The CLI output generated by a single dynamic service python function call is a snippet instance.

Parameters 
detail—
Displays dynamic services snippet information.
snippet-name
Specifies the snippet name.
snippet-instance
Specifies the snippet instance.
Output 

The following output show examples of dynamic service snippets.

Sample Output
# show service dynamic-services script snippets 
===============================================================================
Dynamic Services Snippets
===============================================================================
Name                       Instance                      Ref-count  Dict-len
-------------------------------------------------------------------------------
vprn                       VRF-1                         1          75
vprn_1                     1/1/1:1.901                   0          190
-------------------------------------------------------------------------------
No. of Snippets: 2
===============================================================================
 
 
# show service dynamic-services script snippets detail 
===============================================================================
Dynamic Service Snippets
===============================================================================
Snippet            : vprn:VRF-1
-------------------------------------------------------------------------------
reference-count    : 1
dictionary-length  : 75
 
Root-object
-----------
oid                : svcRowStatus.100000
 
Reserved-id
-----------
id                 : service-id:100000
-------------------------------------------------------------------------------
Snippet            : vprn_1:1/1/1:1.901
-------------------------------------------------------------------------------
reference-count    : 0
dictionary-length  : 190
 
Referenced-snippet
------------------
snippet            : vprn:VRF-1
-------------------------------------------------------------------------------
No. of Snippets: 2
===============================================================================
 

Table 185 describes snippets fields.

Table 185:  Snippets Field Descriptions   

Output field

Description

Name

The snippet name.

Instance

The snippet instance.

Ref-count

reference-count

The number of times this snippet is referenced by other snippets.

Dict-len

dictionary-length

The length of the python dictionary stored for this snippet.

Root-object

The object created by a Dynamic Service of which the parent is not created by a Dynamic Service.

statistics

Syntax 
statistics
Context 
show>service>dynsvc>script
Description 

This command displays dynamic service script statistics. Only non-zero values are shown.

The script statistics can be cleared with the “clear service statistics dynamic-services” command.

Output 

The following output is an example of Dynamic Services script statistics information.

Sample Output
# show service dynamic-services script statistics 
===============================================================================
Dynamic Services Script Statistics
===============================================================================
Description                                                         Counter
-------------------------------------------------------------------------------
python scripts with 0 retries due to timeout                        46
setup    - jobs launched                                            16
setup    - jobs handled                                             16
setup    - success                                                  13
setup    - syntax error                                             1
setup    - execution failed                                         2
teardown - jobs launched                                            15
teardown - jobs handled                                             15
teardown - success                                                  14
teardown - syntax error                                             1
-------------------------------------------------------------------------------
No. of Script Statistics: 10
-------------------------------------------------------------------------------
Last Cleared Time: 02/26/2013 09:59:07
=============================================================================== 

Table 186 describes Dynamic Services script statistics fields.

Table 186:    

Output field

Description

Description

The name of the script.

Counter

The number of times the script executed.

python scripts with 0 retries due to timeout

The number of retries due to timeouts.

setup

The setup script action.

jobs launched — The number of times the setup jobs launched.

jobs handled — The number of times the setup jobs were handled.

success — The number of times the setup jobs were successful.

syntax error — The number of setup syntax errors.

execution failed — The number of times the setup failed.

teardown

The teardown script action.

jobs launched — The number of times the teardown jobs launched.

jobs handled — The number of times the teardown jobs were handled.

success — The number of times the teardown jobs were successful.

syntax error — The number of teardown syntax errors.

summary

Syntax 
summary
Context 
show>service>dynsvc
Description 

This command displays the global configuration summary for dynamic services:

  1. Service range
  2. Timers
Output 

The following output displays dynamic service summary information.

Sample Output
# show service dynamic-services summary 
===============================================================================
Dynamic Services Summary
===============================================================================
range start                 : 100000
range end                   : 200001
setup timeout Access Accept : 30
===============================================================================
 

Table 187 describes Dynamic Services summary fields.

Table 187:  Dynamic Services Summary Field Descriptions  

Output field

Description

range start

The start service ID to define the service range for dynamic services.

range end

The start and end service ID to define the service range for dynamic services.

setup timeout Access Accept

The timeout, in seconds, after which a script is canceled for setup actions received via RADIUS Access-Accept messages.

sap-using

Syntax 
sap-using [msap] [dyn-script] [description]
Context 
show>service
Description 

This command displays SAP information.

Parameters 
dyn-script—
Displays dynamic service SAPs information.
Output 

The following output displays information about SAPs using Dynamic Scripts.

Sample Output
# show service sap-using dyn-script 
===============================================================================
Service Access Points 
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr        
-------------------------------------------------------------------------------
[1/1/1:1.901]                   [100000]   901   ip4     901   ip4    Up   Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
Number of Dynamic Service SAPs : 1, indicated by [<sap-id>] [<svc-id>]
-------------------------------------------------------------------------------
===============================================================================
 
 
# show service sap-using dyn-script description 
===============================================================================
Service Access Points 
===============================================================================
PortId                             SvcId        Adm  Opr  Description
-------------------------------------------------------------------------------
[1/1/1:1.901]                      [100000]     Up   Up   This is a dynamic
                                                          service SAP
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
Number of Dynamic Service SAPs : 1, indicated by [<sap-id>] [<svc-id>]
-------------------------------------------------------------------------------
===============================================================================

Table 188 describes SAP using Dynamic Scripts fields.

Table 188:  SAPs Using Dynamic Scripts Fields  

Output field

Description

PortID

The Ethernet port.

SvcId

The service ID of the dynamic service.

Ing QoS

The ingress QoS policy ID.

Ingr Fltr

The ingress filter ID.

Egr Qos

The egress QoS policy ID.

Egr Fltr

The egress filter ID.

Adm

The administrative state of the SAP.

Opr

The operational state of the SAP.

Description

The text string describing the SAP.

Number of SAPs

The number of SAPs matching in the show criteria.

Number of Dynamic Services SAPs

The number of Dynamic Service SAPs matching in the show criteria.

16.5.2.4. Clear Commands

dynamic-services

Syntax 
dynamic-services
Context 
clear>service>stats
Description 

This command resets the dynamic services script statistics. See also show service dynamic-services script statistics.

data-trigger

Syntax 
data-trigger sap sap-id
Context 
clear>service>dynsvc
Description 

This command deletes all dynamic services associated with a dynamic services data trigger.

Parameters 
sap-id —
Specifies the dynamic services data trigger SAP to delete.

16.5.2.5. Debug Commands

dynamic-services

Syntax 
[no] dynamic-services
Context 
debug
Description 

This command enables the context to configure dynamic services debugging.

data-triggers

Syntax 
[no] data-triggers
Context 
debug>dynsvc
Description 

This command enables the context to configure dynamic services data trigger capture SAP debugging.The no form of this command removes all dynamic services data trigger capture SAP debug configurations.

capture-sap

Syntax 
capture-sap sap-id [encap-val qtag[.qtag]] [mode mode]
no capture-sap sap-id
Context 
debug>dynsvc>data-triggers
Description 

This command enables or disables the generation of dynamic services data trigger debug events, such as:

  1. data trigger received
  2. authentication
  3. data trigger SAP created
  4. dynamic service SAP created
  5. dropped data trigger with drop reason such as data trigger exists or lockout active.

Multiple capture SAPs can be specified simultaneously.

Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.

Optionally, the debug output can be restricted to dropped data trigger events only.

Parameters 
sap-id —
Specifies the dynamic services data trigger capture SAP for which debug events should be logged.
encap-val qtag[.qtag]—
Optionally restrict the debug output to data trigger events with the specified encapsulation.
Values—
1 to 4094

 

mode—
Optionally restrict the debug output to specific events.
Values—
all—log all data trigger eventsdropped-only—log only dropped data trigger events

 

scripts

Syntax 
scripts
Context 
debug>dynsvc
Description 

This command enables the context to configure dynamic services script debugging.

event

Syntax 
[no] event
Context 
debug>dynsvc>scripts
debug>dynsvc>scripts>inst
debug>dynsvc>scripts>script
Description 

This command enables/disables the generation of all dynamic data service script debugging events output: cli, errors, executed-cmd, warnings, state-change.

cli

Syntax 
[no] cli
Context 
debug>dynsvc>scripts>event
debug>dynsvc>scripts>inst>event
debug>dynsvc>scripts>script>event
Description 

This command enables/disables the generation of a specific dynamic data service script debugging event output: cli.

errors

Syntax 
[no] errors
Context 
debug>dynsvc>scripts>event
debug>dynsvc>scripts>inst>event
debug>dynsvc>scripts>script>event
Description 

This command enables/disables the generation of a specific dynamic data service script debugging event output: errors.

executed-cmd

Syntax 
[no] executed-cmd
Context 
debug>dynsvc>scripts>event
debug>dynsvc>scripts>inst>event
debug>dynsvc>scripts>script>event
Description 

This command enables/disables the generation of a specific dynamic data service script debugging event output: executed-cmd.

state-change

Syntax 
[no] state-change
Context 
debug>dynsvc>scripts>event
debug>dynsvc>scripts>inst>event
debug>dynsvc>scripts>script>event
Description 

This command enables/disables the generation of a specific dynamic data service script debugging event output: state-change.

warnings

Syntax 
[no] warnings
Context 
debug>dynsvc>scripts>event
debug>dynsvc>scripts>inst>event
debug>dynsvc>scripts>script>event
Description 

This command enables/disables the generation of a specific dynamic data service script debugging event output: warnings.

instance

Syntax 
instance instance
Context 
debug>dynsvc>scripts
Description 

This command enables the context to configure dynamic services script debugging for a specific instance.

Parameters 
instance—
Specifies the instance name.

script

Syntax 
script script
Context 
debug>dynsvc>scripts
Description 

This command enables the context to configure dynamic services script debugging for a specific script.

Parameters 
script—
Specifies the script name.

16.5.2.6. Tools Commands

dynamic-services

Syntax 
dynamic-services
Context 
tools>perform>service
Description 

This command enables the context to execute dynamic services tools perform commands.

evaluate-script

Syntax 
evaluate-script sap sap-id control-session acct-session-id action script-action [dynsvc-policy name] [param-string string]
Context 
tools>perform>service>dynamic-services
Description 

This tools command performs the execution of a dynamic service script action as if the corresponding RADIUS attributes were received from RADIUS. It is possible to setup, modify or teardown a dynamic service associated with the specified control channel.

Parameters 
sap sap-id—
specifies the dynamic service SAP id.
control-session acct-session-id
Specifies the accounting session id of the control channel associated with this dynamic service.
action script-action
Specifies the requested action: setup, modify or teardown.
dynsvc-policy name
Specifies the dynamic services policy to use for this action. Mandatory parameter for setup and modify actions. In case of a modify action, the dynamic services policy must be the same as the policy used at setup.
param-string string
Specifies the dynamic service parameter list. Mandatory parameter for setup and modify actions.

dynamic-services command-list

Syntax 
dynamic-services command-list
Context 
tools>dump>service
Description 

This command displays the list of supported commands that can be used in dynamic service CLI scripts.

There are two types of CLI nodes in this list:

  1. Pass through nodes: navigation is allowed but attributes creation or attribute changes are prohibited in this node.
  2. Allowed nodes: navigation, attribute creation and attribute changes are allowed in this node.