Subscriber Traffic Redirection

64  Download (0)

Full text

(1)
(2)

Copyright © 2012, Juniper Networks, Inc. All rights reserved.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Subscriber Traffic Redirection

Copyright © 2012, Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at

(3)

Table of Contents

About the Documentation . . . ix

Documentation and Release Notes . . . ix

Supported Platforms . . . ix

Documentation Conventions . . . ix

Documentation Conventions . . . x

Documentation Feedback . . . xi

Requesting Technical Support . . . xii

Self-Help Online Tools and Resources . . . xii

Opening a Case with JTAC . . . xiii

Part 1

Overview

Chapter 1 Software Features Overview . . . 3

Traffic Redirection Overview . . . 3

Proxy Request Management . . . 3

HTTP Proxy and DNS . . . 4

Protection Against Denial-of-Service Attacks . . . 5

Redirect Server Redundancy . . . 5

Part 2

Configuration

Chapter 2 Configuration Tasks . . . 9

Before You Configure the Redirect Server on a C Series Controller . . . 10

Configuring the Redirect Server (SRC CLI) . . . 10

Configuring the Redirect Server (C-Web Interface) . . . 11

Configuring General Properties for the Redirect Server (SRC CLI) . . . 12

Configuring General Properties for the Redirect Server (C-Web Interface) . . . 13

Configuring a Connection Between the Redirect Server and the Directory (SRC CLI) . . . 14

Configuring a Connection Between the Redirect Server and the Directory (C-Web Interface) . . . 15

Defining Traffic to Transmit to the Redirect Server (SRC CLI) . . . 15

Defining Traffic to Transmit to the Redirect Server (C-Web Interface) . . . 16

Changing the Number of Requests That the Redirect Server Accepts (SRC CLI) . . . 16

Changing the Number of Requests That the Redirect Server Accepts (C-Web Interface) . . . 17

Specifying Extensions for Files That the Redirect Server Accepts (SRC CLI) . . . 18

(4)

Configuring the DNS Server for the Redirect Server (C-Web Interface) . . . 21

Configuring the Redirect Server to Support HTTP Proxies (SRC CLI) . . . 21

Configuring the Redirect Server to Support HTTP Proxies (C-Web Interface) . . . 22

Before You Configure Redundancy for a Redirect Server . . . 23

Configuring a Redundant Redirect Server (SRC CLI) . . . 23

Configuring a Redundant Redirect Server (C-Web Interface) . . . 25

Configuring Logging for the Redirect Server . . . 25

Enabling the Redirect Server . . . 25

Changing the Configuration for the Redirect Server . . . 26

Chapter 3 Configuration Statements . . . 27

Configuration Statements for the Redirect Server (SRC CLI) . . . 27

Part 3

Administration

Chapter 4 Management Tasks . . . 31

Verifying Configuration for the Redirect Server (SRC CLI) . . . 31

Assessing Load for Redirect Server (C-Web Interface) . . . 31

Chapter 5 Monitoring the Redirect Server . . . 33

Viewing Statistics for the Redirect Server (SRC CLI) . . . 33

Viewing Statistics for the Redirect Server (C-Web Interface) . . . 33

Viewing Statistics About Filtered Traffic (SRC CLI) . . . 34

Viewing Information for Filtered Traffic (C-Web Interface) . . . 35

Chapter 6 Routine Monitoring . . . 37

Viewing Information About Components Installed (SRC CLI) . . . 37

Viewing Information About Components Installed (C-Web Interface) . . . 38

Part 4

Troubleshooting

Chapter 7 Troubleshooting Procedures . . . 41

Collecting Data with the Activity Monitor (SRC CLI) . . . 41

Collecting Data with the Activity Monitor (C-Web Interface) . . . 42

Viewing Graphs (C-Web Interface) . . . 43

Viewing Graphs from a Web Page . . . 43

Viewing Graphs for a Preset Time Period from a Web Page . . . 43

Viewing Graphs for Specified Time Periods from a Web Page . . . 44

(5)

List of Figures

Part 1

Overview

(6)
(7)

List of Tables

About the Documentation . . . ix

Table 1: Notice Icons . . . x

Table 2: Notice Icons . . . x

Table 3: Text Conventions . . . x

Part 3

Administration

Chapter 6 Routine Monitoring . . . 37

(8)
(9)

About the Documentation

• Documentation and Release Notes on page ix

• Supported Platforms on page ix

• Documentation Conventions on page ix

• Documentation Feedback on page xi

• Requesting Technical Support on page xii

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation, see the product documentation page on the Juniper Networks website at

http://www.juniper.net/techpubs/.

If the information in the latest release notes differs from the information in the documentation, follow the product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed athttp://www.juniper.net/books.

Supported Platforms

For the features described in this document, the following platforms are supported:

• C Series

Documentation Conventions

(10)

Table 1: Notice Icons

Description Meaning

Icon

Indicates important features or instructions. Informational note

Indicates a situation that might result in loss of data or hardware damage. Caution

Alerts you to the risk of personal injury or death. Warning

Alerts you to the risk of personal injury from a laser. Laser warning

Documentation Conventions

Table 1 on page xdefines the notice icons used in this guide.Table 3 on page xdefines text conventions used throughout this documentation.

Table 2: Notice Icons

Description Meaning

Icon

Indicates important features or instructions. Informational note

Indicates a situation that might result in loss of data or hardware damage. Caution

Alerts you to the risk of personal injury or death. Warning

Alerts you to the risk of personal injury from a laser. Laser warning

Table 3: Text Conventions

Examples Description

Convention

• Specify the keyword exp-msg.

• Run the install.sh script.

• Use the pkgadd tool.

• Represents keywords, scripts, and tools in text.

(11)

Table 3: Text Conventions (continued)

user@host# set cache-entry-age

cache-entry-age

Represents text that the user must type. Bold text like this

nic-locators { login { resolution { resolver-name /realms/ login/A1; key-type LoginName; value-type SaeId; }

Represents information as displayed on your terminal’s screen, such as CLI commands in output displays.

Fixed-width text like this

• system ldap server{ stand-alone;

• Use therequest sae modify device failover commandwith theforceoption

• user@host# . . .

• http://www.juniper.net/techpubs/software/ management/sdx/api-index.html

• Represents configuration statements.

• Indicates SRC CLI commands and options in text.

• Represents examples in procedures.

• Represents URLs. Regular sans serif typeface

user@host#set local-address local-address

Represents variables in SRC CLI commands. Italic sans serif typeface

Another runtime variable is <gfwif>. In text descriptions, indicate optional

keywords or variables. Angle brackets

Press Enter. Indicates the name of a key on the keyboard.

Key name

Press Ctrl + b. Indicates that you must press two or more

keys simultaneously. Key names linked with a plus sign

(+)

There are two levels of access: user and

privileged.

SRC-PE Getting Started Guide.

o=Users, o=UMC

The /etc/default.properties file.

• Emphasizes words.

• Identifies book names.

• Identifies distinguished names.

• Identifies files, directories, and paths in text but not in command examples.

Italic typeface

Plugin.radiusAcct-1.class=\ net.juniper.smgt.sae.plugin\ RadiusTrackingPluginEvent At the end of a line, indicates that the text

wraps to the next line. Backslash

diagnostic | line Represent a choice to select one keyword or

variable to the left or right of this symbol. (The keyword or variable may be either optional or required.)

Words separated by the | symbol

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to

(12)

https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include the following information with your comments:

• Document or topic name

• URL or page number

• Software release version (if applicable)

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

• Find CSC offerings:http://www.juniper.net/customers/support/

• Search for known bugs:http://www2.juniper.net/kb/

• Find product documentation:http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base:http://kb.juniper.net/

• Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications: https://www.juniper.net/alerts/

• Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/

(13)

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

• Use the Case Management tool in the CSC athttp://www.juniper.net/cm/.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). For international or direct-dial options in countries without toll-free numbers, see http://www.juniper.net/support/requesting-support.html.

(14)
(15)

PART 1

Overview

(16)
(17)

CHAPTER 1

Software Features Overview

• Traffic Redirection Overview on page 3

• Redirect Server Redundancy on page 5

Traffic Redirection Overview

The redirect server is part of a captive portal system that redirects subscribers’ Web requests to a captive portal page. You can use a captive portal page as the initial page a subscriber sees after logging in to a subscriber session and as a page used to receive and manage HTTP requests to unauthorized Web resources.

Proxy Request Management

The redirect server examines requested paths and detects proxy HTTP requests by the proxy prefix “ <scheme>:” followed by the address of the requested host. If the requested URL is served by the captive portal server:

1. The redirect server opens a TCP connection to the captive portal and forwards the request for the URL. The redirect server adds to the request an X-Forwarded-For header that specifies the IP address of the client.

2. The captive portal server inspects the incoming request for the X-Forwarded-For header for the IP address. The captive portal server uses this address instead of the source IP address to determine the originator of the request.

3. If the captive portal authorizes the client and activates a service that enables a direct connection between the client and the proxy, the redirect server then sends the returned data to the subscriber’s Web browser.

or

If the requested URL is not served by the captive portal server, the redirect server opens a TCP port (8800 by default) and sends the type of response configured to a subscriber’s browser in response to a captured request:

• HTTP 200 OK response with an HTML document that includes the <HTTP-Equiv="Refresh"> header (default)

(18)

The subscriber browser follows the redirect request, and the proxied request is served by the redirect server again, which opens a connection to the captive portal. Support for HTTP proxy requests requires the following:

• A local HTTP proxy server that can handle the traffic from all clients configured with a proxy.

• A location for the local HTTP proxy server that is one IP hop from each access router.

• A proxy service that the captive portal server can activate to send proxy requests to the local HTTP proxy server when the portal server authorizes proxy clients.

• A proxy service activation policy that includes a next-hop policy that points to the local HTTP proxy server, and a classifier that matches the client’s IP address and the address of the proxy server configured on the client.

Services that the client accesses through the proxy server, such as HTTP and FTP, cannot be activated based on destination address.

You must redirect all ports to the redirect server because you cannot know which ports are configured on the client for the proxy. Consequently, the redirect server receives non-HTTP requests as well as HTTP requests. The non-HTTP requests generate error log entries. To reduce overhead, HTTP error messages are logged as system log debug messages.

HTTP Proxy and DNS

Make sure that your network includes a domain name service (DNS) server to resolve unknown names to a fixed IP address. A DNS server is required because proxy servers can be configured with DNS names in private domains that are not valid in the public environment. You can use the DNS server included with the redirect server, or another DNS server on your network.

The DNS server can be configured on a client with DHCP. Alternatively, the service provider can set up a transparent DNS proxy by configuring a next-hop policy on the JunosE router for UDP and TCP port 53 traffic. The policy redirects traffic on these two ports to the redirect server’s DNS server.

Because proxy addresses must be resolved even if general access to the Internet is enabled, the DNS server must continue to resolve all client requests for proxy clients. Nonproxy clients can use their regular DNS server after the initial service has been activated.

(19)

Protection Against Denial-of-Service Attacks

The redirect server incorporates a number of properties to protect against denial-of-service attacks. The following list shows the default values set for these properties:

• The redirect server can serve no more than 12,000 requests per minute, with a burst of 18,000 requests.

• The redirect server can serve no more than 25 requests per client per minute, with a burst of 50 requests.

• Incoming requests can be no larger than 4 KB.

• Incoming requests have a time limit of 2 seconds. You can change the values for any of these properties. Related

Documentation

Redirect Server Redundancy on page 5

• Configuration Statements for the Redirect Server (SRC CLI) on page 27

• Before You Configure Redundancy for a Redirect Server on page 23

• Configuring the Redirect Server (SRC CLI) on page 10

• Configuring the Redirect Server (C-Web Interface) on page 11

Redirect Server Redundancy

You can configure the redirect server to provide redundancy to help ensure that a redirect server is always available. You install the redirect server software on two different hosts; then you configure one redirect server as the primary redirect server, and the other as the redundant redirect server. The active and redundant redirect servers regularly poll each other to confirm each other’s availability. If the primary redirect server becomes unavailable, the redundant server assumes the active role.

When a redirect server assumes the primary role, it configures on the router a static route from the virtual IP address to the server’s real IP address. Clients send requests to the virtual IP address, and the router automatically sends the request to the active redirect server through a static route. The virtual IP address is used only in the static route configured on the router and the next-hop policy installed by SAE. End users do not see the virtual IP address.

Figure 1 on page 6shows a configuration in which two redirect servers use the same virtual IP address, 192.168.254.1.

(20)

Figure 1: Failover of a Redirect Server

Related Documentation

• Traffic Redirection Overview on page 3

• Before You Configure Redundancy for a Redirect Server on page 23

• Configuring a Redundant Redirect Server (SRC CLI) on page 23

(21)

PART 2

Configuration

• Configuration Tasks on page 9

(22)
(23)

CHAPTER 2

Configuration Tasks

• Before You Configure the Redirect Server on a C Series Controller on page 10

• Configuring the Redirect Server (SRC CLI) on page 10

• Configuring the Redirect Server (C-Web Interface) on page 11

• Configuring General Properties for the Redirect Server (SRC CLI) on page 12

• Configuring General Properties for the Redirect Server (C-Web Interface) on page 13

• Configuring a Connection Between the Redirect Server and the Directory (SRC CLI) on page 14

• Configuring a Connection Between the Redirect Server and the Directory (C-Web Interface) on page 15

• Defining Traffic to Transmit to the Redirect Server (SRC CLI) on page 15

• Defining Traffic to Transmit to the Redirect Server (C-Web Interface) on page 16

• Changing the Number of Requests That the Redirect Server Accepts (SRC CLI) on page 16

• Changing the Number of Requests That the Redirect Server Accepts (C-Web Interface) on page 17

• Specifying Extensions for Files That the Redirect Server Accepts (SRC CLI) on page 18

• Specifying Extensions for Files That the Redirect Server Accepts (C-Web Interface) on page 19

• Configuring the DNS Server for the Redirect Server (SRC CLI) on page 19

• Configuring the DNS Server for the Redirect Server (C-Web Interface) on page 21

• Configuring the Redirect Server to Support HTTP Proxies (SRC CLI) on page 21

• Configuring the Redirect Server to Support HTTP Proxies (C-Web Interface) on page 22

• Before You Configure Redundancy for a Redirect Server on page 23

• Configuring a Redundant Redirect Server (SRC CLI) on page 23

• Configuring a Redundant Redirect Server (C-Web Interface) on page 25

• Configuring Logging for the Redirect Server on page 25

• Enabling the Redirect Server on page 25

(24)

Before You Configure the Redirect Server on a C Series Controller

Before you configure the redirect server on a C Series Controller:

• Configure the connection between the redirect server and the JunosE router by configuring policies on the C Series Controller:

• Configure and enable the HTTP local server on the JunosE router

• On the C Series Controller, configure a policy that includes the following policy actions to define which traffic to send to the redirect server:

• An exception action to specify that an HTTP application receive traffic.

• An http redirect policy action to specify the URL to receive packets identified in the exception application action.

NOTE: Alternatively, if the distance between the JunosE routers and the C Series Controller is one hop away, you can configure a next-hop policy on the JunosE router that specifies a destination address that is the virtual IP address of the active redirect server rather than configuring an SRC policy.

• If you plan to configure a redundant redirect server, make sure that you are familiar with the network configuration required.

Related Documentation

Before You Configure Redundancy for a Redirect Server on page 23

• Configuring the Redirect Server (SRC CLI) on page 10

• Configuring the Redirect Server (C-Web Interface) on page 11

• Redirect Server Redundancy on page 5

• Traffic Redirection Overview on page 3

Configuring the Redirect Server (SRC CLI)

The redirect server on a C Series Controller manages IP layer redirection. To configure the redirect server:

1. Configure general properties for the redirect server.

See“Configuring General Properties for the Redirect Server (SRC CLI)” on page 12. 2. Configure a connection from the redirect server to the directory.

(25)

3. (Optional) Define traffic to be forwarded to the redirect server. In most cases you can accept the default values—traffic destined for port 80 (Web requests) and forwarded from all interface on a C Series Controller.

See“Defining Traffic to Transmit to the Redirect Server (SRC CLI)” on page 15. 4. (Optional) Configure the number of requests that the redirect server accepts.

See“Changing the Number of Requests That the Redirect Server Accepts (SRC CLI)” on page 16.

5. (Optional) Configure the types of files for which the redirect server accepts requests. See“Specifying Extensions for Files That the Redirect Server Accepts (SRC CLI)” on page 18.

6. (Optional) For a configuration to support HTTP proxies, configure DNS. You can configure the DNS server included with the redirect server, or another DNS server on your network. If you use another DNS server, you do not need to configure the DNS server included with the redirect server.

For information about configuring the DNS server included with the redirect server, see“Configuring the DNS Server for the Redirect Server (SRC CLI)” on page 19. 7. (Optional) Configure support for HTTP proxies.

See“Verifying Configuration for the Redirect Server (SRC CLI)” on page 31. 8. (Optional) Configure a redundant redirect server.

See“Configuring a Redundant Redirect Server (SRC CLI)” on page 23. 9. Enable the redirect server.

See“Enabling the Redirect Server” on page 25.

Related Documentation

Configuration Statements for the Redirect Server (SRC CLI) on page 27

• Configuring the Redirect Server (C-Web Interface) on page 11

• Viewing Statistics for the Redirect Server (SRC CLI) on page 33

• Traffic Redirection Overview on page 3

• Redirect Server Redundancy on page 5

Configuring the Redirect Server (C-Web Interface)

Configure the redirect server on a C Series Controller to manage IP layer redirection. To configure the redirect server:

1. Configure general properties for the redirect server.

See“Configuring General Properties for the Redirect Server (C-Web Interface)” on page 13.

Configure a connection from the redirect server to the directory.

(26)

See“Configuring a Connection Between the Redirect Server and the Directory (C-Web Interface)” on page 15.

3. (Optional) Define traffic to be forwarded to the redirect server. In most cases you can accept the default values—traffic destined for port 80 (Web requests) and forwarded from all interface on a C Series Controller.

See“Defining Traffic to Transmit to the Redirect Server (C-Web Interface)” on page 16 .

4. (Optional) Configure the number of requests that the redirect server accepts. See“Changing the Number of Requests That the Redirect Server Accepts (C-Web Interface)” on page 17.

5. (Optional) Configure the types of files for which the redirect server accepts requests. See“Specifying Extensions for Files That the Redirect Server Accepts (C-Web Interface)” on page 19.

6. (Optional) For a configuration to support HTTP proxies, configure DNS. You can configure the DNS server included with the redirect server, or another DNS server on your network. If you use another DNS server, you do not need to configure the DNS server included with the redirect server.

For information about configuring the DNS server included with the redirect server, see“Configuring the DNS Server for the Redirect Server (C-Web Interface)” on page 21. 7. (Optional) Configure support for HTTP proxies.

See“Configuring the Redirect Server to Support HTTP Proxies (C-Web Interface)” on page 22.

8. (Optional) Configure a redundant redirect server.

See“Configuring a Redundant Redirect Server (C-Web Interface)” on page 25.

Related Documentation

Traffic Redirection Overview on page 3

• Redirect Server Redundancy on page 5

• Configuring the Redirect Server (SRC CLI) on page 10

Configuring General Properties for the Redirect Server (SRC CLI)

(27)

1. From configuration mode, access the configuration statement that configures the redirect server.

user@host# edit redirect-server

2. Specify the URL to which to send subscriber traffic. [edit redirect-server]

user@host# set destination-url destination-url

3. (Optional) Specify the TCP port on which the redirect server listens for requests. [edit redirect-server]

user@host# set tcp-port tcp-port

4. (Optional) Specify whether the redirect server sends an HTTP 200 OK response with an HTML document that includes the <HTTP-Equiv="Refresh"> header to a

subscriber’s browser in response to a captured request. [edit redirect-server]

user@host# set refresh

If you do not use the refresh option, the redirect server sends an HTTP 302 Found response to a subscriber’s browser in response to a captured request.

By setting the refresh option, the load on the Web server is decreased because non-browser (or non-HTML) client applications that use HTTP do not follow this refresh message; however, most client applications do follow HTTP 302 messages.

Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Configuring General Properties for the Redirect Server (C-Web Interface) on page 13

• Verifying Configuration for the Redirect Server (SRC CLI) on page 31

• Traffic Redirection Overview on page 3

Configuring General Properties for the Redirect Server (C-Web Interface)

To configure general properties for the redirect server: 1. Click Configure>Redirect Server.

The Redirect Server pane appears.

2. Enter information as described in the Help text in the main pane, and click Apply.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

(28)

Configuring a Connection Between the Redirect Server and the Directory (SRC CLI)

Use the following configuration statements to configure a connection between the redirect server and the directory:

redirect-server ldap { url url; bind-dn bind-dn; bind-password bind-password; base-dn base-dn; }

To configure a connection between the redirect server and the directory:

1. From configuration mode, access the configuration statement that configures the connection.

user@host# edit redirect-server ldap

2. List the URLs for directories employed by the redirect server. [edit redirect-server ldap]

user@host# set url url For each URL, use the format: ldap://<host>:<portNumber>

where <host> is the IP address or hostname of the directory host and <portNumber> is the TCP port

3. Specify the DN that the redirect server uses to authorize connections to the directory. [edit redirect-server ldap]

user@host# set bind-dn bind-dn

The DN must have authorization to read from o=network, o=umc in the directory. 4. Specify the password that the redirect server uses to bind to the directory.

[edit redirect-server ldap]

user@host# set bind-password bind-password

5. Specify the base DN that is the root of the directory tree. [edit redirect-server ldap]

user@host# set base-dn base-dn

(29)

• Verifying Configuration for the Redirect Server (SRC CLI) on page 31

• Traffic Redirection Overview on page 3

Configuring a Connection Between the Redirect Server and the Directory (C-Web

Interface)

To configure a connection between the redirect server and the directory: 1. Click Configure, expand Redirect Server, then click Ldap.

The Ldap pane appears.

2. Enter information as described in the Help text in the main pane, and click Apply to trigger an automatic commit.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

Defining Traffic to Transmit to the Redirect Server (SRC CLI)

You can define traffic to be forwarded to the redirect server by identifying the destination port number (typically, port 80 for Web requests) for packets and the physical interface on a C Series Controller from which subscriber traffic is forwarded to the redirect server. In most cases you can accept the default values for configuration for IP redirection. If you do not specify an interface, traffic is accepted on all interfaces.

Use the following configuration statements to define traffic to transmit to the redirect server:

redirect-server ip-redirect{ interface interface; port port;

}

To change the values of the port for traffic and/or the C Series interface on which traffic is forwarded to the redirect server:

1. From configuration mode, access the configuration statement that configures IP redirection for the redirect server.

user@host# edit redirect-server ip-redirect

2. Specify one or more interfaces on which subscriber traffic is forwarded from the B-RAS to the C Series Controller.

[edit redirect-server ip-redirect] user@host# set interface interface

(30)

If you do not specify an interface, the C Series Controller accepts traffic from all interfaces.

3. Specify the TCP port of the redirected traffic. If you do not specify a port, the redirect server uses port 80 (HTTP).

[edit redirect-server ip-redirect] user@host# set port port

Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Defining Traffic to Transmit to the Redirect Server (C-Web Interface) on page 16

• Verifying Configuration for the Redirect Server (SRC CLI) on page 31

• Traffic Redirection Overview on page 3

Defining Traffic to Transmit to the Redirect Server (C-Web Interface)

You can define traffic to be forwarded to the redirect server by identifying the destination port number (typically, port 80 for Web requests) for packets and the physical interface on a C Series Controller from which subscriber traffic is forwarded to the redirect server. In most cases you can accept the default values for configuration for IP redirection. If you do not specify an interface, traffic is accepted on all interfaces.

To change the values of the port for traffic and/or the C Series interface on which traffic is forwarded to the redirect server:

1. Click Configure, expand Redirect Server, and then click IP Redirect. The IP Redirect pane appears.

2. Click the Create button. The IP Redirect pane reappears.

3. Enter the information as described in the Help text in the main pane, and click Apply.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

Changing the Number of Requests That the Redirect Server Accepts (SRC CLI)

If you want to change the number of redirection requests that the redirect server accepts, change the values for the request rates and the client rates.

(31)

client-rate client-rate;

client-burst-size client-burst-size; }

To configure the number of redirection requests that the redirect server can accept: 1. From configuration mode, access the configuration statement that configures the

redirect server.

user@host# edit redirect-server

2. Specify the number of requests that the redirect server can accept per minute from all clients (global sustained rate).

[edit redirect-server]

user@host# set request-rate request-rate

3. Specify the maximum number of requests that the redirect server can accept from all clients (burst size).

[edit redirect-server]

user@host# set request-burst-size request-burst-size

This value should exceed the value for the request rate. If the value for the request rate exceeds this value, the redirect server drops the excess requests.

4. Specify the number of requests that the redirect server can accept per minute for a single client (per-client sustained rate).

[edit redirect-server]

user@host# set client-rate client-rate

5. Specify the maximum number of requests that the redirect server can accept for a single client (per client burst size).

[edit redirect-server]

user@host# set client-burst-size client-burst-size This value should exceed the value for the client rate.

Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Changing the Number of Requests That the Redirect Server Accepts (C-Web Interface) on page 17

• Verifying Configuration for the Redirect Server (SRC CLI) on page 31

• Traffic Redirection Overview on page 3

Changing the Number of Requests That the Redirect Server Accepts (C-Web Interface)

If you want to change the number of redirection requests that the redirect server accepts, change the values for the request rates and the client rates.

(32)

To configure the number of redirection requests that the redirect server can accept: 1. Click Configure>Redirect Server.

The Redirect Server pane appears.

2. Change the values in the following boxes as described in the Help text in the main pane:

• Request Rate

• Request Burst Size

• Client Rate

• Client Burst Size 3. Click Apply.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

Specifying Extensions for Files That the Redirect Server Accepts (SRC CLI)

If you do not specify the types of files that the redirect server accepts, the redirect server accepts all file types. You can identify file types by specifying the file extensions for the files that the redirect server is to accept.

Use the following configuration statements to configure the file extensions that the redirect server accepts:

redirect-server { check-file-extensions; file-extensions file-extensions; }

To specify the extensions for the types of files accepted by the redirect server: 1. From configuration mode, access the configuration statement that configures the

redirect server.

user@host# edit redirect-server

2. Specify whether the redirect server should accept only URLs that point to files that have standard file extensions—<empty>, .asp, .htm, .html, .jsp, .php, .shtm, .shtml, and .xml.

[edit redirect-server]

user@host# set check-file-extensions

(33)

3. List file extensions to augment the standard file extensions you configured . Precede each extension with a period. Make sure that you specify the correct case for each character; entries are case-sensitive.

[edit redirect-server]

user@host# set file-extensions file-extensions

Separate each file extensions by a comma. For example: set file-extensions .cgi,.aspx

Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Specifying Extensions for Files That the Redirect Server Accepts (C-Web Interface) on page 19

• Verifying Configuration for the Redirect Server (SRC CLI) on page 31

• Traffic Redirection Overview on page 3

Specifying Extensions for Files That the Redirect Server Accepts (C-Web Interface)

If you do not specify the types of files that the redirect server accepts, the redirect server accepts all file types. You can identify file types by specifying the file extensions for the files that the redirect server is to accept.

To specify the extensions for the types of files accepted by the redirect server: 1. Click Configure>Redirect Server.

The Redirect Server pane appears.

2. To enable or disable checking file extensions, clear or select the Check File Extensions box as described in the Help Text in the main pane.

3. Click Apply.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

Configuring the DNS Server for the Redirect Server (SRC CLI)

A DNS server is required to support HTTP proxies to resolve the name of any HTTP proxy, even if the name is valid only in the private domain of the client. You can use an external DNS or the DNS server that is included with the redirect server for this purpose.

If you plan to use an external DNS server, you can skip this section. This section describes how to configure the DNS server that is included with the redirect server.

Use the following configuration statements to configure the DNS server that is included with the redirect server:

(34)

redirect-server dns { enable; tcp-port tcp-port; udp-port udp-port; forwarder forwarder; error-ip-address error-ip-address; }

To configure DNS for the redirect server that is included with the redirect server: 1. From configuration mode, access the configuration statement that configures DNS

for the redirect server.

user@host# edit redirect-server dns

2. Enable DNS for the redirect server. [edit redirect-server dns] user@host# set enable

3. Specify the TCP port on which the DNS server listens: If you set the value to 0, no TCP socket is opened.

[edit redirect-server dns]

user@host# set tcp-port tcp-port

4. Specify the UDP port on which the DNS server listens. [edit redirect-server dns]

user@host# set udp-port udp-port

5. Specify the IP addresses of DNS servers to which resolution requests are forwarded; use commas to separate addresses, but do not add a space after the comma.

[edit redirect-server dns]

user@host# set forwarder forwarder For example:

[edit redirect-server dns]

user@host# set forwarder 192.0.2.24,192.0.4.25

If you do not specify DNS servers, DNS resolves incoming requests by using the normal DNS method.

6. Specify the IP address that is returned when a DNS request results in an unknown name (NXDOMAIN) error.

[edit redirect-server dns]

(35)

• Configuring the Redirect Server (SRC CLI) on page 10

• Traffic Redirection Overview on page 3

Configuring the DNS Server for the Redirect Server (C-Web Interface)

A DNS server is required to support HTTP proxies to resolve the name of any HTTP proxy, even if the name is valid only in the private domain of the client. You can use an external DNS or the DNS server that is included with the redirect server for this purpose.

NOTE: If you plan to use an external DNS server, do not follow this procedure.

The following procedure describes how to configure the DNS server that is included with the redirect server.

Proxy support must be enabled before configuring the DNS server. See“Configuring the Redirect Server to Support HTTP Proxies (C-Web Interface)” on page 22.

To configure the DNS server that is included with the redirect server: 1. Click Configure, expand Redirect Server, and click DNS.

The DNS pane appears.

2. Enter information as described in the Help text in the main pane, and click Apply.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

Configuring the Redirect Server to Support HTTP Proxies (SRC CLI)

Support for proxy requests is an optional feature of the redirect server. If you configure proxy support, you must also have DNS configured. You can use DNS servers already installed on your network, or use the server included with the SRC software.

Use the following configuration statements to configure the redirect server to support HTTP proxies:

redirect-server { proxy-support;

proxy-destination-url proxy-destination-url; }

To configure the redirect server to support HTTP proxies:

1. From configuration mode, access the configuration statement that configures the redirect server.

user@host# edit redirect-server

(36)

2. Enable HTTP proxy support. [edit redirect-server]

user@host# set proxy-support

3. Specify the URL sent as a response to proxy requests. [edit redirect-server]

user@host# set proxy-destination-url proxy-destination-url

If you do not configure a value, then the URL defaults to the redir.url value. You can use this property to send proxy requests to a page different from the direct request page on the captive portal.

Related Documentation

Before You Configure the Redirect Server on a C Series Controller on page 10

• Configuring the Redirect Server (SRC CLI) on page 10

• Configuring the Redirect Server to Support HTTP Proxies (C-Web Interface) on page 22

• For information about configuring the DNS server included with the SRC software, see Configuring the DNS Server for the Redirect Server (SRC CLI) on page 19

• Traffic Redirection Overview on page 3

Configuring the Redirect Server to Support HTTP Proxies (C-Web Interface)

Support for proxy requests is an optional feature of the redirect server. If you configure proxy support, you must also have DNS configured. You can use DNS servers already installed on your network, or use the server included with the SRC software.

To configure the redirect server to support HTTP proxies: 1. Click Configure>Redirect Server.

The Redirect Server pane appears.

2. Clear the Proxy Support checkbox box to disenable HTTP proxy support. Select the checkbox to enable HTTP proxy support. Refer to the information in the Help text in the main pane.

3. In the Destination Url box, type the URL sent as a response to proxy requests. 4. Click Apply.

Related Documentation

Traffic Redirection Overview on page 3

• Configuring the Redirect Server (C-Web Interface) on page 11

(37)

Before You Configure Redundancy for a Redirect Server

If you plan to use a redundant configuration for the redirect server, ensure that:

• If you use a next-hop address for policies that capture Web traffic and send it to the redirect server, that the virtual IP address to be used is also the next-hop address.

• The redirect server has SNMP write access to the virtual routers connected to it. Each VR must have at least a write community configured. (The static route from the virtual IP address to the server’s real IP address is installed on the router through SNMP.)

• If additional access controls are enabled on the JunosE router, the hosts on which the redirect server runs must be included.

Related Documentation

Configuring a Redundant Redirect Server (SRC CLI) on page 23

• Configuring a Redundant Redirect Server (C-Web Interface) on page 25

• Traffic Redirection Overview on page 3

• Redirect Server Redundancy on page 5

Configuring a Redundant Redirect Server (SRC CLI)

Although configuration of a redundant redirect server is optional, we recommend that you configure redundancy to maintain high availability for the server.

Before you configure the redirect server, review configuration prerequisites. See“Before You Configure Redundancy for a Redirect Server” on page 23.

Use the following configuration statements to configure redundancy for the redirect server: redirect-server { redundancy; } redirect-server monitor { redundant-host-ip-address redundant-host-ip-address; virtual-ip-address virtual-ip-address; real-ip-address real-ip-address; primary-server; check-interval check-interval; virtual-routers virtual-routers; }

To configure redundancy for the redirect server:

1. From configuration mode, access the configuration statement that configures the redirect server.

user@host# edit redirect-server

(38)

2. Enable redundancy for the redirect server. [edit redirect-server]

user@host# set redundancy

3. Configure redundancy properties for the redirect server. [edit redirect-server]

user@host# edit redirect-server monitor

4. Configure the IP address or hostname of the redundant redirect server. [edit redirect-server]

user@host# set redundant-host-ip-address redundant-host-ip-address

5. Configure the virtual IP address of the redirect server. [edit redirect-server]

user@host# set virtual-ip-address virtual-ip-address

6. Configure the real IP address of the redirect server. [edit redirect-server]

user@host# set real-ip-address real-ip-address

When a primary redirect server is started, it dynamically establishes and maintains a static route on the client router to which it connects. The static route directs traffic destined for the virtual IP address of the server to the real IP address of the active redirect server.

7. (Optional) Set the system on which you enter the command as the primary redirect server.

[edit redirect-server]

user@host# set primary-server

8. (Optional) Set the interval at which the redirect server polls the redundant redirect server.

[edit redirect-server]

user@host# set check-interval check-interval

A shorter time in the range leads to faster detection of problems and results in higher consumption of CPU resources.

9. List of virtual routers to which the redirect server connects. [edit redirect-server]

user@host# set virtual-routers vrName@routerName, vrName@routerName ...

(39)

• Traffic Redirection Overview on page 3

• Redirect Server Redundancy on page 5

Configuring a Redundant Redirect Server (C-Web Interface)

Although configuration of a redundant redirect server is optional, we recommend that you configure redundancy to maintain high availability for the server.

Before you configure the redirect server, review configuration prerequisites. See“Before You Configure Redundancy for a Redirect Server” on page 23.

To configure redundancy for the redirect server: 1. Click Configure>Redirect Server.

The Redirect Server pane appears.

2. To enable or disable redundancy for the redirect server, clear (or select) the Redundancy checkbox as described in the Help text in the main pane.

Related Documentation

Traffic Redirection Overview on page 3

• Redirect Server Redundancy on page 5

• Configuring the Redirect Server (C-Web Interface) on page 11

• Configuring a Redundant Redirect Server (SRC CLI) on page 23

Configuring Logging for the Redirect Server

The redirect server logs incoming HTTP requests through system log with a priority of INFO and log facility of LOCAL7.

Related Documentation

Configuring a Component to Store Log Messages in a File (SRC CLI)

• Configuring System Logging (SRC CLI)

Enabling the Redirect Server

To enable the redirect server:

user@host> enable component redir Related

Documentation

Before You Configure the Redirect Server on a C Series Controller on page 10

• Configuring the Redirect Server (SRC CLI) on page 10

• Traffic Redirection Overview on page 3

(40)

Changing the Configuration for the Redirect Server

When you change the configuration for the redirect server and commit that configuration, the redirect server is automatically restarted.

Related Documentation

• Configuring the Redirect Server (SRC CLI) on page 10

(41)

CHAPTER 3

Configuration Statements

• Configuration Statements for the Redirect Server (SRC CLI) on page 27

Configuration Statements for the Redirect Server (SRC CLI)

(42)

real-ip-address real-ip-address; primary-server; check-interval check-interval; virtual-routers virtual-routers; } Related Documentation

• Traffic Redirection Overview on page 3

• Configuring the Redirect Server (SRC CLI) on page 10

(43)

PART 3

Administration

• Management Tasks on page 31

• Monitoring the Redirect Server on page 33

(44)
(45)

CHAPTER 4

Management Tasks

• Verifying Configuration for the Redirect Server (SRC CLI) on page 31

• Assessing Load for Redirect Server (C-Web Interface) on page 31

Verifying Configuration for the Redirect Server (SRC CLI)

Purpose Verify the configuration for the redirect server.

Action At the [edit redirect-server] hierarchy level, enter the show command: [edit redirect-server] user@host#show tcp-port 8800; destination-url ; refresh; refresh-document etc/refresh.html; user-name nobody; request-rate 12000; request-burst-size 18000; client-rate 25; client-burst-size 50; Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Viewing Statistics for the Redirect Server (SRC CLI) on page 33

• Viewing Statistics About Filtered Traffic (SRC CLI) on page 34

• Traffic Redirection Overview on page 3

Assessing Load for Redirect Server (C-Web Interface)

Purpose View the number of requests sent to the redirect server, and whether the requests reach the configured limit for the server and for server users. You can then use this information to fine-tune the properties for redirect server.

Action 1. Click Monitor>Redirect Server>Statistics. The Redirect Server Statistics pane appears.

(46)

3. Click OK. The Redirect Server pane displays the following statistics:

• Uptime

• Accepted requests

• Rejected requests

• Number of user-limit leaky buckets

• Number of user limits reached

• Number of global limits reached

You can also obtain statistics for redirect server through SNMP. The name of the MIB for redirect server is Juniper-SDX-REDIRECTOR-MIB.

Related Documentation

• Configuring General Properties for the Redirect Server (SRC CLI) on page 12

• Viewing Statistics for the Redirect Server (C-Web Interface) on page 33

• Viewing Information for Filtered Traffic (C-Web Interface) on page 35

(47)

CHAPTER 5

Monitoring the Redirect Server

• Viewing Statistics for the Redirect Server (SRC CLI) on page 33

• Viewing Statistics for the Redirect Server (C-Web Interface) on page 33

• Viewing Statistics About Filtered Traffic (SRC CLI) on page 34

• Viewing Information for Filtered Traffic (C-Web Interface) on page 35

Viewing Statistics for the Redirect Server (SRC CLI)

Purpose View statistics for redirect server. Action user@host> show redirect-server statistics

Redirect Server

Uptime: 1270724.713 s Accepted Requests: 25 Rejected Requests: 0 User limit leaky buckets: 0 User limits reached: 0 Global limits reached: 0

Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Viewing Statistics About Filtered Traffic (SRC CLI) on page 34

• Viewing Statistics for the Redirect Server (C-Web Interface) on page 33

• Traffic Redirection Overview on page 3

Viewing Statistics for the Redirect Server (C-Web Interface)

Purpose View statistics for the redirect server.

(48)

2. Select a style from the Output Style list. 3. Click OK.

The Statistics pane displays the redirect server statistics.

Related Documentation

Configuring General Properties for the Redirect Server (C-Web Interface) on page 13

• Configuring the Redirect Server (C-Web Interface) on page 11

• Viewing Statistics for the Redirect Server (SRC CLI) on page 33

• Viewing Information for Filtered Traffic (C-Web Interface) on page 35

• Traffic Redirection Overview on page 3

Viewing Statistics About Filtered Traffic (SRC CLI)

Purpose You can obtain information about the packets filtered on a C Series Controller by accessing statistics for the iptables Linux tool. You can also reset the counters for this tool. Action To view information about packet filtering on a C Series Controller:

user@host> show iptables <nat | filter | mangle> <reset-counters> where

• nat—Displays information for the nat table for the iptables tool. The nat table provides rules for rewriting packet addresses.

• filter—Displays information for the filter table for the iptables tool. The filter table provides rules for defining packet filters.

• mangle—Displays information for the mangle table for the iptables tool. The mangle table provides rules for adjusting packet options, such as quality of service.

(49)

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 24M packets, 4506M bytes)

pkts bytes target prot opt in out source destinationreset-counters

To reset the values in the output for the show iptables command: user@host> show iptables reset counters

Related Documentation

Configuring the Redirect Server (SRC CLI) on page 10

• Defining Traffic to Transmit to the Redirect Server (SRC CLI) on page 15

• Viewing Statistics for the Redirect Server (SRC CLI) on page 33

• Viewing Information for Filtered Traffic (C-Web Interface) on page 35

• Traffic Redirection Overview on page 3

Viewing Information for Filtered Traffic (C-Web Interface)

Purpose View information about filtered traffic with the iptables Linux tool when you are using C-Web to monitor the C Series Controller.

Action To view information about the filtered traffic: 1. Click Monitor>Iptables.

The Iptables pane appears.

2. Select the type of table that you want to display from the Table list:

• nat—Displays information for the iptables NAT table

• filter—Displays information for the iptables filter table

• mangle—Displays information for the iptables mangle table

(50)

3. Select the Reset Counters check box to rest the counters of items in the output. 4. Click OK.

The Iptables pane displays information about filtered traffic.

Related Documentation

• Defining Traffic to Transmit to the Redirect Server (C-Web Interface) on page 16

• Configuring the Redirect Server (C-Web Interface) on page 11

• Viewing Statistics About Filtered Traffic (SRC CLI) on page 34

• Viewing Statistics for the Redirect Server (C-Web Interface) on page 33

(51)

CHAPTER 6

Routine Monitoring

• Viewing Information About Components Installed (SRC CLI) on page 37

• Viewing Information About Components Installed (C-Web Interface) on page 38

Viewing Information About Components Installed (SRC CLI)

Purpose View release and status information for SRC components installed on a system. Action user@host> show component

Installed Components

Name Version Status

cli Release: 7.0 Build: CLI.A.7.0.0.0171 running acp Release: 7.0 Build: ACP.A.7.0.0.0174 disabled jdb Release: 7.0 Build: DIRXA.A.7.0.0.0176 running editor Release: 7.0 Build: EDITOR.A.7.0.0.0176 running redir Release: 7.0 Build: REDIR.A.7.0.0.0176 disabled licSvr Release: 7.0 Build: LICSVR.A.7.0.0.0179 stopped nic Release: 7.0 Build: GATEWAY.A.7.0.0.0170 disabled sae Release: 7.0 Build: SAE.A.7.0.0.0166 running www Release: 7.0 Build: UMC.A.7.0.0.0169 disabled jps Release: 7.0 Build: JPS.A.7.0.0.0172 disabled agent Release: 7.0 Build: SYSMAN.A.7.0.0.0174 running webadm Release: 7.0 Build: WEBADM.A.7.0.0.0173 disabled

Meaning Table 4 on page 37describes the output fields for the show component command. Output fields are listed in the order in which they appear.

Table 4: Output Fields for show component

Field Description

Field Name

Name of the component Name

Version of the component Version

State of the component, running or disabled Status

Related Documentation

Viewing Information About Components Installed (C-Web Interface) on page 38

(52)

• Directories on the C Series Controller

Viewing Information About Components Installed (C-Web Interface)

Purpose View the installed SRC components. Action Click Monitor>Component.

The Component pane displays the status of each installed component.

Related Documentation

• Viewing Information About Components Installed (SRC CLI) on page 37

• Viewing C Series Controller Information

(53)

PART 4

Troubleshooting

(54)
(55)

CHAPTER 7

Troubleshooting Procedures

• Collecting Data with the Activity Monitor (SRC CLI) on page 41

• Collecting Data with the Activity Monitor (C-Web Interface) on page 42

• Viewing Graphs (C-Web Interface) on page 43

• Viewing Graphs from a Web Page on page 43

Collecting Data with the Activity Monitor (SRC CLI)

You can collect data with the Activity Monitor for specific components over a specified time. Before you perform data collection with the Activity Monitor, make sure the Activity Monitor (activity), CLI (cli), and C-Web interface (webadm) components are enabled. To perform data collection with the Activity Monitor:

• user@host> request support information Some of the information retrieved includes:

• System log messages from the /var/log/messages/* directory.

• The configuration in XML format.

• The host name in the name of the diagnostic file. To perform data collection for specific components:

user@host> request support information component where component is one of the following:

• acp—SRC Admission Control Plug-In

• activity—Activity Monitor

• agent—SNMP agent

• appsvr—Application server

• cli—SRC CLI

(56)

• dsa—Dynamic Service Activator

• extsubmon—External Subscriber Monitor

• ims—IP multimedia subsystem

• jdb—Juniper Networks database

• jps—Juniper Policy Server

• licSvr—License server

• nic—Network information collector

• redir—Redirect server

• sae—SAE

• webadm—C-Web interface

To perform data collection for a specified number of days:

user@host> request support information days where days is in the range of 1–36500.

Related Documentation

Viewing Graphs (C-Web Interface) on page 43

• Viewing Graphs from a Web Page on page 43

• Monitoring Activity on C Series Controllers

Collecting Data with the Activity Monitor (C-Web Interface)

You can collect data with the Activity Monitor for specific components over a specified time. Before you configure data collection for the Activity Monitor, make sure the Activity Monitor (activity), CLI (cli), and C-Web interface (webadm) components are enabled. To perform data collection with the Activity Monitor:

1. Click Manage>Request>Support>Information. The Support Information pane appears.

2. From the Components list, select the components you want to monitor, and click OK. 3. (Optional) Enter the number of days for which you want to collect data, and click OK.

Related Documentation

Viewing Graphs (C-Web Interface) on page 43

• Viewing Graphs from a Web Page on page 43

(57)

Viewing Graphs (C-Web Interface)

You can display graphs for components for which the Activity Monitor has collected data. To display graphs from the Activity Monitor with the C-Web interface:

1. Click Graphs.

2. In the side pane, select the component and the graph that you want to display. The pane for selecting the time period displayed by the graph appears.

3. Select one of the preset values or enter the time range in the From and To boxes, and click OK.

The graphs appear. Related

Documentation

Collecting Data with the Activity Monitor (C-Web Interface) on page 42

• Viewing Graphs from a Web Page on page 43

• Monitoring Activity on C Series Controllers

Viewing Graphs from a Web Page

You can display graphs for components for which the Activity Monitor has collected data from a Web page. Before you display these graphs, make sure the Activity Monitor (activity) and C-Web interface (webadm) components are enabled. For more secure displays, configure the C-Web interface to use HTTPS and use POST requests.

• Viewing Graphs for a Preset Time Period from a Web Page on page 43

• Viewing Graphs for Specified Time Periods from a Web Page on page 44

Viewing Graphs for a Preset Time Period from a Web Page

To display graphs with preset time periods from the Activity Monitor from a Web page: http://ip-address/graph?&id=username&pw=password&name=graph-name&time=time-period where

ip-address—IP address of the C Series Controller

username—Username used to log in to the C Series Controller

password—Password used to log in to the C Series Controller

graph-name—Name of graph to display in the format <component>-<graph>, where <graph>is the name of the graph as specified in the C-Web interface in all lowercase letters with hyphens separating words

time-period—Period of time that data was collected for display in a graph in the format <number><units>

(58)

The <number> is the number of <units>, which are specified as one of the following values: • m—minutes • h—hours • d—days • w—weeks • M—months • y—years

For example, to view the CPU graph for the System component for the past 10 minutes on the C Series Controller called c2000 for the user admin:

http://c2000/graph?&id=admin&pw=secret&name=system-cpu&time=10m The CPU Usage graph appears.

Viewing Graphs for Specified Time Periods from a Web Page

To display graphs for specified time periods from the Activity Monitor from a Web page: http://ip-address/graph?&id=username&pw=password&name=graph-name&start=date-time &end=date-time

where

ip-address—IP address of the C Series Controller

username—Username used to log in to the C Series Controller

(59)

graph-name—Name of graph to display in the format <component>-<graph>, where <graph>is the name of the graph as specified in the C-Web interface in all lowercase letters with hyphens separating words

date-time—Date and time that data was collected for display in a graph in the format yyyyMMddHHmm, where: • yyyy—year • MM—month • dd—day • HH—hour • mm—minute

For example, to view the heap usage graph for the SAE component from January 15 to January 28 on the C Series Controller called c2000 for the user admin:

http://c2000/graph?&id=admin&pw=secret&name=sae-heap&start=200901150000 &end=200901280000

The SAE Heap Usage graph appears.

Related Documentation

• Collecting Data with the Activity Monitor (SRC CLI) on page 41

• Collecting Data with the Activity Monitor (C-Web Interface) on page 42

• Viewing Graphs (C-Web Interface) on page 43

• Monitoring Activity on C Series Controllers

(60)
(61)

PART 5

Index

(62)
(63)

Index

A

Activity Monitor data collection...41, 42 graphs, viewing...43

C

captive portal preventing access to resources...3

conventions notice icons...x

text...x

customer support...xii

contacting JTAC...xii

D

denial-of-service attacks...5

documentation comments on...xi

F

filtered traffic statistics...34, 35

G

general properties configuring SRC CLI...12

H

HTTP proxy...3

I

iptables Linux tool monitoring C-Web interface...35 SRC CLI...34

L

logging redirect server...25

M

manuals comments on...xi

N

notice icons...x

P

prevention, use of unauthorized resources...3

proxy HTTP...3

proxy request management...3

R

redirect server assessing load C-Web interface...31

changing request accepted, C-Web interface...17 configuration statements SRC CLI...27 configuring C Series Controller ...11 C-Web interface...11 SRC CLI...10

configuring connection with C-Web interface...15

configuring DNS server for C-Web interface ...21

SRC CLI...19

configuring general properties with C-Web interface...13

configuring HTTP proxy support SRC CLI...21

configuring redundant C-Web interface...25

SRC CLI...23

configuring to support HTTP proxies C-Web interface...22

defining traffic C-Web interface...16

defining traffic to transmit...16

(64)

protection against denial-of-service

attacks...5

redundancy...5, 23

specifying extensions for files

C-Web interface...19

static route to router...5

statistics, viewing C-Web interface...33 SRC CLI...33 traffic definition SRC CLI...15 verifying SRC CLI...31 redundancy redirect server...5

redundant redirect server, configuring...25

S

SRC components information, viewing

C-Web interface...38

SRC CLI...37

support, technical See technical support

T

technical support

contacting JTAC...xii

Figure

Updating...

References

Related subjects :