Configuring Classification Scripts
Classification scripts are organized into sections. Each section has a target and one or more classification criteria. The general layout of a classification script is that targets are enclosed in square brackets ([ ]) and precede their criteria:
[target-1] (see Figure 20)criteria-1 (see Figure 20)criteria-2[target-2]criteria-1criteria-2
![]()
Classification Targets
A target is the result of the classification script that gets returned to the SAE. There are two types of targets:
- - (single dash)—Interpreted as no match. If the criteria of this target are matched, a no match message is returned to SAE. You can use this target to exclude certain patterns or to shortcut known nonmatches. To speed up processing, you could use this option to specify interfaces that you do not want the SAE to manage.
- * (asterisk)—Interpreted as the start of a script target. The complete content of the script target is interpreted when the classifier is initially loaded. The script target can contain definitions of custom functions, which can be called during the matching process. Because you can insert arbitrary code into a script target, you can use the classification script to perform arbitrary tasks.
Target Expressions
A target can contain expressions. These expressions can refer to an object in the SAE's memory or configuration, to specific matching criteria, or to another function or script.
Suppose the classification object in a subscriber classifier contains a field called userName. The classifier target uniqueId=<- userName -> is expanded to contain the actual content of the userName field before it is returned to the SAE; for example, for userName=juser, uniqueId=juser is returned.
Target expressions are enclosed in angle brackets and hyphens; for example, <-retailerDn->. The classifier expands expressions before it returns the target to the SAE. The expression is interpreted by an embedded Python interpreter and can contain variables and Python operations. In the simplest case an expression can be a single variable that is replaced with its current contents. Available variable names are all fields of the object passed to the classifier and names created with regular expression matching.
Because a scripting interpreter interprets expressions, more complex operations are possible. Examples are:
- Indexing—var[index] return the element index of a sequence. The first element is at index 0.
- Slicing—var[start : end] create a substring of the variable var starting at index startup to, but not including, index end; for example, var=Hello, var[2:4] = ll
Classification Criteria
You organize classification criteria by putting one criterion per line, and joining a criterion with the previous criterion by:
- OR if the line does not contain a prefix or if it is prefixed with a | (pipe) character. A criterion joined by OR is examined only if the previous conditions have not produced a positive match. If any of the criteria joined by OR matches, the target is selected.
- AND if the line is prefixed with an & (ampersand) character. A criterion joined by AND is examined only if the previous condition matches.
You can use glob or regular expression matching to configure each target's criteria.
Glob Matching
field = matchorfield != matchwhere match is a pattern similar to UNIX filename matching. Glob matches are case insensitive. "field != match" is true, if field=match is not true.
- *—Matches any substring
- ?—Matches any single character
- [range]—Matches a single character in the specified range. Ranges can have the form a-z or abcd.
- [!range]—Matches a single character outside the specified range
- C—Matches the single character c
The available field names are described for the specific classifiers. Examples are:
- interfaceName = fastEthernet3/0 # match the string "fastEthernet3/0" directly
- interfaceName = fast*3/1 # match any string that starts with "fast" and ends with "3/1"
- interfaceName = fast*3/1.* # start with "fast", contains "3/1." arbitrary ending
- interfaceName = fast*3/[2-57] # start with "fast", contains "3/" followed by 2,3,4,5 or 7
Regular Expression Matching
Regular expression matches are of the form:
field =~ reorfield !~ rewhere field !~ re is true if field =~ re is not true. The regular expression is re. For a complete description of the syntax, see: http://www.python.org/doc/2.0/lib/re-syntax.html
You can group regular expressions with pairs of parentheses. If such an expression matches, the contents of the groups are made available for target expressions. Group number n is available as G[n], where n is the number of the opening parenthesis of the group. You can also name groups by using the special notation (?P<name>...).
ifAlias =~ "SSP(.*) "# match a string starting with "SSP". The remainder is stored # in the variable "G[1]"ifAlias =~ (?P<dn>name=(?P<name>[^,]*).*) # match a string starting with "name=". The whole match is # stored in the variable "dn". A submatch which does not # contain any ","-characters and starts after "name=" # is stored in variable "name"Configuring Targets in Structured View
You can create and modify classification scripts with SDX Admin. SDX Admin provides two views of classification scripts—structured and raw. You can switch between the two views at any time and make changes in either view.
Figure 21 shows the structured view of a subscriber classification script.
![]()
The targets are displayed in the first field. The first entry in the target list (---) corresponds to the (unnamed) header section of the classification script. It always exists as the first entry; you cannot delete the target or insert a target in front of it.
To reorder targets, drag a target inside the target list. To edit a target, select the target, which copies the target into an edit field and shows the classification criteria in the Script field. You can then edit the target, or you can use the three buttons to the right of the target editing field to do the following:
—Opens a dialog box that you can use to select the distinguished name (DN) of an object in the directory. Figure 22 shows the dialog box for interface classification scripts; it contains the DNs of existing policy groups. Subscriber classification scripts display the DNs of objects in the o=Users directory. Dynamic Host Configuration Protocol (DHCP) classification scripts display the DNs of cached DHCP profiles.
![]()
- Ins—Inserts a new target after the highlighted target (or at the end if no target is selected)
- Del—Deletes the highlighted target
Configuring Criteria in Structured View
Select the target for which you want to configure criteria. SDX Admin displays the classification criteria for the target in the Script field. You can edit the criteria directly in the Script field.
Configuring Targets and Criteria in Raw View
Figure 23 shows the raw view of a classification script. When you are in the raw view, you can copy and paste the contents of a classification script to another object in the directory.
![]()