Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Dynamic Ascend-Data-Filter Support for Subscriber Access

 

This example shows how to configure support for dynamic Ascend-Data-Filter policies.

Requirements

Overview

Ascend-Data-Filters are configured on a RADIUS server, and contain rules that create policies. Subscriber management uses a dynamic profile to obtain the Ascend-Data-Filter attribute (RADIUS attribute 242) from the RADIUS server and apply the policy to a subscriber session.

  • Specify the dynamic profile to use to apply the Ascend-Data-Filter policy to the subscriber session.

  • Specify the Junos OS predefined variable that maps the Ascend-Data-Filter rules to Junos OS filter functionality.

  • Configure optional settings, which include counting the rule usage and setting the precedence order for the filter.

Configuration

Step-by-Step Procedure

To configure dynamic Ascend-Data-Filter support:

  1. Specify the dynamic profile in which you want to include the Ascend-Data-Filter, and configure the interface, the logical unit number, and the family type.
  2. Specify that you want to include an Ascend-Data-Filter in the dynamic profile and provide the Junos OS predefined variable as the rule that maps the Ascend-Data-Filter actions to Junos OS filter functionality.
  3. Enable the counter for the rule.
  4. Specify the precedence for received packets on the interface.
  5. Specify the precedence for transmitted packets on the interface.

Results

From configuration mode, confirm your configuration by entering the show dynamic-profiles command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying that Dynamic Ascend-Data-Filter Rules Are Applied to Subscriber Sessions

Purpose

Verify that the Ascend-Data-Filter rules were attached to the subscriber.

Action

From operational mode, enter the show subscribers extensive command.

Meaning

The output shows the information for the dynamic profile, including Ascend-Data-Filter rules. Verify the following information:

  • The User Name field indicates the correct subscriber.

  • The Dynamic Profile Name field is correct for the subscriber.

  • The correct Ascend-Data-Filter rules are applied to the subscriber. The display shows the rules that are configured on the RADIUS server.

Verifying Dynamic Ascend-Data-Filter Usage

Purpose

Verify usage of the dynamic Ascend-Data-Filter. Counter statistics are displayed when the counter option is configured for the adf command in the dynamic profile.

Action

From operational mode, enter the show firewall command.

user@host> show firewall

Meaning

The output shows the name of the filter and lists the counter activity. If the counter option is not configured, the output displays only the filter name.