Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Assignment of TDF Subscriber Properties and Policy-Control Properties to IP-Based Subscribers

 

You must configure the criteria that Junos OS uses to select a TDF domain for an IP-based subscriber, which determines how the subscriber session is set up and how the subscriber traffic is treated. (The domain-selection process does not apply to IFL-based subscribers, who are automatically assigned to the TDF domain in which they are configured.) You configure a term to identify conditions that must be matched in the incoming RADIUS request in order to select a particular TDF domain.

You configure the selection of the policy-control properties by selecting a PCEF profile. The PCEF profile can be identified in the selected TDF domain, or you can independently configure the criteria for the selection of a PCEF profile.

Before you begin to configure TDF domain or PCEF profile selection, make sure that you have done the following:

  • Configured a TDF gateway.

  • Configured the TDF domains.

  • Configured the PCEF profiles.

  • Configured the RADIUS client.

To configure a term for TDF domain or PCEF profile selection, perform the following tasks and repeat this process for each term you want to configure:

Configuring the Term Name

To configure the name for the term that contains the from statements and the then statement:

  • Configure a term name that is 1 through 50 characters in length.

Configuring Match Conditions for the RADIUS Client

Before you begin to configure a match condition for a RADIUS client, you must ensure that you have configured the RADIUS client at the [edit access radius clients] hierarchy level, and specified it as the aaa-client at the [edit unified-edge gateways tdf gateway-name] hierarchy level.

To configure a match condition for the RADIUS client that sent the incoming RADIUS request:

  • Specify the client.

Configuring Match Conditions for Snoop Segments

For RADIUS requests that were snooped, the domain-selection configuration can identify the snoop segment that matched the request.

To configure a match condition for the snoop segment:

  • Specify the snoop segment.

Configuring Match Conditions for Predefined AVPs

To configure match conditions for the called-station-id, calling-station-id, class, framed-ip-address, framed-ipv6-prefix, 3gpp-imsi, nas-ip-address, or user-name AVP in the incoming RADIUS request from the subscriber:

  1. Configure any called-station-id match condition.

    Use equals to specify a value the called-station-id must equal or use matches to specify a regular expression the called-station-id must match.

  2. Configure any calling-station-id match condition.

    or

    Use equals to specify a value the calling-station-id must equal or use matches to specify a regular expression the calling-station-id must match.

  3. Configure any class match condition.

    Use equals to specify a value the class must equal, use has-prefix to specify the prefix that the class must have, use has-suffix to specify the suffix that the class must have, or use matches to specify a regular expression the class must match.

  4. Configure any framed-ip-address match condition.
  5. Configure any framed-ipv6-prefix match condition.
  6. Configure any 3gpp-imsi match condition.

    Use equals to specify a value the 3gpp-imsi must equal, use has-prefix to specify the prefix that the 3gpp-imsi must have, use has-suffix to specify the suffix that the 3gpp-imsi must have, or use matches to specify a regular expression the 3gpp-imsi must match.

  7. Configure any nas-ip-address match condition.
  8. Configure any user-name match condition.

    Use equals to specify a value the user-name must equal, use has-prefix to specify the prefix that the user-name must have, use has-suffix to specify the suffix that the user-name must have, or use matches to specify a regular expression the user-name must match.

Configuring Match Conditions for Custom AVP Attributes

To configure match conditions for up to five custom AVP attributes (other than the called-station-id, calling-station-id, class, framed-ip-address, framed-ipv6-prefix, 3gpp-imsi, nas-ip-address, or user-name) in the incoming RADIUS request from the subscriber:

  1. Configure an attribute name that is 1 through 50 characters in length.
  2. Configure any match condition for the custom attribute’s AVP code.
  3. Configure any match condition for the custom attribute’s vendor-id.
  4. Configure any match condition for custom attribute data in integer format.
  5. Configure any match condition for custom attribute data in string format.

    Use equals to specify a value the string must equal, use has-prefix to specify the prefix that the string must have, use has-suffix to specify the suffix that the string must have, or use matches to specify a regular expression the string must match.

  6. Configure any match condition for custom attribute data in time format.
  7. Configure any match condition for custom attribute data in IPv4 address format.
  8. Configure any match condition for custom attribute data in IPv6 address format.
  9. Configure any match condition for custom attribute data in IPv6 address prefix format.

Configuring the TDF Domain to Select

To specify the TDF domain to select when the from conditions in the term have been matched:

  • Specify the TDF domain name.

Configuring the PCEF Profile to Select

If a particular TDF domain does not specify a PCEF profile or you want different members of the same TDF domain to have different PCEF profiles, you must specify the PCEF profile under the [edit unified-edge gateways tdf gateway-name domain-selection] hierarchy level.

To specify the PCEF profile to select when the from conditions in the term have been matched, use one of the following methods:

  • Specify the PCEF profile name in the same term statement that specifies the TDF domain.
  • Specify the PCEF profile name in a different term statement.