ON THIS PAGE
Configuring Assignment of TDF Subscriber Properties and Policy-Control Properties to IP-Based Subscribers
You must configure the criteria that Junos OS uses to select a TDF domain for an IP-based subscriber, which determines how the subscriber session is set up and how the subscriber traffic is treated. (The domain-selection process does not apply to IFL-based subscribers, who are automatically assigned to the TDF domain in which they are configured.) You configure a term to identify conditions that must be matched in the incoming RADIUS request in order to select a particular TDF domain.
You configure the selection of the policy-control properties by selecting a PCEF profile. The PCEF profile can be identified in the selected TDF domain, or you can independently configure the criteria for the selection of a PCEF profile.
Before you begin to configure TDF domain or PCEF profile selection, make sure that you have done the following:
Configured a TDF gateway.
Configured the TDF domains.
Configured the PCEF profiles.
Configured the RADIUS client.
To configure a term for TDF domain or PCEF profile selection, perform the following tasks and repeat this process for each term you want to configure:
Configuring the Term Name
To configure the name for the term that contains the from statements and the then statement:
- Configure a term name that is 1 through 50 characters
in length.[edit unified-edge gateways tdf gateway-name domain-selection]user@host# set term term-name
Configuring Match Conditions for the RADIUS Client
Before you begin to configure a match condition for a RADIUS client, you must ensure that you have configured the RADIUS client at the [edit access radius clients] hierarchy level, and specified it as the aaa-client at the [edit unified-edge gateways tdf gateway-name] hierarchy level.
To configure a match condition for the RADIUS client that sent the incoming RADIUS request:
- Specify the client.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from client client-name
Configuring Match Conditions for Snoop Segments
For RADIUS requests that were snooped, the domain-selection configuration can identify the snoop segment that matched the request.
To configure a match condition for the snoop segment:
- Specify the snoop segment.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from snoop-segment snoop-segment-name
Configuring Match Conditions for Predefined AVPs
To configure match conditions for the called-station-id, calling-station-id, class, framed-ip-address, framed-ipv6-prefix, 3gpp-imsi, nas-ip-address, or user-name AVP in the incoming RADIUS request from the subscriber:
- Configure any called-station-id match condition. [edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from called-station-id (equals | matches) value
Use equals to specify a value the called-station-id must equal or use matches to specify a regular expression the called-station-id must match.
- Configure any calling-station-id match condition. [edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from calling-station-id equals value
or
[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from calling-station-id matches valueUse equals to specify a value the calling-station-id must equal or use matches to specify a regular expression the calling-station-id must match.
- Configure any class match condition. [edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from class (equals | has-prefix | has-suffix | matches) value
Use equals to specify a value the class must equal, use has-prefix to specify the prefix that the class must have, use has-suffix to specify the suffix that the class must have, or use matches to specify a regular expression the class must match.
- Configure any framed-ip-address match condition.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from framed-ip-address equals value
- Configure any framed-ipv6-prefix match condition.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from framed-ipv6-prefix equals value
- Configure any 3gpp-imsi match condition.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from 3gpp-imsi (equals | has-prefix | has-suffix | matches) value
Use equals to specify a value the 3gpp-imsi must equal, use has-prefix to specify the prefix that the 3gpp-imsi must have, use has-suffix to specify the suffix that the 3gpp-imsi must have, or use matches to specify a regular expression the 3gpp-imsi must match.
- Configure any nas-ip-address match condition.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from nas-ip-address equals value
- Configure any user-name match condition. [edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from user-name (equals | has-prefix | has-suffix | matches) value
Use equals to specify a value the user-name must equal, use has-prefix to specify the prefix that the user-name must have, use has-suffix to specify the suffix that the user-name must have, or use matches to specify a regular expression the user-name must match.
Configuring Match Conditions for Custom AVP Attributes
To configure match conditions for up to five custom AVP attributes (other than the called-station-id, calling-station-id, class, framed-ip-address, framed-ipv6-prefix, 3gpp-imsi, nas-ip-address, or user-name) in the incoming RADIUS request from the subscriber:
- Configure an attribute name that is 1 through 50 characters
in length.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from attribute name
- Configure any match condition for the custom attribute’s
AVP code.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set code numeric-code
- Configure any match condition for the custom attribute’s
vendor-id.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set vendor-id vendor-id
- Configure any match condition for custom attribute data
in integer format.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set format integer (equals | greater-than | less-than) value
- Configure any match condition for custom attribute data
in string format.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set format string (equals | has-prefix | has-suffix | matches) value
Use equals to specify a value the string must equal, use has-prefix to specify the prefix that the string must have, use has-suffix to specify the suffix that the string must have, or use matches to specify a regular expression the string must match.
- Configure any match condition for custom attribute data
in time format.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set format time (equals | greater-than | less-than) value
- Configure any match condition for custom attribute data
in IPv4 address format.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set format v4address equals value
- Configure any match condition for custom attribute data
in IPv6 address format.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set format v6address equals value
- Configure any match condition for custom attribute data
in IPv6 address prefix format.[edit unified-edge gateways tdf gateway-name domain-selection term term-name from attribute name]user@host# set format v6prefix equals value
Configuring the TDF Domain to Select
To specify the TDF domain to select when the from conditions in the term have been matched:
- Specify the TDF domain name.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set then domain tdf-domain-name
Configuring the PCEF Profile to Select
If a particular TDF domain does not specify a PCEF profile or you want different members of the same TDF domain to have different PCEF profiles, you must specify the PCEF profile under the [edit unified-edge gateways tdf gateway-name domain-selection] hierarchy level.
To specify the PCEF profile to select when the from conditions in the term have been matched, use one of the following methods:
- Specify the PCEF profile name in the same term statement that specifies the TDF domain.[edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from {...}user@host# set then domain tdf-domain-nameuser@host# set then pcef-profile pcef-profile-name
- Specify the PCEF profile name in a different term statement. [edit unified-edge gateways tdf gateway-name domain-selection term term-name]user@host# set from {...}user@host# set then pcef-profile pcef-profile-name
Related Documentation
Understanding Selection of Properties for an IP-Based TDF Subscriber
Understanding Selection of Policy-Control Properties for an IP-based TDF Subscriber
Configuring a Set of IP-Based TDF Subscriber Properties with a TDF Domain
Configuring RADIUS Clients That Send Accounting Requests for IP-Based Subscribers