Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Dynamically Applying Ascend-Data-Filter Policies to Subscriber Sessions

    Subscriber management enables you to use dynamic profiles to dynamically apply policies that are defined in Ascend-Data-Filters (RADIUS attribute 242) to subscriber sessions. The dynamic profiles include a Junos OS predefined variable that maps the rules and actions defined in the Ascend-Data-Filter to Junos OS features. The RADIUS administrator configures the Ascend-Data-Filter on the RADIUS server in a separate operation.

    Subscriber management dynamic profiles use the following Junos OS predefined variables to map family-specific Ascend-Data-Filter rules to Junos OS filter functionality:

    • $junos-adf-rule-v4—Used for IPv4 family inet.
    • $junos-adf-rule-v6—Used for IPv6 family inet6.

    To configure a dynamic profile to dynamically apply the policy defined by an Ascend-Data-Filter to a subscriber session:

    1. Specify the dynamic profile in which you want to include the Ascend-Data-Filter. Specify the interface, the logical unit number, and the family type.
      [edit] user@host# edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family
    2. Specify that you want to include an Ascend-Data-Filter in the dynamic profile.
      [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family] user@host# edit filter adf
    3. Specify the Junos OS predefined variable that maps the Ascend-Data-Filter actions to Junos OS filter functionality. Use the variable that corresponds to the specified family type.
      [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family filter adf] user@host# set rule ($junos-adf-rule-v4 | $junos-adf-rule-v6)

      Note: You can also statically configure the Ascend-Data-Filter in this step by entering the filter in hexadecimal format, rather than use a predefined variable. You might use a static filter for testing purposes.

    4. (Optional) Suppress error-reporting in the event the RADIUS reply messages do not include the Ascend-Data-Filter attribute.
      [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family filter adf] user@host# set not-mandatory
    5. (Optional) Enable the counter feature. The counter increments each time a packet matches the rule.
      [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family filter adf] user@host# set counter
    6. (Optional) Specify the input precedence used to establish the order in which filters on the interface are applied. A lower precedence value equals a higher precedence. The precedence relates to other dynamic filters configured on the same interface.
      [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family filter adf] user@host# set input-precedence precedence
    7. (Optional) Specify the output precedence used to establish the order in which filters on the interface are applied. A lower precedence value equals a higher precedence. The precedence relates to other dynamic filters configured on the same interface.
      [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family filter adf] user@host# set output-precedence precedence
     

    Related Documentation

     

    Published: 2013-02-11

    Previous Page Next Page