Creating a QoS Interface Hierarchy for Bulk-Configured VLAN Subinterfaces with RADIUS

Bulk-configured VLAN subinterfaces are created dynamically, so you cannot apply a QoS profile directly to a VLAN subinterface. Instead, you can use subscriber service profiles and RADIUS to apply QoS profiles.

To create an interface hierarchy for bulk-configured VLAN subinterfaces:

  1. Configure the bulk-configured VLAN subinterface.
    host1(config)#interface gigabitEthernet 6/0/0 host1(config-if)#encapsulation vlan host1(config-if)#auto-configure vlan host1(config-if)#vlan bulk-config BulkConfig host1(config-if)#profile vlan bulk-config BulkConfig vlanBulkProfile host1(config-if)#vlan bulk-config BulkConfig vlan-range 1 3600
  2. Configure the profiles and service profile for the bulk-configured VLAN subinterfaces and the IP upper-layer encapsulation.
    host1(config-if)#profile vlanBulkProfile host1(config-profile)#vlan auto-configure ip host1(config-profile)#vlan profile ip ipProfile host1(config-profile)#vlan service-profile vlanServiceProfile host1(config-profile)#exit host1(config-profile)#profile ipProfile host1(config-profile)#ip unnumbered loopback 0 host1(config-profile)#exit
  3. Configure an IP service profile.
    host1(config)#ip service-profile vlanServiceProfile host1(config-service-profile)#user-name "vlan@test" host1(config-service-profile)#password 56789 host1(config-service-profile)#exit

    Tip: Configure the service profile in the default virtual router or the virtual router in which RADIUS is configured.

  4. Access the RADIUS server and assign values for the RADIUS attributes necessary for creating a QoS interface hierarchy, including the QoS profile name. For example:
    • Juniper VSA Qos-Profile-Name [26-26]—QoS profile name
    • (Optional) Juniper VSA Virtual-Router [26-1]—Virtual router name
    • (Optional) IETF VSA [22]—Framed-Route
  5. Verify that the attributes are being used by RADIUS.

    The highlighted output from this debug log message shows the QoS profile, virtual router, and framed route attributes configured through RADIUS.

    DEBUG 06/17/2007 14:50:19 radiusSendAttributes: ACCESS-REQUEST attributes (default)
    
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      username attr added: vlan@test
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      acct-session-id attr added: erx GigabitEthernet 2/1.100:100:0004194348
    DE BUG 06/17/2007 14:50:19 radiusSendAttributes:      user-password attr added: <value withheld>
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      calling-station-id attr added: #ananke#E21#100
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-type attr added:15
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port attr added: 553648228
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-id attr added: GigabitEthernet 2/1.100:100
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-ip-address attr added: 172.26.27.50
    DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-identifier attr added: ananke
    DEBUG 06/17/2007 14:50:19 radiusAttributes: USER ATTRIBUTES: (vlan@test)
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      class attr: (binary data)
    DEBUG 06/17/2007 14:50:19 radiusAttributes: total eap message attr length = 0
    DEBUG  06/17/2007 14:50:19 radiusAttributes:      framed route attr: 40.40.41.0/30 0.0.0.0
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy name (vsa) attr: test
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy stats (vsa) attr: 1
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy name (vsa) attr: test
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy stats (vsa) attr: 1
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      qos profile name (vsa) attr: test
    DEBUG 06/17/2007 14:50:19 radiusAttributes:      virtual router name (vsa) attr: server
    
  6. Verify that the interface was created in the default virtual router.
    host1:server# show ip interface brief
    Interface                   IP-Address        Status    Protocol    Description
    -------------------- -------------------    ---------- ----------  -------------
    null0                     255.255.255.255/32  up         up
    loopback0                 10.1.0.1/24         up         up
    GigabitEthernet6/0.100    Unnumbered          up         up 
    
  7. Verify that the framed route is installed.
    host1:server# show ip route
    Prefix/Length      Type       Next Hop      Dst/Met          Interface
    ------------------ --------- --------------- ---------- -----------------------
    10.1.0.0/24        Connect   10.1.0.1        0/0        loopback0
    40.40.41.0/30      Access    0.0.0.0         3/2        GigabitEthernet6/0/0.100
    

    Tip: When you initially create the user record for dynamic IP interfaces using VSA [22], you might not know the next hop. In this case, specify the value 0.0.0.0 for the next hop. The E Series router then assigns the subinterface associated with the user as the next hop in the routing table.

  8. Verify that the correct QoS profile is attached to the VLAN subinterface.
    host1:server#show qos interface-hierarchy interface gigabitEthernet 
    6/0/0.100
    attachment@ ip GigabitEthernet6/0/0.100:
                             t-class interface rule  traffic scheduler  queue
          qos profile         group    type    type   class   profile  profile
    ------------------------ ------- --------- ----- ------- --------- --------
    test@GigabitEthernet6/0/0.100      vlan            node   default   default 
    

Related Documentation