[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Quality of Service Configuration Guide > Configuring QoS for Gigabit Ethernet Interfaces and VLAN Subinterfaces > Creating a QoS Interface Hierarchy for Bulk-Configured VLAN Subinterfaces with RADIUS

Creating a QoS Interface Hierarchy for Bulk-Configured VLAN Subinterfaces with RADIUS

Bulk-configured VLAN subinterfaces are created dynamically, so you cannot apply a QoS profile directly to a VLAN subinterface. Instead, you can use subscriber service profiles and RADIUS to apply QoS profiles.

To create an interface hierarchy for bulk-configured VLAN subinterfaces:

  1. Configure the bulk-configured VLAN subinterface.
    2. host1(config)#interface gigabitEthernet 6/0/0

    host1(config-if)#encapsulation vlan

    host1(config-if)#auto-configure vlan

    host1(config-if)#vlan bulk-config BulkConfig

    host1(config-if)#profile vlan bulk-config BulkConfig vlanBulkProfile

    host1(config-if)#vlan bulk-config BulkConfig vlan-range 1 3600
  2. Configure the profiles and service profile for the bulk-configured VLAN subinterfaces and the IP upper-layer encapsulation.
    3. host1(config-if)#profile vlanBulkProfile

    host1(config-profile)#vlan auto-configure ip

    host1(config-profile)#vlan profile ip ipProfile

    host1(config-profile)#vlan service-profile vlanServiceProfile

    host1(config-profile)#exit

    host1(config-profile)#profile ipProfile

    host1(config-profile)#ip unnumbered loopback 0

    host1(config-profile)#exit
  3. Configure an IP service profile. 
    4. host1(config)#ip service-profile vlanServiceProfile

    host1(config-service-profile)#user-name "vlan@test"

    host1(config-service-profile)#password 56789

    host1(config-service-profile)#exit

    

    

     
    
    		

     TIP: Configure the service profile in the default virtual router or the virtual router in which RADIUS is configured.
  4. Access the RADIUS server and assign values for the RADIUS attributes necessary for creating a QoS interface hierarchy, including the QoS profile name. For example:
  1. Verify that the attributes are being used by RADIUS.

The highlighted output from this debug log message shows the QoS profile, virtual router, and framed route attributes configured through RADIUS.

DEBUG 06/17/2007 14:50:19 radiusSendAttributes: ACCESS-REQUEST attributes (default)

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      username attr added: vlan@test

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      acct-session-id attr added: erx GigabitEthernet 
2/1.100:100:0004194348

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      user-password attr added: <value withheld>

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      calling-station-id attr added: #ananke#E21#100

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-type attr added: 15

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port attr added: 553648228

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-id attr added: GigabitEthernet 
2/1.100:100

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-ip-address attr added: 172.26.27.50

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-identifier attr added: ananke

DEBUG 06/17/2007 14:50:19 radiusAttributes: USER ATTRIBUTES: (vlan@test)

DEBUG 06/17/2007 14:50:19 radiusAttributes:      class attr: (binary data)

DEBUG 06/17/2007 14:50:19 radiusAttributes: total eap message attr length = 0

DEBUG 06/17/2007 14:50:19 radiusAttributes:      framed route attr: 40.40.41.0/30 0.0.0.0

DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy name (vsa) attr: test

DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy stats (vsa) attr: 1

DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy name (vsa) attr: test

DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy stats (vsa) attr: 1

DEBUG 06/17/2007 14:50:19 radiusAttributes:      qos profile name (vsa) attr: test

DEBUG 06/17/2007 14:50:19 radiusAttributes:      virtual router name (vsa) attr: server
  1. Verify that the interface was created in the default virtual router. 
host1:server#show ip interface brief

Interface                   IP-Address        Status    Protocol    Description

-------------------- -------------------    ---------- ----------  -------------

null0                     255.255.255.255/32  up         up

loopback0                 10.1.0.1/24         up         up

GigabitEthernet6/0.100    Unnumbered          up         up
  1. Verify that the framed route is installed. 
host1:server#show ip route



Prefix/Length      Type       Next Hop      Dst/Met          Interface

------------------ --------- --------------- ---------- -----------------------

10.1.0.0/24        Connect   10.1.0.1        0/0        loopback0

40.40.41.0/30      Access    0.0.0.0         3/2        GigabitEthernet6/0/0.100







 



 TIP: When you initially create the user record for dynamic IP interfaces using VSA [22], you might not know the next hop. In this case, specify the value 0.0.0.0 for the next hop. The E-series router then assigns the subinterface associated with the user as the next hop in the routing table.
  1. Verify that the correct QoS profile is attached to the VLAN subinterface. 
    2. host1:server#show qos interface-hierarchy interface gigabitEthernet 
6/0/0.100

    attachment@ ip GigabitEthernet6/0/0.100:

                             t-class interface rule  traffic scheduler  queue

          qos profile         group    type    type   class   profile  profile

    ------------------------ ------- --------- ----- ------- --------- --------

    test@GigabitEthernet6/0/0.100      vlan            node   default   default

Related Topics

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]