Creating a QoS Interface Hierarchy for Bulk-Configured VLAN Subinterfaces with RADIUS

Bulk-configured VLAN subinterfaces are created dynamically, so you cannot apply a QoS profile directly to a VLAN subinterface. Instead, you can use subscriber service profiles and RADIUS to apply QoS profiles.

To create an interface hierarchy for bulk-configured VLAN subinterfaces:

  1. Configure the bulk-configured VLAN subinterface.
    host1(config)#interface gigabitEthernet 6/0/0
    host1(config-if)#encapsulation vlan
    host1(config-if)#auto-configure vlan
    host1(config-if)#vlan bulk-config BulkConfig
    host1(config-if)#profile vlan bulk-config BulkConfig vlanBulkProfile
    host1(config-if)#vlan bulk-config BulkConfig vlan-range 1 3600
  2. Configure the profiles and service profile for the bulk-configured VLAN subinterfaces and the IP upper-layer encapsulation.
    host1(config-if)#profile vlanBulkProfile
    host1(config-profile)#vlan auto-configure ip
    host1(config-profile)#vlan profile ip ipProfile
    host1(config-profile)#vlan service-profile vlanServiceProfile
    host1(config-profile)#exit
    host1(config-profile)#profile ipProfile
    host1(config-profile)#ip unnumbered loopback 0
    host1(config-profile)#exit
  3. Configure an IP service profile.
    host1(config)#ip service-profile vlanServiceProfile
    host1(config-service-profile)#user-name "vlan@test"
    host1(config-service-profile)#password 56789
    host1(config-service-profile)#exit

    Tip: Configure the service profile in the default virtual router or the virtual router in which RADIUS is configured.

  4. Access the RADIUS server and assign values for the RADIUS attributes necessary for creating a QoS interface hierarchy, including the QoS profile name. For example:
    • Juniper VSA Qos-Profile-Name [26-26]—QoS profile name
    • (Optional) Juniper VSA Virtual-Router [26-1]—Virtual router name
    • (Optional) IETF VSA [22]—Framed-Route
  5. Verify that the attributes are being used by RADIUS.

    The highlighted output from this debug log message shows the QoS profile, virtual router, and framed route attributes configured through RADIUS.

    DEBUG 06/17/2007 14:50:19 radiusSendAttributes: ACCESS-REQUEST attributes (default)

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      username attr added: vlan@test
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      acct-session-id attr added: erx GigabitEthernet 2/1.100:100:0004194348
DE BUG 06/17/2007 14:50:19 radiusSendAttributes:      user-password attr added: <value withheld>
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      calling-station-id attr added: #ananke#E21#100
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-type attr added: 15
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port attr added: 553648228
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-id attr added: GigabitEthernet 2/1.100:100
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-ip-address attr added: 172.26.27.50
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-identifier attr added: ananke
DEBUG 06/17/2007 14:50:19 radiusAttributes: USER ATTRIBUTES: (vlan@test)
DEBUG 06/17/2007 14:50:19 radiusAttributes:      class attr: (binary data)
DEBUG 06/17/2007 14:50:19 radiusAttributes: total eap message attr length = 0
DEBUG  06/17/2007 14:50:19 radiusAttributes:      framed route attr: 40.40.41.0/30 0.0.0.0
DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy name (vsa) attr: test
DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy stats (vsa) attr: 1
DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy name (vsa) attr: test
DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy stats (vsa) attr: 1
DEBUG 06/17/2007 14:50:19 radiusAttributes:      qos profile name (vsa) attr: test
DEBUG 06/17/2007 14:50:19 radiusAttributes:      virtual router name (vsa) attr: server
  6. Verify that the interface was created in the default virtual router. 
    host1:server# show ip interface brief
Interface                   IP-Address        Status    Protocol    Description
-------------------- -------------------    ---------- ----------  -------------
null0                     255.255.255.255/32  up         up
loopback0                 10.1.0.1/24         up         up
GigabitEthernet6/0.100    Unnumbered          up         up
  7. Verify that the framed route is installed. 
    host1:server# show ip route
Prefix/Length      Type       Next Hop      Dst/Met          Interface
------------------ --------- --------------- ---------- -----------------------
10.1.0.0/24        Connect   10.1.0.1        0/0        loopback0
40.40.41.0/30      Access    0.0.0.0         3/2        GigabitEthernet6/0/0.100

    Tip: When you initially create the user record for dynamic IP interfaces using VSA [22], you might not know the next hop. In this case, specify the value 0.0.0.0 for the next hop. The E-series router then assigns the subinterface associated with the user as the next hop in the routing table.

  8. Verify that the correct QoS profile is attached to the VLAN subinterface. 
    host1:server#show qos interface-hierarchy interface gigabitEthernet 
6/0/0.100
attachment@ ip GigabitEthernet6/0/0.100:
                         t-class interface rule  traffic scheduler  queue
      qos profile         group    type    type   class   profile  profile
------------------------ ------- --------- ----- ------- --------- --------
test@GigabitEthernet6/0/0.100      vlan            node   default   default

Copyright © 2008, Juniper Networks, Inc. All rights reservedTrademark Notice.