Classifying Subscribers for IDP Integration

You configure additional entries in the subscriber classification script to support services for IDP integration.

To add entries to a subscriber classification script to support IDP integration:

1. Add an entry to host aggregate service on JUNOSe routers.
2. (Policy-based routing) Add an entry to host a core interface fragment service for policy-based routing traffic on a JUNOSe router.
3. (Mirroring) Add an entry to host a router fragment service for mirroring traffic on a JUNOS routing platform.

To view the sample subscriber classifications referenced in this section, see l=IDP, l=SAE, ou=staticConfiguration, ou=Configuration, o=Management, o=umc in the sample data.

Example: Router Subscriber Session to Host an Aggregate Service

For JUNOSe routers the subscriber classification script must assign a subscriber profile to the router interface. For example:

Example: Interface Subscriber Session to Policy-Route Traffic to IDP

For JUNOSe routers the subscriber classification script must also assign a shared subscriber profile and a login name to a subscriber session when a core interface service is activated. The following example assigns a login name and IP address for the subscriber session to an interface that has core specified as the ifAlias (as configured on the JUNOSe router).

The login name specified in this classification must be the same as the value set in the subscriber reference expression for the core interface fragment service in the aggregate service. The interface alias must be the same as the one specified in the interface classification script.

Example: Router Subscriber Session to Mirror Traffic to IDP

For JUNOS routing platforms, the subscriber classification script must assign subscriber profiles for the forwarding interface. For example:

For general information about classifying subscribers, see Overview of Classification Scripts .

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.