Example: Subscriber Secure Policy Dynamic Profile
In this example, subscriber secure policy mirroring is configured for subscriber access using user-defined variables and Junos predefined variables. This example is for the flow-tap service configured on a router without a Tunnel Services PIC.
The user-defined variables equate to RADIUS settings as follows:
User-Defined Variable Name | Junos Variable | RADIUS VSA Name | RADIUS Attribute Number | Example RADIUS Setting |
|---|---|---|---|---|
ssp-intercept-id | $ssp-intercept-id | Interception Identifier | 26–59 | subscriber-bg–2350 |
ssp-destination-addr | $ssp-destination-addr | MD-IP-Address | 26–60 | 192.163.100.22 |
ssp-destination-port | $ssp-destination-port | MD-Port-Number | 26–61 | 2222 |
variables {var ssp-intercept-id;var ssp-destination-addr;var ssp-destination-port;}interfaces {<*> {unit <*> {family inet {filter {input ssp;output ssp;}}}}}firewall {family inet {filter ssp {term $ssp-id {from {# optional classifiers.}then {flowtap-destination-address $ssp-destination-addr;flowtap-destination-port $ssp-destination-port;flowtap;}}}}}
