JunosE 12.0.x Policy Management Configuration Guide 
Copyright and Trademark Information- Table of Contents
- List of Figures
- List of Tables
-
About the Documentation - Policy Management
- Managing Policies on the E Series Router
- Creating Classifier Control Lists for Policies
- Classifier Control Lists Overview
- Creating or Modifying Classifier Control Lists for ATM Policy
Lists
- Creating or Modifying Classifier Control Lists for Frame-Relay
Policy Lists
- Creating or Modifying Classifier Control Lists for GRE Tunnel
Policy Lists
- Creating or Modifying Classifier Control Lists for IP Policy
Lists
- Creating Classifier Control List for Only IP Policy Lists
- Setting Up an IP Classifier Control List to Accept Traffic
from All Sources
- Classifying IP Traffic Based on Source and Destination Addresses
- Using IP Classifier Control Lists to Match Route Class Values
- Creating IP Classifier Control Lists for TCP and UDP Ports
- Creating an IP Classifier Control List That Matches the ToS
Byte
- Creating an IP Classifier Control List That Filters ICMP Echo
Requests
- Creating IP Classifier Control Lists That Use TCP or IP Flags
- Creating IP Classifier Control Lists That Match the IP Fragmentation
Offset
- Creating or Modifying Classifier Control Lists for IPv6 Policy
Lists
- Creating or Modifying Classifier Control Lists for L2TP Policy
Lists
- Creating or Modifying Classifier Control Lists for MPLS Policy
Lists
- Creating or Modifying Classifier Control Lists for VLAN Policy
Lists
- Creating Policy Lists
- Creating Classifier Groups and Policy Rules
- Classifier Groups and Policy Rules Overview
- Policy Rule Precedence
- Using Policy Rules to Provide Routing Solutions
- Configuring Policies to Provide Network Security
- Creating an Exception Rule within a Policy Classifier Group
- Defining Policy Rules for Forwarding
- Assigning Values to the ATM CLP Bit
- Enabling ATM Cell Mode
- Enabling IP Options Filtering
- Packet Tagging Overview
- Creating Multiple Forwarding Solutions with IP Policy Lists
- Creating a Classifier Group for a Policy List
- Applying Policy Lists to Interfaces and Profiles Overview
- Using RADIUS to Create and Apply Policies Overview
- Examples: Using the Ascend-Data-Filter Attribute for IPv4 Subscribers
- Examples: Using the Ascend-Data-Filter Attribute for IPv6 Subscribers
- Creating Rate-Limit Profiles
- Rate Limits for Interfaces Overview
- Hierarchical Rate Limits Overview
- Hierarchical Classifier Groups
- Hierarchical Rate-Limit Profiles
- Hierarchical Rate-Limit Actions
- Example: Multiple Flows Sharing Preferred Bandwidth Rate-Limiting
Hierarchical Policy
- Example: Multiple Flows Sharing a Rate Limit Hierarchical Policy
- Example: Shared Pool of Additional Bandwidth with Select Flows
Rate-Limiting Hierarchical Policy
- Example: Aggregate Marking with Oversubscription Rate-Limiting
Hierarchical Policy
- Color-Aware Configuration for Rate-Limiting Hierarchical Policy
- Percent-Based Rates for Rate-Limit Profiles Overview
- Policy Parameter Quick Configuration
- Creating Rate-Limit Profiles
- One-Rate Rate-Limit Profiles Overview
- Creating a One-Rate Rate-Limit Profile
- Configuring a TCP-Friendly One-Rate Rate-Limit Profile
- Two-Rate Rate-Limits Overview
- Creating a Two-Rate Rate-Limit Profile
- Setting the Committed Action for a Rate-Limit Profile
- Setting the Committed Burst for a Rate-Limit Profile
- Setting the Committed Rate for a Rate-Limit Profile
- Setting the Conformed Action for a Rate-Limit Profile
- Setting the Exceeded Action for a Rate-Limit Profile
- Setting the Excess Burst for a Rate-Limit Profile
- Setting the Mask Value for MPLS Rate-Limit Profiles
- Setting the Mask Value for IP and IPv6 Rate-Limit Profiles
- Setting the Peak Burst for Two-Rate Rate-Limit Profiles
- Setting the Peak Rate for Rate-Limit Profiles
- Setting a One-Rate Rate-Limit Profile
- Setting a Two-Rate Rate-Limit-Profile
- Bandwidth Management Overview
- Rate-Limiting Traffic Flows
- Merging Policies
- Merging Policies Overview
- Resolving Policy Merge Conflicts
- Merged Policy Naming Conventions
- Reference Counting for Merged Policies
- Persistent Configuration Differences for Merged Policies Through
Service Manager
- Policy Attachment Sequence at Login Through Service Manager
- Policy Attachment Rules for Merged Policies
- Error Conditions for Merged Policies
- Merging Policies Configuration
- Parent Group Merge Algorithm
- Overlapping Classification for IP Input Policy
- Creating Hierarchical Policies for Interface Groups
- Hierarchical Policies for Interface Groups Overview
- External Parent Groups
- Example: Configuring Hierarchical Policy Parameters
- Hierarchical Aggregation Nodes
- RADIUS and Profile Configuration for Hierarchical Policies
- Applying a Profile to Interfaces with Service Manager
- Hierarchical Policy Configuration Considerations
- Example: Hierarchical Policy Quick Configuration
- Example: Configuring Hierarchical Policies
- Example: VLAN Rate Limit Hierarchical Policy for Interface
Groups Configuration
- Example: Wholesale L2TP Model Hierarchical Policy Configuration
- Example: Aggregate Rate Limit for All Nonvoice Traffic Hierarchical
Policy Configuration
- Example: Arbitrary Interface Groups Hierarchical Policy Configuration
- Example: Service and User Rate-Limit Hierarchy Overlap Hierarchical
Policy Configuration
- Example: Percentage-Based Hierarchical Rate-Limit Profile for
External Parent Group
- Example: PPP Interfaces Hierarchical Policy Configuration
- Policy Resources
- Policy Resources Overview
- FPGA Hardware Classifiers
- CAM Hardware Classifiers Overview
- Size Limit for IP and IPv6 CAM Hardware Classifiers
- Creating and Attaching a Policy with IP Classifiers
- Variable-Sized CAM Classification for IPv6 Policies Examples
- Performance Impact and Scalability Considerations
- Software Classifiers Overview
- Interface Attachment Resources Overview
- CAM Hardware Classifiers and Interface Attachment Resources
- Range Vector Hardware Classifiers and Interface Attachment
Resources
- Monitoring Policy Management
- Monitoring Policy Management Overview
- Setting a Statistics Baseline for Policies
- Monitoring the Policy Configuration of ATM Subinterfaces
- Monitoring Classifier Control Lists
- Monitoring Color-Mark Profiles
- Monitoring Control Plane Policer Information
- Monitoring the Policy Configuration of Frame Relay Subinterfaces
- Monitoring GRE Tunnel Information
- Monitoring Interfaces and Policy Lists
- Monitoring the Policy Configuration of IP Interfaces
- Monitoring the Policy Configuration of IPv6 Interfaces
- Monitoring the Policy Configuration of Layer 2 Services over
MPLS
- Monitoring External Parent Groups
- Monitoring Policy Lists
- Monitoring Policy List Parameters
- Monitoring Rate-Limit Profiles
- Monitoring the Policy Configuration of VLAN Subinterfaces
- Packet Flow Monitoring Overview
-
- Packet Mirroring
- Packet Mirroring Overview
- Configuring CLI-Based Packet Mirroring
- CLI-Based Packet Mirroring Overview
- Enabling and Securing CLI-Based Packet Mirroring
- Reloading a CLI-Based Packet-Mirroring Configuration
- Using TACACS+ and Vty Access Lists to Secure Packet Mirroring
- Using Vty Access Lists to Secure Packet Mirroring
- CLI-Based Packet Mirroring Sequence of Events
- Configuring CLI-Based Mirroring
- Configuring Triggers for CLI-Based Mirroring
- Configuring the Analyzer Device
- Configuring the E Series Router
- Example: Configuring CLI-Based Interface-Specific Mirroring
- Example: Configuring CLI-Based User-Specific Mirroring
- Configuring RADIUS-Based Mirroring
- RADIUS-Based Mirroring Overview
- RADIUS Attributes Used for Packet Mirroring
- RADIUS-Based Packet Mirroring Dynamically Created Secure Policies
- RADIUS-Based Packet Mirroring MLPPP Sessions
- RADIUS-Based Mirroring Sequence of Events
- Configuring Router to Start Mirroring When User Logs On
- Configuring Router to Mirror Users Already Logged In
- Managing Packet Mirroring
- Avoiding Conflicts Between Multiple Packet Mirroring Configurations
- Understanding the Prepended Header During a Packet Mirroring
Session
- Resolving and Tracking the Analyzer Device’s Address
- Using Multiple Triggers for CLI-Based Packet Mirroring
- Optimizing Packet Mirroring Performance
- Logging Packet Mirroring Information
- Using SNMP Secure Packet Mirroring Traps
- Configuring SNMP Secure Packet Mirroring Traps
- Capturing SNMP Secure Audit Logs
- Monitoring Packet Mirroring
- Monitoring Packet Mirroring Overview
- Monitoring CLI-Based Packet Mirroring
- Monitoring the Packet Mirroring Configuration of IP Interfaces
- Monitoring Failure Messages for Secure Policies
- Monitoring Packet Mirroring Triggers
- Monitoring Packet Mirroring Subscriber Information
- Monitoring RADIUS Dynamic-Request Server Information
- Monitoring Secure CLACL Configurations
- Monitoring Secure Policy Lists
- Monitoring Information for Secure Policies
- Monitoring SNMP Secure Packet Mirroring Traps
- Monitoring SNMP Secure Audit Logs
-
- Index
Symbols
A
- access level
- analyzer interfaces
- atm commands
- attachment of IPv6 policies
- audit logging, SNMP secure 1, 2
B
C
- CAM blocks
- CAM device block size
- CAM entries
- CAM hardware classifiers
- CAM resources
- classifier
- classifier control list
- classifier groups
- classifier-group commands
- color-aware configuration
- committed-action command
- committed-burst command
- conventions
- customer support
D
E
F
G
H
I
- interface mirroring
- IP auxiliary input policy 1, 2
- ip commands
- IP fragmentation
- IP options, filtering
- IP policies
- IPv4 classifier
- IPv6 classification
- IPv6 classifier, See IPv6 classification
- IPv6 policies
- IPv6 policy definition
M
N
O
- one-rate rate-limit profile
- overlapping classification 1, 2
P
- packet coloring, explicit
- packet flow monitoring
- packet mirroring
- access level
- analyzer device
- CLI-based 1, 2
- configuration conflicts
- configuring traps
- interface-specific
- ip analyzer interface
- mediation device
- multiple configurations
- RADIUS-based
- secure audit logging 1, 2
- secure local logs
- secure logging
- secure SNMP traps
- securing with TACACS+
- SNMP secure traps
- system resources
- terms
- trigger
- triggers for CLI-based
- user-specific
- packet tagging
- parent group merge algorithm
- peak-burst command
- peak-rate command
- percent-based rates
- platform considerations
- policies
- policy attachment rules
- policy list
- policy lists
- policy management
- applications
- bandwidth management
- baselining statistics
- classifier groups, creating
- classifier resources
- committed burst calculation 1, 2
- congestion management
- creating a one-rate rate-limit profile
- creating a two-rate rate-limit profile
- explicit packet coloring
- filtering fragmentation offsets
- filtering IP options
- matching IP flags in a CLACL
- matching IP fragmentation offset in a CLACL
- matching TCP flags in a CLACL
- merging policies
- modifying a one-rate rate-limit profile
- modifying a two-rate rate-limit profile
- monitoring packet flow 1, 2
- one-rate rate-limit profile
- overview
- packet logging
- packet mirroring
- packet tagging 1, 2, 3
- policy actions and rate-limit profiles
- policy routing
- policy rules, creating
- QoS classification and marking
- RADIUS support
- rate limiting traffic flows
- rate-limit profile actions
- rate-limit profile attributes
- rate-limit profile calculations
- rate-limit profile defaults 1, 2
- resources
- security
- policy management configuration tasks
- policy parameter
- policy rule commands
- policy rules
R
- rate limiting
- rate-limit hierarchies
- rate-limit profiles
- attributes
- burst size
- calculations
- configuration procedure
- creating 1, 2
- default values 1, 2
- modifying 1, 2
- percent-based rates
- policy actions
- rates
- rate-limit rule
- rate-limit-profile one-rate command
- rate-limit-profile two-rate command
- rate-limiting SRP traffic flows
- resolving merge conflicts
S
- secure audit logging for packet mirroring 1, 2
- secure policy-list command
- Service Manager
- show commands
- show color-mark-profile
- show control-plane policer
- show frame-relay subinterface
- show gre tunnel
- show interfaces
- show ipv6 interface
- show parent-group 1, 2, 3, 4, 5
- show policy-parameter
- show rate-limit-profile
- show secure classifier-list
- show vlan subinterfaces 1, 2
- show ip commands
- show ip interface 1, 2
- show ip mirror interface
- show mirror commands
- show mirror log 1, 2
- show mirror rules
- show mirror subscribers
- show radius commands
- show secure policy-list command
- show snmp commands
- single-rate rate limit profile
- SNMP (Simple Network Management Protocol)
- SNMP traps
- support, technical, See technical support
T
V
