Technical Documentation

Download Software

Research a Problem

Case Management

Contract & Product Management

Documentation Archive

Guidelines and Policies

Security Resources

Creating a QoS Interface Hierarchy for Bulk-Configured VLAN Subinterfaces with RADIUS

Bulk-configured VLAN subinterfaces are created dynamically, so you cannot apply a QoS profile directly to a VLAN subinterface. Instead, you can use subscriber service profiles and RADIUS to apply QoS profiles.

To create an interface hierarchy for bulk-configured VLAN subinterfaces:

Configure the bulk-configured VLAN subinterface.
host1(config)#interface gigabitEthernet 6/0/0 host1(config-if)#encapsulation vlan host1(config-if)#auto-configure vlan host1(config-if)#vlan bulk-config BulkConfig host1(config-if)#profile vlan bulk-config BulkConfig vlanBulkProfile host1(config-if)#vlan bulk-config BulkConfig vlan-range 1 3600
Configure the profiles and service profile for the bulk-configured VLAN subinterfaces and the IP upper-layer encapsulation.
host1(config-if)#profile vlanBulkProfile host1(config-profile)#vlan auto-configure ip host1(config-profile)#vlan profile ip ipProfile host1(config-profile)#vlan service-profile vlanServiceProfile host1(config-profile)#exit host1(config-profile)#profile ipProfile host1(config-profile)#ip unnumbered loopback 0 host1(config-profile)#exit
Configure an IP service profile.
host1(config)#ip service-profile vlanServiceProfile host1(config-service-profile)#user-name "vlan@test" host1(config-service-profile)#password 56789 host1(config-service-profile)#exit
Tip: Configure the service profile in the default virtual router or the virtual router in which RADIUS is configured.
Access the RADIUS server and assign values for the RADIUS attributes necessary for creating a QoS interface hierarchy, including the QoS profile name. For example:
- Juniper VSA Qos-Profile-Name [26-26]—QoS profile name
- (Optional) Juniper VSA Virtual-Router [26-1]—Virtual router name
- (Optional) IETF VSA [22]—Framed-Route

Verify that the attributes are being used by RADIUS.

The highlighted output from this debug log message shows the QoS profile, virtual router, and framed route attributes configured through RADIUS.

DEBUG 06/17/2007 14:50:19 radiusSendAttributes: ACCESS-REQUEST attributes (default)

DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      username attr added: vlan@test
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      acct-session-id attr added: erx GigabitEthernet 2/1.100:100:0004194348
DE BUG 06/17/2007 14:50:19 radiusSendAttributes:      user-password attr added: <value withheld>
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      calling-station-id attr added: #ananke#E21#100
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-type attr added:15
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port attr added: 553648228
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-port-id attr added: GigabitEthernet 2/1.100:100
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-ip-address attr added: 172.26.27.50
DEBUG 06/17/2007 14:50:19 radiusSendAttributes:      nas-identifier attr added: ananke
DEBUG 06/17/2007 14:50:19 radiusAttributes: USER ATTRIBUTES: (vlan@test)
DEBUG 06/17/2007 14:50:19 radiusAttributes:      class attr: (binary data)
DEBUG 06/17/2007 14:50:19 radiusAttributes: total eap message attr length = 0
DEBUG  06/17/2007 14:50:19 radiusAttributes:      framed route attr: 40.40.41.0/30 0.0.0.0
DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy name (vsa) attr: test
DEBUG 06/17/2007 14:50:19 radiusAttributes:      ingress policy stats (vsa) attr: 1
DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy name (vsa) attr: test
DEBUG 06/17/2007 14:50:19 radiusAttributes:      egress policy stats (vsa) attr: 1
DEBUG 06/17/2007 14:50:19 radiusAttributes:      qos profile name (vsa) attr: test
DEBUG 06/17/2007 14:50:19 radiusAttributes:      virtual router name (vsa) attr: server

Verify that the interface was created in the default virtual router.

host1:server# show ip interface brief
Interface                   IP-Address        Status    Protocol    Description
-------------------- -------------------    ---------- ----------  -------------
null0                     255.255.255.255/32  up         up
loopback0                 10.1.0.1/24         up         up
GigabitEthernet6/0.100    Unnumbered          up         up

Verify that the framed route is installed.

host1:server# show ip route
Prefix/Length      Type       Next Hop      Dst/Met          Interface
------------------ --------- --------------- ---------- -----------------------
10.1.0.0/24        Connect   10.1.0.1        0/0        loopback0
40.40.41.0/30      Access    0.0.0.0         3/2        GigabitEthernet6/0/0.100

Tip: When you initially create the user record for dynamic IP interfaces using VSA [22], you might not know the next hop. In this case, specify the value 0.0.0.0 for the next hop. The E Series router then assigns the subinterface associated with the user as the next hop in the routing table.

Verify that the correct QoS profile is attached to the VLAN subinterface.

host1:server#show qos interface-hierarchy interface gigabitEthernet 
6/0/0.100
attachment@ ip GigabitEthernet6/0/0.100:
                         t-class interface rule  traffic scheduler  queue
      qos profile         group    type    type   class   profile  profile
------------------------ ------- --------- ----- ------- --------- --------
test@GigabitEthernet6/0/0.100      vlan            node   default   default

Choose Country

North America

Europe

Asia Pacific

Technical Documentation

Related Documentation

Creating a QoS Interface Hierarchy for Bulk-Configured VLAN Subinterfaces with RADIUS

Related Documentation

Published: 2011-03-21