Technical Documentation

Dynamically Attaching Filters Using RADIUS Variables

You can attach filters to static interfaces by using dynamic profiles. By specifying a variable for the input and output filters, the dynamic profile uses RADIUS VSA attributes for ingress and egress policy.

RADIUS VSA

Attribute Name

Variable

26–10

Ingress-Policy-Name

$junos-input-filter

26–11

Egress-Policy-Name

$junos-output-filter

26–106

IPv6-Ingress-Policy-Name

$junos-input-ipv6-filter

26–107

IPv6-Egress-Policy-Name

$junos-output-ipv6-filter

Before you can attach a filter using RADIUS.

  1. Create a basic dynamic profile.

    See Configuring a Basic Dynamic Profile.

  2. Ensure that RADIUS ingress and egress policies are configured appropriately.

    See Configuring RADIUS Server Parameters for Subscriber Access.

To dynamically attach IPv4 input and output filters using RADIUS:

  1. Specify the dynamic profile you want to attach, the interface, the logical unit number, and family inet.
    [edit] user@host# edit dynamic-profiles myProfile interface ge-1/1/1 unit 1 family inet
  2. Specify the IPv4 input filter variable in the dynamic profile.
    [edit dynamic-profiles myProfile interfaces ge-1/1/1 unit 1 family inet] user@host# set filter input $junos-input-filter
  3. Specify the IPv4 output filter variable in the dynamic profile.
    [edit dynamic-profiles myProfile interfaces ge-1/1/1 unit 1 family inet] user@host# set filter output $junos-output-filter

To dynamically attach IPv6 input and output filters using RADIUS:

  1. Specify the dynamic profile you want to attach, the interface, the logical unit number, and family inet .
    [edit] user@host# edit dynamic-profiles myProfile interface ge-1/1/1 unit 1 family inet6
  2. Specify the IPv6 input filter variable in the dynamic profile.
    [edit dynamic-profiles myProfile interfaces ge-1/1/1 unit 1 family inet6] user@host# set filter input $junos-input-ipv6-filter
  3. Specify the IPv6 output filter variable in the dynamic profile.
    [edit dynamic-profiles myProfile interfaces ge-1/1/1 unit 1 family inet6] user@host# set filter output $junos-output-ipv6-filter

Published: 2010-04-15