Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring HTTP Redirect Services Using a Next-Hop Method and Attaching It to a Static Interface

This example shows how to configure HTTP redirect services using a next-hop method and attaching it to a static interface.

Requirements

This example uses the following hardware and software components:

  • MX240, MX480, or MX960 Universal Routing Platform with a Multiservices Modular PIC Concentrator (MS-MPC) and Multiservices Modular Interfaces Card (MS-MIC) installed.

  • Junos OS Release 15.1 or later.

Before you begin:

  • Configure the connection between the redirect server and the MX Series router.

  • Define the source address (203.0.113.0/24 is used in this example).

  • Define one or more interfaces used for subscriber traffic.

Overview

HTTP redirect and rewrite services are supported for both IPv4 and IPv6. You can attach an HTTP redirect service or service set to either a static or dynamic interface. For dynamic subscriber management, you can attach HTTP services or service sets dynamically at subscriber login or by using a change of authorization (CoA). Using a next-hop method, you can configure HTTP redirect services and attach it to a static interface.

Configuration

To configure HTTP redirect services using a next-hop method and attach it to a static interface, perform these tasks:

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, and then copy and paste the commands into the CLI.

Configuring the CPCD Services and Attaching Service Set to Static Interface

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

  1. Configure the HTTP redirect service by specifying the location to which a subscriber's initial Web browser session is redirected, enabling initial provisioning and service selection for the subscriber.

  2. Configure the service filter as a walled garden by defining the rule the router references when applying this HTTP service.

  3. Specify that the rule matches traffic coming in on the interface.

  4. Create the term match and action properties for the CPCD rule for the HTTP service.

  5. Create the CPCD profile for the IP destination address to redirect the HTTP service.

  6. Specify the CPCD rule for the HTTP service.

  7. Create the service set for the CPCD services.

  8. Specify the CPCD profile for the service set.

  9. Specify the interface name for the next-hop service for an inside and outside service interfaces and attach them to static interfaces.

Results

From configuration mode, confirm your configuration by entering the show services command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring the Package and Installation for CPCD

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

  1. Configure Junos OS to support the service package on a service interface on an MX Series 5G Universal Routing Platform with MS-MPCs/MS-MICs.

  2. Configure the CPCD service package to run on the PIC. When the extension-provider statement is first configured, the PIC reboots.

  3. Enable PIC system logging to record or view system log messages on the PIC but do not include daemon, external, kernel, or Packet Forwarding Engine processes.

Results

From configuration mode, confirm your configuration by entering the show chassis command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring the Static Interface, HTTP Redirect Filters, and Interface Service Options

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

  1. Configure a Gigabit interface with a logical interface on which traffic arrives before it is redirected.

  2. Assign a description and VLAN ID to the logical interface.

  3. Configure the IPv4 family for the interface.

  4. Configure an input filter to evaluate when packets are received and redirected on the interface.

  5. Configure an address for the input filter.

  6. Configure service options to be applied on the Multiservices interface.

    Note:

    The values configured for the service options are shown for example only. You must configure and provision appropriate values as per the requirement.

  7. Specify the open and close timeout periods in seconds for Transmission Control Protocol (TCP) session establishment.

  8. Specify the inactivity timeout periods in seconds for established TCP and non-TCP sessions.

  9. Specify the session lifetime in seconds globally for the Multiservices interface.

  10. Specify the maximum number of keep-alive messages sent before a TCP session is allowed to time out.

  11. Configure a logical interface on the Multiservices interface.

  12. Configure the service domain to specify that the logical interface is used within the network.

  13. Configure the IPv4 address family on the logical interface.

  14. Configure a second logical interface on the Multiservices interface.

  15. Configure the service domain to specify that the logical interface is used outside the network.

  16. Configure an output filter to redirect CPCD packets from the logical interface.

  17. Configure the IPv4 address family on the logical interface.

Results

From configuration mode, confirm your configuration by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring the Additional Routing Instance and Assigning Its Next-Hop Static Interfaces

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

  1. Configure a routing instance.

  2. Configure a virtual router routing instance.

  3. Configure the two previously defined multiservices interfaces for the routing instance.

  4. Configure static routing options.

  5. Assign the next-hop static interfaces to the routes and routing instance.

Results

From configuration mode, confirm your configuration by entering the show routing-instances command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring the Interface-Specific Filters to Direct HTTP Traffic

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

  1. Create a family for the service filter under the [edit firewall] hierarchy.

  2. Create an interface-specific filter to redirect output traffic for CPCD.

  3. Specify that this is an interface-specific filter.

  4. Create a filter term for the interface-specific filter for the walled garden.

  5. Specify both the action to count default traffic and the default routing instance.

  6. Create a filter to redirect HTTP input traffic.

  7. Specify that this is an interface-specific filter.

  8. Create a filter term for the interface-specific filter for the walled garden.

  9. Specify the list of accepted prefixes as a match conditions for the walled garden’s filter.

  10. Specify the action to take for all the matching HTTP traffic.

  11. Create a second filter term for the walled garden’s filter.

  12. Specify the protocol and destination port as match conditions for the walled garden’s filter.

  13. Specify the action to take for matching HTTP traffic destined to flow outside of the walled garden.

Results

From configuration mode, confirm your configuration by entering the show firewall command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring the Policy Option and Statement to Use a Private Blocks Prefix List

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

  1. Create a policy option and statement to use a private blocks prefix list under the [edit policy-options] hierarchy.

  2. Configure the source address for the private blocks prefix list.

Results

From configuration mode, confirm your configuration by entering the show policy-options command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that HTTP redirect services has been configured correctly within a service set, perform these tasks:

Verifying the Configured Service Set for CPCD Services

Purpose

Display the configured CPCD service set.

Action

From operational mode, enter the show services captive-portal-content-delivery service-set http-redirect-sset detail command.

Meaning

The output lists the service set configured for CPCD services.

Verifying Details for a Configured HTTP Service Rule for a Walled Garden

Purpose

Display details for a specific configured HTTP service rule for a walled garden.

Action

From operational mode, enter the show services captive-portal-content-delivery rule redirect term REDIRECT command.

Meaning

The output lists rule and term details for a specific HTTP service rule configured for the walled garden.