Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Implementing a Filter for Households That Use ACI-Based VLANs

In the following example using an interface-shared filter, you configure a dynamic profile that is used to implement agent-circuit-identifier VLAN household filtering. If $junos-input-filter is FILTER1 and $junos-interface-set-name is ACI1, then a filter with the name FILTER1-ACI1-in is created and attached to the demux0 unit. When a subsequent login from the same household occurs, it is in the same VLAN. If $junos-input-filter is also FILTER1, the next demux0 interface also has the FILTER1-ACI1-in filter attached. A low value precedence was used with the interface-shared filter. If you want to have the interface-shared filter applied first, give a higher precedence to any other filters that are attached to the same interfaces.

Filter with interface-set match cannot be used on dynamic interface—dynamic interface-set match is not supported. The shared-name of an interface-shared filter can now be populated from the $junos-svlan-interface-set-name variable. This means interface-shared filter can also be attached to dynamic SVLAN interface-set, before which the shared-name could only be taken from the $junos-interface-set-name variable.

To configure an interface-shared filter using a dynamic profile that is used to implement agent-circuit-identifier VLAN household filtering:

  1. Access the dynamic profile you want to use.
  2. Specify the interfaces and the unit.
  3. Specify the family.
  4. Specify the input filter and the filter terms for the interface unit.
  5. Specify the output filter and the filter terms for the interface unit.
  6. Specify that you want to configure a firewall, and specify the family.
  7. Specify the filter.
  8. Specify that the filter is an interface-shared filter.

Related Documentation