Supported Platforms
Related Documentation
- MX Series
- Dynamically Attaching Statically Created Filters for a Specific Interface Family Type
- Dynamically Attaching Filters Using RADIUS Variables
- Additional Information
- For information about firewall filters, see the Junos OS Firewall Filters and Traffic Policers Library for Routing Devices
Example: Interface-Shared Filter Configuration
Before you can attach an interface-shared filter using a dynamic profile.
- Create a basic dynamic profile.
To configure an interface-shared filter using a dynamic profile that is used to implement agent-circuit-identifier VLAN household filtering:
- Access the dynamic profile you want to use.[edit]user@host# edit dynamic-profiles profile-name
- Specify the interfaces.[edit dynamic-profiles profile-name]user@host# edit interfaces interface-name
- Specify the unit.[edit dynamic-profiles profile-name interfaces interface-name]user@host# edit unit $junos-interface-unit
- Specify the family.[edit dynamic-profiles profile-name interfaces interface-name unit “$junos-interface-unit”]user@host# edit family family-name
- Specify the input filter and the filter terms for the
interface unit.[edit dynamic-profiles profile-name interfaces interface-name unit “$junos-interface-unit” family family-name]user@host# edit input $junos-input-filter shared-name $junos-interface-set-name precedence precedence-number
- Specify the output filter and the filter terms for the
interface unit.[edit dynamic-profiles profile-name interfacesinterface-name unit “$junos-interface-unit” family family-name]user@host# edit input $junos-output-filter shared-name $junos-interface-set-name precedence precedence-number
- Specify that you want to configure a firewall, and specify
the family.[edit dynamic-profiles profile-name]user@host# edit firewall family family-name
- Specify the filter. [edit dynamic-profiles profile-name firewall family family-nameuser@host# edit filter filter-name
- Specify the interface-shared filter. [edit dynamic-profiles profile-name firewall family family-name filter filter-name]user@host# set interface-shared
In the following example using an interface-shared filter, you configure a dynamic profile that is used to implement agent-circuit-identifier VLAN household filtering. If $junos-input-filter is FILTER1 and $junos-interface-set-name is ACI1, then a filter with the name FILTER1-ACI1-in is created and attached to the demux0 unit. When a subsequent login from the same household occurs, it is in the same VLAN. If $junos-input-filter is also FILTER1, the next demux0 interface also has the FILTER1-ACI1-in filter attached. A low value precedence was used with the interface-shared filter. If you want to have the interface-shared filter applied first, then you must give a higher precedence to any other filters that are attached to the same interfaces.
Related Documentation
- MX Series
- Dynamically Attaching Statically Created Filters for a Specific Interface Family Type
- Dynamically Attaching Filters Using RADIUS Variables
- Additional Information
- For information about firewall filters, see the Junos OS Firewall Filters and Traffic Policers Library for Routing Devices
Published: 2013-07-31
Supported Platforms
Related Documentation
- MX Series
- Dynamically Attaching Statically Created Filters for a Specific Interface Family Type
- Dynamically Attaching Filters Using RADIUS Variables
- Additional Information
- For information about firewall filters, see the Junos OS Firewall Filters and Traffic Policers Library for Routing Devices
