Sample Dynamic-Profile Configuration for Parameterized Filters
In the following sample configuration, the my-svc-prof profile provides two different filters: my-filt-1gw and my-filt-2gw. These filters match on either one or two gateway
addresses and apply a policer for that traffic. The name of the filter
to apply, the gateway addresses, and the bandwidth for the policer
are passed into the service profile from the RADIUS service activation.
The uid-reference type supports selection of a particular UID generated
object out of multiple objects in the profile. The UID type indicates
that a variable is used for UID generation.
dynamic-profile {
[my-svc-prof] {
variable {
[my-in-filter] {
mandatory;
uid-reference;
}
gw1 {
mandatory;
}
gw2 {
mandatory;
}
bw {
mandatory;
}
my-filt-1gw {
uid;
}
my-filt-2gw {
uid;
}
[my-policer] {
uid;
}
}
interfaces {
[$junos-interface-ifd-name] {
unit [$junos-underlying-interface-unit] {
family inet {
filter {
input [$my-in-filter];
}
}
}
}
}
firewall {
policer [$my-policer] {
if-exceeding {
bandwidth-limit $bw;
burst-size-limit 15000;
}
then discard;
}
family inet {
filter [$my-filt-1gw] {
interface-specific;
term t0 {
from {
destination-address $gw1;
}
then {
policer [$my-policer];
}
}
term last {
then {
count drops;
discard;
}
}
}
filter [$my-file-2gw] {
interface-specific;
term t0 {
from {
destination-address {
$gw1;
$gw2;
}
}
then {
policer [$my-policer];
}
}
term last {
then {
count drops;
discard;
}
}
}
}
}
}
}