close
keyboard_arrow_left
Table of Contents
- play_arrow Subscriber Service Activation and Management
- play_arrow Subscriber Service Activation and Management
-
- play_arrow Configuring Dynamic Filters and Policers
- play_arrow Dynamic Firewall Filters Overview
- play_arrow Configuring Static Firewall Filters That Are Dynamically Applied
- play_arrow Streamlining Processing of Chains of Static Filters
- play_arrow Dynamically Attaching Static or Fast Update Filters to an Interface
- play_arrow Configuring Filters That Are Created Dynamically
- Parameterized Filters Overview
- Unique Identifiers for Firewall Variables
- Configuring Unique Identifiers for Parameterized Filters
- Sample Dynamic-Profile Configuration for Parameterized Filters
- Dynamic Profile After UID Substitutions for Parameterized Filters
- Multiple Parameterized Filters
- Parameterized Filter Processing Overview
- Parameterized Filters Configuration Considerations
- Guidelines for Creating and Applying Parameterized Filters for Subscriber Interfaces
- Parameterized Filter Match Conditions for IPv4 Traffic
- Parameterized Filter Match Conditions for IPv6 Traffic
- Parameterized Filter Nonterminating and Terminating Actions and Modifiers
- Firewall Filter Match Conditions for Protocol-Independent Traffic in Dynamic Service Profiles
- Firewall Filter Terminating and Nonterminating Actions for Protocol-Independent Traffic in Dynamic Service Profiles
- Interface-Shared Filters Overview
- Dynamically Attaching Filters Using RADIUS Variables
- Example: Implementing a Filter for Households That Use ACI-Based VLANs
- Example: Dynamic-Profile Parsing
- Example: Firewall Dynamic Profile
- Example: Configuring a Filter to Exclude DHCPv6 and ICMPv6 Control Traffic for LAC Subscriber
- play_arrow Using Ascend Data Filters to Implement Firewalls Based on RADIUS Attributes
- Ascend-Data-Filter Policies for Subscriber Management Overview
- Ascend-Data-Filter Attribute Fields
- Dynamically Applying Ascend-Data-Filter Policies to Subscriber Sessions
- Example: Configuring Dynamic Ascend-Data-Filter Support for Subscriber Access
- Example: Configuring Static Ascend-Data-Filter Support for Subscriber Access
- Verifying and Managing Dynamic Ascend-Data-Filter Policy Configuration
- play_arrow Configuring Fast Update Filters to Provide More Efficient Processing Over Classic Static Filters
- Fast Update Filters Overview
- Basic Fast Update Filter Syntax
- Configuring Fast Update Filters
- Example: Configuring Fast Update Filters for Subscriber Access
- Match Conditions and Actions in Fast Update Filters
- Configuring the Match Order for Fast Update Filters
- Fast Update Filter Match Conditions
- Fast Update Filter Actions and Action Modifiers
- Configuring Terms for Fast Update Filters
- Configuring Filters to Permit Expected Traffic
- Avoiding Conflicts When Terms Match
- Associating Fast Update Filters with Interfaces in a Dynamic Profile
- play_arrow Defending Against DoS and DDoS Attacks Using Unicast RPF and Fail Filters
- play_arrow Improving Scaling and Performance of Filters on Static Subscriber Interfaces
- play_arrow Configuring Dynamic Service Sets
- play_arrow Configuring Rate-Limiting Premium and Non-Premium Traffic on an Interface Using Hierarchical Policers
- play_arrow Monitoring and Managing Firewalls for Subscriber Access
-
- play_arrow Configuring Dynamic Multicast
- play_arrow Configuring Dynamic IGMP to Support IP Multicasting for Subscribers
- play_arrow Configuring Dynamic MLD to Enable Subscribers to Access Multicast Networks
-
- play_arrow Configuring Application-Aware Policy Control and Reporting
- play_arrow Configuring Application-Aware Policy Control
- Understanding Application-Aware Policy Control for Subscriber Management
- Understanding PCC Rules for Subscriber Management
- Configuring Application-Aware Policy Control for Subscriber Management
- Installing Services Packages for Subscriber Management Application-Aware Policy Management
- Configuring Service Data Flow Filters
- Configuring Policy and Charging Control Action Profiles for Subscriber Management
- Configuring Policy and Charging Control Rules
- Configuring a Policy and Charging Control Rulebase
- Configuring a Policy and Charging Enforcement Function Profile for Subscriber Management
- Identifying the Service Interface That Handles Subscriber Management Application-Aware Policy Control
- Configuring PCC Rule Activation in a Subscriber Management Dynamic Profile
- Enabling Direct PCC Rule Activation by a PCRF for Subscriber Management
- play_arrow Configuring Application Identification
- play_arrow Configuring Reporting for Application-Aware Data Sessions
- Logging and Reporting Function for Subscribers
- Log Dictionary for Template Types
- Configuring Logging and Reporting for Subscriber Management
- Installing Services Packages for Subscriber Management Logging and Reporting
- Configuring an LRF Profile for Subscribers
- Applying Logging and Reporting Configuration to a Subscriber Management Service Set
- Configuring the Activation of an LRF Rule by a PCC Rule
-
- play_arrow Configuring HTTP Redirect Services
- play_arrow Configuring Captive Portal Content Delivery Services for Redirected Subscribers
- HTTP Redirect Service Overview
- Remote HTTP Redirect Server Operation Flow
- Local HTTP Redirect Server Operation Flow (MX Series, ACX7100-48L, ACX7332 and ACX7348)
- Configuring MS-MPC-Based or MX-SPC3-Based Static HTTP Redirect Services
- Configuring MS-MPC-Based or MX-SPC3-Based Converged HTTP Redirect Services
- Configuring Routing Engine-Based, Static HTTP Redirect Services
- Configuring Routing Engine-Based, Converged HTTP Redirect Services
- Adding Subscriber Information to HTTP Redirect URLs
- How to Automatically Remove the HTTP Redirect Service After the Initial Redirect
- Example: Configuring HTTP Redirect Services Using a Next-Hop Method and Attaching It to a Static Interface
-
- play_arrow Configuring Subscriber Secure Policy
- play_arrow Configuring Subscriber Secure Policy Traffic Mirroring Overview
- play_arrow Configuring RADIUS-Initiated Subscriber Secure Policy Traffic Mirroring
- RADIUS-Initiated Subscriber Secure Policy Overview
- Subscriber Secure Policy Traffic Mirroring Architecture Using RADIUS
- RADIUS-Initiated Traffic Mirroring Interfaces
- RADIUS-Initiated Traffic Mirroring Process at Subscriber Login
- RADIUS-Initiated Traffic Mirroring Process for Logged-In Subscribers
- RADIUS Attributes Used for Subscriber Secure Policy
- Using the Packet Header to Track Subscribers on the Mediation Device
- Configuring RADIUS-Initiated Subscriber Secure Policy Mirroring Overview
- Guidelines for Configuring Subscriber Secure Policy Mirroring
- Configuring Support for Subscriber Secure Policy Mirroring
- Configuring RADIUS Server Support for Subscriber Secure Policy Mirroring
- Terminating RADIUS-Initiated Subscriber Traffic Mirroring
- play_arrow Configuring DTCP-Initiated Subscriber Secure Policy Traffic Mirroring
- DTCP-Initiated Subscriber Secure Policy Overview
- Subscriber Secure Policy Traffic Mirroring Architecture Using DTCP
- DTCP-Initiated Traffic Mirroring Interfaces
- DTCP-Initiated Traffic Mirroring Process
- DTCP Messages Used for Subscriber Secure Policy
- Packet Header for Mirrored Traffic Sent to Mediation Device
- Configuring DTCP-Initiated Subscriber Secure Policy Mirroring Overview
- Guidelines for Configuring Subscriber Secure Policy Mirroring
- Configuring Support for Subscriber Secure Policy Mirroring
- Configuring the Mediation Device as a User on the Router
- Configuring a DTCP-over-SSH Connection to the Mediation Device
- Configuring the Mediation Device to Provision Traffic Mirroring
- Disabling RADIUS-Initiated Subscriber Secure Policy Mirroring
- Example: Configuring Traffic That Is Mirrored Using DTCP-Initiated Subscriber Secure Policy
- Terminating DTCP-Initiated Subscriber Traffic Mirroring Sessions
- play_arrow Configuring DTCP Messages Used for DTCP-Initiated Subscriber Secure Policy Mirroring
- play_arrow Configuring Subscriber Secure Policy Support for IPv4 Multicast Traffic
- play_arrow Configuring Intercept-Related Information for Subscriber Secure Policy
-
- play_arrow Configuring Stateless, Rule-Based Services Using Application-Aware Access Lists
- play_arrow AACL Overview
- play_arrow Configuring AACL Rules
- play_arrow Example: Configuring AACL Rules
- play_arrow Example: Configuring AACL Rule Sets
- play_arrow Configuring Logging of AACL Flows
-
- play_arrow Remote Device and Service Management
- play_arrow Configuring Remote Device Services Management
- play_arrow Configuring TCP Port Forwarding for Remote Subscriber Services
- play_arrow Configuring IPFIX Mediation for Remote Device Monitoring
- play_arrow Collection and Export of Local Telemetry Data on the IPFIX Mediator
-
- play_arrow Troubleshooting
- play_arrow Contacting Juniper Networks Technical Support
- play_arrow Knowledge Base
-
- play_arrow Configuration Statements and Operational Commands
- [OBSOLETE] applications (Services AACL)
- [OBSOLETE] application-group-any
- [OBSOLETE] application-groups (Services AACL)
- [OBSOLETE] destination-address (Application Aware Access List)
- [OBSOLETE] destination-address-range
- [OBSOLETE] destination-prefix-list (Services AACL)
- [OBSOLETE] from
- [OBSOLETE] match-direction
- [OBSOLETE] nested-applications
- [OBSOLETE] rule
- [OBSOLETE] rule-set
- [OBSOLETE] source-address (AACL)
- [OBSOLETE] source-address-range
- [OBSOLETE] source-prefix-list
- [OBSOLETE] term
- [OBSOLETE] then (Application Aware Access List)
- Junos CLI Reference Overview
list Table of Contents
Example: Configuring Per-Unit Scheduling for Subscriber Access
date_range
06-Dec-23
In this example, a network administrator sets up a subscriber access configuration with per-unit scheduling.
The administrator configures the static VLAN interfaces and enables per-unit scheduling for the interfaces.
content_copy zoom_out_map[edit] interfaces { ge-1/1/0 { per-unit-scheduler; vlan-tagging; unit 100 { vlan-id 100; family inet { unnumbered-address lo0.0 preferred-source-address 192.0.2.100; } } unit 200 { vlan-id 200; family inet { unnumbered-address lo0.0 preferred-source-address 192.0.2.100; } } } ge-1/1/1 { per-unit-scheduler; vlan-tagging; unit 100 { vlan-id 100; family inet { unnumbered-address lo0.0 preferred-source-address 192.0.2.100; } } unit 200 { vlan-id 200; family inet { unnumbered-address lo0.0 preferred-source-address 192.0.2.100; } } } ge-1/0/1 { unit 0 { family inet { address 203.0.113.31/24; } } } ge-1/1/2 { description "wfce14 eth1 soso ge-1/1/2"; vlan-tagging; gigether-options { no-auto-negotiation; } unit 100 { vlan-id 100; family inet { address 203.0.113.121/24; } } } }The administrator configures static CoS parameters, including forwarding classes and classifiers, to be referenced in the dynamic profiles.
content_copy zoom_out_map[edit] class-of-service { classifiers { inet-precedence 8q-inet { forwarding-class be { loss-priority low code-points 000; } forwarding-class ef { loss-priority low code-points 001; } forwarding-class af { loss-priority low code-points 010; } forwarding-class nc { loss-priority low code-points 011; } forwarding-class voice { loss-priority low code-points 100; } forwarding-class video { loss-priority low code-points 101; } forwarding-class game { loss-priority low code-points 110; } forwarding-class data { loss-priority low code-points 111; } } inet-precedence 4q-inet { forwarding-class be { loss-priority low code-points [ 000 001 ]; } forwarding-class ef { loss-priority low code-points [ 010 011 ]; } forwarding-class af { loss-priority low code-points [ 100 101 ]; } forwarding-class nc { loss-priority low code-points [ 110 111 ]; } } inet-precedence 8q-drop-inet { forwarding-class be { loss-priority low code-points 000; } forwarding-class ef { loss-priority medium-low code-points 001; } forwarding-class af { loss-priority medium-high code-points 010; } forwarding-class nc { loss-priority high code-points 011; } forwarding-class voice { loss-priority low code-points 100; } forwarding-class video { loss-priority medium-low code-points 101; } forwarding-class game { loss-priority medium-high code-points 110; } forwarding-class data { loss-priority high code-points 111; } } inet-precedence 4q-drop-inet { forwarding-class be { loss-priority low code-points [ 000 001 ]; } forwarding-class ef { loss-priority medium-low code-points [ 010 011 ]; } forwarding-class af { loss-priority medium-high code-points [ 100 101 ]; } forwarding-class nc { loss-priority high code-points [ 110 111 ]; } } } drop-profiles { d0 { fill-level 25 drop-probability 100; fill-level 0 drop-probability 0; } d1 { fill-level 50 drop-probability 100; fill-level 0 drop-probability 0; } d2 { fill-level 75 drop-probability 100; fill-level 0 drop-probability 0; } d3 { fill-level 100 drop-probability 100; fill-level 0 drop-probability 0; } all { fill-level 0 drop-probability 0; fill-level 100 drop-probability 100; } } forwarding-classes { queue 0 be; queue 1 ef; queue 2 af; queue 3 nc; queue 4 voice; queue 5 video; queue 6 game; queue 7 data; } interfaces { ge-1/0/1 { unit 0 { classifiers { inet-precedence 8q-drop-low-high-inet; } } } } traceoptions { flag all; flag asynch; flag route-socket; } }The administrator configures the access and service dynamic profiles to receive CoS parameters for the subscriber interfaces through RADIUS.
content_copy zoom_out_map[edit] dynamic-profiles { subscriber { interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet; } } } class-of-service { traffic-control-profiles { zero { scheduler-map "$junos-cos-scheduler-map"; shaping-rate "$junos-cos-shaping-rate"; guaranteed-rate "$junos-cos-guaranteed-rate"; delay-buffer-rate "$junos-cos-delay-buffer-rate"; } } interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { output-traffic-control-profile zero; } } } scheduler-maps { be_smap { forwarding-class be scheduler be_sch; } all_smap { forwarding-class be scheduler be_sch; forwarding-class ef scheduler ef_sch; forwarding-class af scheduler af_sch; forwarding-class nc scheduler nc_sch; forwarding-class video scheduler video_sch; forwarding-class data scheduler data_sch; } be_ef_smap { forwarding-class be scheduler be_sch; forwarding-class ef scheduler ef_sch; } af_smap { forwarding-class af scheduler af_sch; } be_ef_af_nc_smap { forwarding-class be scheduler be_sch; forwarding-class ef scheduler ef_sch; forwarding-class af scheduler af_sch; forwarding-class nc scheduler nc_sch; } voice_video_game_data_smap { forwarding-class voice scheduler voice_sch; forwarding-class video scheduler video_sch; forwarding-class game scheduler game_sch; forwarding-class data scheduler data_sch; } } schedulers { "$junos-cos-scheduler" { transmit-rate percent "$junos-cos-scheduler-tx"; buffer-size percent "$junos-cos-scheduler-bs"; priority "$junos-cos-scheduler-pri"; drop-profile-map loss-priority low protocol any drop-profile "$junos-cos-scheduler-dropfile-low"; drop-profile-map loss-priority medium-low protocol any drop-profile "$junos-cos-scheduler-dropfile-medium-low"; drop-profile-map loss-priority medium-high protocol any drop-profile "$junos-cos-scheduler-dropfile-medium-high"; drop-profile-map loss-priority high protocol any drop-profile "$junos-cos-scheduler-dropfile-high"; } } } } service { variables { fc_1 default-value be; sch_1 default-value be_sch; sch-tx_1 default-value 20000000; sch-bs_1 default-value 10; sch-pri_1 default-value high; sch-drop-low_1 default-value d3; sch-drop-med-low_1 default-value d2; sch-drop-med-high_1 default-value d1; sch-drop-high_1 default-value d0; sch-drop-any_1 default-value d3; fc_2 default-value af; sch_2 default-value af_sch; sch-tx_2 default-value 10; sch-bs_2 default-value 10; sch-pri_2 default-value high; sch-drop-low_2 default-value d3; sch-drop-med-low_2 default-value d2; sch-drop-med-high_2 default-value d1; sch-drop-high_2 default-value d0; sch-drop-any_2 default-value d3; fc_3 default-value voice; sch_3 default-value voice_sch; sch-tx_3 default-value 20000000; sch-bs_3 default-value 10; sch-pri_3 default-value high; sch-drop-low_3 default-value d3; sch-drop-med-low_3 default-value d2; sch-drop-med-high_3 default-value d1; sch-drop-high_3 default-value d0; sch-drop-any_3 default-value d3; fc_4 default-value game; sch_4 default-value game_sch; sch-tx_4 default-value 10; sch-bs_4 default-value 10; sch-pri_4 default-value high; sch-drop-low_4 default-value d3; sch-drop-med-low_4 default-value d2; sch-drop-med-high_4 default-value d1; sch-drop-high_4 default-value d0; sch-drop-any_4 default-value d3; scheduler-map default-value all_smap; } class-of-service { scheduler-maps { "$scheduler-map" { forwarding-class "$fc_1" scheduler "$sch_1"; forwarding-class "$fc_2" scheduler "$sch_2"; forwarding-class "$fc_3" scheduler "$sch_3"; forwarding-class "$fc_4" scheduler "$sch_4"; } } schedulers { "$sch_1" { transmit-rate "$sch-tx_1"; buffer-size percent "$sch-bs_1"; priority "$sch-pri_1"; drop-profile-map loss-priority low protocol any drop-profile "$sch-drop-low_1"; drop-profile-map loss-priority medium-low protocol any drop-profile "$sch-drop-med-low_1"; drop-profile-map loss-priority medium-high protocol any drop-profile "$sch-drop-med-high_1"; drop-profile-map loss-priority high protocol any drop-profile "$sch-drop-high_1"; } "$sch_2" { transmit-rate percent "$sch-tx_2"; buffer-size percent "$sch-bs_2"; priority "$sch-pri_2"; drop-profile-map loss-priority low protocol any drop-profile "$sch-drop-low_2"; drop-profile-map loss-priority medium-low protocol any drop-profile "$sch-drop-med-low_2"; drop-profile-map loss-priority medium-high protocol any drop-profile "$sch-drop-med-high_2"; drop-profile-map loss-priority high protocol any drop-profile "$sch-drop-high_2"; } "$sch_3" { transmit-rate "$sch-tx_3"; buffer-size percent "$sch-bs_3"; priority "$sch-pri_3"; drop-profile-map loss-priority low protocol any drop-profile "$sch-drop-low_3"; drop-profile-map loss-priority medium-low protocol any drop-profile "$sch-drop-med-low_3"; drop-profile-map loss-priority medium-high protocol any drop-profile "$sch-drop-med-high_3"; drop-profile-map loss-priority high protocol any drop-profile "$sch-drop-high_3"; } "$sch_4" { transmit-rate percent "$sch-tx_4"; buffer-size percent "$sch-bs_4"; priority "$sch-pri_4"; drop-profile-map loss-priority low protocol any drop-profile "$sch-drop-low_4"; drop-profile-map loss-priority medium-low protocol any drop-profile "$sch-drop-med-low_4"; drop-profile-map loss-priority medium-high protocol any drop-profile "$sch-drop-med-high_4"; drop-profile-map loss-priority high protocol any drop-profile "$sch-drop-high_4"; } } } } service_2 { variables { fc_1 default-value be; sch_1 default-value be_sch; sch-tx_1 default-value 10; sch-bs_1 default-value 10; sch-pri_1 default-value high; sch-drop-low_1 default-value d3; sch-drop-med-low_1 default-value d2; sch-drop-med-high_1 default-value d1; sch-drop-high_1 default-value d0; sch-drop-any_1 default-value d3; scheduler-map default-value all_smap; } class-of-service { scheduler-maps { "$scheduler-map" { forwarding-class "$fc_1" scheduler "$sch_1"; } } schedulers { "$sch_1" { transmit-rate percent "$sch-tx_1"; buffer-size percent "$sch-bs_1"; priority "$sch-pri_1"; drop-profile-map loss-priority low protocol any drop-profile "$sch-drop-low_1"; drop-profile-map loss-priority medium-low protocol any drop-profile "$sch-drop-med-low_1"; drop-profile-map loss-priority medium-high protocol any drop-profile "$sch-drop-med-high_1"; drop-profile-map loss-priority high protocol any drop-profile "$sch-drop-high_1"; } } } } }The network administrator configures DHCP and RADIUS to grant access and services to the interfaces referenced by the
subscriberdynamic profile.content_copy zoom_out_map[edit] forwarding-options { dhcp-relay { traceoptions { file size 1g; flag all; } dynamic-profile subscriber aggregate-clients replace; server-group { subscriber-server { 203.0.113.2; } } active-server-group subscriber-server; group relay-0 { authentication { password $ABC123; username-include { user-prefix user0; mac-address; } } interface ge-1/1/0.100; interface ge-1/1/0.200; } } } radius-server { 198.51.100.11 secret "$ABC123$ABC123$ABC123"; ## SECRET-DATA } profile subscriber-profile { authentication-order radius; radius { authentication-server 198.51.100.11; accounting-server 198.51.100.11; } radius-server { 198.51.100.11 secret "$ABC123$ABC123"; ## SECRET-DATA } accounting { order radius; statistics time; } }
