Routing

COA Juniper MX - Firewall filter can not run on dynamic profiles

  • 1.  COA Juniper MX - Firewall filter can not run on dynamic profiles

    Posted 01-28-2021 05:59
    Hello everyone,

    I just did BNG configuration in Juniper MX and subscribers have successfully connected and authenticated to radius server.
    And I want to config COA for limit bandwidth for the subscribers using juniper attributes from radius server.
    My config as below :

    firewall {
        family inet {
            filter down4m {
                interface-specific;
                term limit {
                    then policer policer-down4m;
                }
                term permit {
                    then accept;
                }
            }
        }
        policer policer-down4m {
            if-exceeding {
                bandwidth-limit 4m;
                burst-size-limit 200k;
            }
            then discard;
        }
    }​
    dynamic-profiles {
        PPP-SUBSCRIBER-PROFILE {
            interfaces {
                pp0 {
                    unit "$junos-interface-unit" {
                        ppp-options {
                            chap;
                            pap;
                        }
                        pppoe-options {
                            underlying-interface "$junos-underlying-interface";
                            server;
                        }
                        family inet {
                            tcp-mss 1452;
                            filter {
                                input "$junos-input-filter";
                                output "$junos-output-filter";
                            }
                            unnumbered-address lo0.0;
                        }
                    }
                }
            }
        }
        VLAN-PROFILE {
            interfaces {
                demux0 {
                    unit "$junos-interface-unit" {
                        demux-source inet;
                        no-traps;
                        proxy-arp;
                        vlan-id "$junos-vlan-id";
                        demux-options {
                            underlying-interface "$junos-interface-ifd-name";
                        }
                        family pppoe {
                            access-concentrator PPPOE-SERVER;
                            duplicate-protection;
                            dynamic-profile PPP-SUBSCRIBER-PROFILE;
                        }
                    }
                }
            }
        }
    }
    


    Radius Attributes :
    ERX-Egress-Policy-Name = down4m

    The problem is the firewall filters can not run and the bandwidth still loss.
    Could everyone help me to solve this problem ?
    Thanks.




    ------------------------------
    sdw
    ------------------------------