Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

COA Juniper MX - Firewall filter can not run on dynamic profiles

  • 1.  COA Juniper MX - Firewall filter can not run on dynamic profiles

    Posted 01-28-2021 05:59
    Hello everyone,

    I just did BNG configuration in Juniper MX and subscribers have successfully connected and authenticated to radius server.
    And I want to config COA for limit bandwidth for the subscribers using juniper attributes from radius server.
    My config as below :

    firewall {
        family inet {
            filter down4m {
                interface-specific;
                term limit {
                    then policer policer-down4m;
                }
                term permit {
                    then accept;
                }
            }
        }
        policer policer-down4m {
            if-exceeding {
                bandwidth-limit 4m;
                burst-size-limit 200k;
            }
            then discard;
        }
    }​
    dynamic-profiles {
        PPP-SUBSCRIBER-PROFILE {
            interfaces {
                pp0 {
                    unit "$junos-interface-unit" {
                        ppp-options {
                            chap;
                            pap;
                        }
                        pppoe-options {
                            underlying-interface "$junos-underlying-interface";
                            server;
                        }
                        family inet {
                            tcp-mss 1452;
                            filter {
                                input "$junos-input-filter";
                                output "$junos-output-filter";
                            }
                            unnumbered-address lo0.0;
                        }
                    }
                }
            }
        }
        VLAN-PROFILE {
            interfaces {
                demux0 {
                    unit "$junos-interface-unit" {
                        demux-source inet;
                        no-traps;
                        proxy-arp;
                        vlan-id "$junos-vlan-id";
                        demux-options {
                            underlying-interface "$junos-interface-ifd-name";
                        }
                        family pppoe {
                            access-concentrator PPPOE-SERVER;
                            duplicate-protection;
                            dynamic-profile PPP-SUBSCRIBER-PROFILE;
                        }
                    }
                }
            }
        }
    }
    


    Radius Attributes :
    ERX-Egress-Policy-Name = down4m

    The problem is the firewall filters can not run and the bandwidth still loss.
    Could everyone help me to solve this problem ?
    Thanks.




    ------------------------------
    sdw
    ------------------------------