Hi,
I have MX with configuration dynamic profiles.
I recive policer value from Radius:
@MX204-No2> show subscribers extensive:
User Name: pppoetest2
...
Dynamic configuration:
junos-input-filter: 200M
junos-output-filter: 100M
On my configuration i have manual configured policer/filter on this same value recived from Radius:
@MX204-No2> show configuration firewall
policer 100M {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
policer 200M {
if-exceeding {
bandwidth-limit 200m;
burst-size-limit 1m;
}
then discard;
}
pnoszczyk@MX204-No2> show configuration firewall family inet
filter 100M {
interface-specific;
term 1 {
then {
policer 100M;
accept;
}
}
}
filter 200M {
interface-specific;
term 1 {
then {
policer 200M;
accept;
}
}
}
My dynamic profile configuratiuns is below:
@MX204-No2> show configuration dynamic-profiles PPPoE-Profile
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
chap;
pap;
mtu 1480;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
filter {
input "$junos-input-filter";
output "$junos-output-filter";
}
unnumbered-address "$junos-loopback-interface";
}
family inet6 {
address $junos-ipv6-address;
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
other-stateful-configuration;
prefix $junos-ipv6-ndra-prefix;
}
}
}
And this configuration works :)
i would like to that "policer" will be created automaticly during established pppoe session with value recived from Radius - junos-input-filter and junos-output-filter.
Someone has idea how this is posible to configuration?
i try configure this as bellow, but it not works:
set dynamic-profiles PPPoE-Profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter input "$junos-input-filter"
set dynamic-profiles PPPoE-Profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter output "$junos-output-filter"
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-output-filter" interface-specific
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-output-filter" term accept then policer "$junos-output-filter"
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-output-filter" term accept then service-filter-hit
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-output-filter" term accept then accept
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-input-filter" interface-specific
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-input-filter" term accept then policer "$junos-input-filter"
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-input-filter" term accept then service-filter-hit
set dynamic-profiles PPPoE-Profile firewall family inet filter "$junos-input-filter" term accept then accept
set dynamic-profiles PPPoE-Profile firewall policer "$junos-output-filter" filter-specific
set dynamic-profiles PPPoE-Profile firewall policer "$junos-output-filter" logical-interface-policer
set dynamic-profiles PPPoE-Profile firewall policer "$junos-output-filter" if-exceeding bandwidth-limit "$junos-output-filter"
set dynamic-profiles PPPoE-Profile firewall policer "$junos-output-filter" if-exceeding burst-size-limit 1024000000
set dynamic-profiles PPPoE-Profile firewall policer "$junos-output-filter" then discard
set dynamic-profiles PPPoE-Profile firewall policer "$junos-input-filter" filter-specific
set dynamic-profiles PPPoE-Profile firewall policer "$junos-input-filter" logical-interface-policer
set dynamic-profiles PPPoE-Profile firewall policer "$junos-input-filter" if-exceeding bandwidth-limit "$junos-input-filter"
set dynamic-profiles PPPoE-Profile firewall policer "$junos-input-filter" if-exceeding burst-size-limit 1024000000
set dynamic-profiles PPPoE-Profile firewall policer "$junos-input-filter" then discard
------------------------------
PatrykN
------------------------------