[j-nsp] MX240 static-subscribers radius policy

Mon Sep 30 02:43:50 EDT 2013

Hi,
As far as I remember the firewall filter will be showing zeroes unless traffic going through demux interface gets policed.

/ET

From: Catalin Petrescu <cpmarvin at gmail.com<mailto:cpmarvin at gmail.com>>
Date: Mon, 30 Sep 2013 09:38:53 +0300
To: Evgeny <eterebizh at amt.ru<mailto:eterebizh at amt.ru>>
Cc: "juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>" <juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
Subject: Re: [j-nsp] MX240 static-subscribers radius policy

Hi,

I've tested this on mx80 and works , so probably is MPC specific.

filter 2M {
    interface-specific;
    term 10 {
        then {
            count 2M;
            accept;
        }
    }

filter 5M {
    interface-specific;
    term 10 {
        then {
            count 5M;
            accept;
        }
    }

... junos 11.4R7.5.

Regards,

Catalin

On Mon, Sep 30, 2013 at 8:39 AM, Terebizh, Evgeny <eterebizh at amt.ru<mailto:eterebizh at amt.ru>> wrote:
Hi
Please share the firewall filter configuration.

/ET

On 9/27/13 2:14 PM, "Catalin Petrescu" <cpmarvin at gmail.com<mailto:cpmarvin at gmail.com>> wrote:

>I have a dynamic profile for static subscribers configure as below:
>
>root at MX240-1-R6# show dynamic-profiles 9
>interfaces {
>    "$junos-interface-ifd-name" {
>        unit "$junos-underlying-interface-unit" {
>            family inet {
>                filter {
>                    input "$junos-input-filter";
>                    output "$junos-output-filter";
>                }
>            }
>        }
>    }
>}
>
>root at MX240-1-R6# show system services static-subscribers
>access-profile {
>    sbr;
>}
>dynamic-profile {
>    9;
>}
>authentication {
>    password "$9$At-bp1RcylMLx"; ## SECRET-DATA
>    username-include {
>        interface;
>    }
>}
>group IP1 {
>    interface demux0.1;
>}
>
>The user is authenticated and the filter are activated but only input
>works.
>
>root at MX240-1-R6> show subscribers
>Interface           IP Address/VLAN ID                      User Name
>               LS:RI
>demux0.1            100.100.100.6                           demux0.1
>           default:default
>
>root at MX240-1-R6> show firewall
>
>ilter: 2M-demux0.1-in
>Counters:
>Name                                                Bytes
> Packets
>2M-demux0.1-in                                       1596
>19
>
>Filter: 5M-demux0.1-out
>Counters:
>Name                                                Bytes
> Packets
>5M-demux0.1-out                                         0
> 0
>
>
>output counters is always 0.
>
>No idea why this is happening , with dynamic clients with dhcp output
>filter is working.
>
>
>Many thanks,
>
>Catalin Petrescu
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
>https://puck.nether.net/mailman/listinfo/juniper-nsp