[j-nsp] MX240 static-subscribers radius policy

Catalin Petrescu cpmarvin at gmail.com
Mon Sep 30 02:38:53 EDT 2013 

Hi,

I've tested this on mx80 and works , so probably is MPC specific.

filter 2M {
    interface-specific;
    term 10 {
        then {
            count 2M;
            accept;
        }
    }

filter 5M {
    interface-specific;
    term 10 {
        then {
            count 5M;
            accept;
        }
    }

... junos 11.4R7.5.

Regards,

Catalin

On Mon, Sep 30, 2013 at 8:39 AM, Terebizh, Evgeny <eterebizh at amt.ru> wrote:

> Hi
> Please share the firewall filter configuration.
>
> /ET
>
>
>
>
> On 9/27/13 2:14 PM, "Catalin Petrescu" <cpmarvin at gmail.com> wrote:
>
> >I have a dynamic profile for static subscribers configure as below:
> >
> >root at MX240-1-R6# show dynamic-profiles 9
> >interfaces {
> >    "$junos-interface-ifd-name" {
> >        unit "$junos-underlying-interface-unit" {
> >            family inet {
> >                filter {
> >                    input "$junos-input-filter";
> >                    output "$junos-output-filter";
> >                }
> >            }
> >        }
> >    }
> >}
> >
> >root at MX240-1-R6# show system services static-subscribers
> >access-profile {
> >    sbr;
> >}
> >dynamic-profile {
> >    9;
> >}
> >authentication {
> >    password "$9$At-bp1RcylMLx"; ## SECRET-DATA
> >    username-include {
> >        interface;
> >    }
> >}
> >group IP1 {
> >    interface demux0.1;
> >}
> >
> >The user is authenticated and the filter are activated but only input
> >works.
> >
> >root at MX240-1-R6> show subscribers
> >Interface           IP Address/VLAN ID                      User Name
> >               LS:RI
> >demux0.1            100.100.100.6                           demux0.1
> >           default:default
> >
> >root at MX240-1-R6> show firewall
> >
> >ilter: 2M-demux0.1-in
> >Counters:
> >Name                                                Bytes
> > Packets
> >2M-demux0.1-in                                       1596
> >19
> >
> >Filter: 5M-demux0.1-out
> >Counters:
> >Name                                                Bytes
> > Packets
> >5M-demux0.1-out                                         0
> > 0
> >
> >
> >output counters is always 0.
> >
> >No idea why this is happening , with dynamic clients with dhcp output
> >filter is working.
> >
> >
> >Many thanks,
> >
> >Catalin Petrescu
> >_______________________________________________
> >juniper-nsp mailing list juniper-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list