[j-nsp] MX240 static-subscribers radius policy
Terebizh, Evgeny
eterebizh at amt.ru
Mon Sep 30 03:11:58 EDT 2013
Not basically true. I guess my statement applies to policer counters, not
to the firewall counters.
Sorry. Nevermind.
/ET
On 9/30/13 10:43 AM, "Terebizh, Evgeny" <eterebizh at amt.ru> wrote:
>Hi,
>As far as I remember the firewall filter will be showing zeroes unless
>traffic going through demux interface gets policed.
>
>/ET
>
>From: Catalin Petrescu <cpmarvin at gmail.com<mailto:cpmarvin at gmail.com>>
>Date: Mon, 30 Sep 2013 09:38:53 +0300
>To: Evgeny <eterebizh at amt.ru<mailto:eterebizh at amt.ru>>
>Cc: "juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>"
><juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
>Subject: Re: [j-nsp] MX240 static-subscribers radius policy
>
>Hi,
>
>I've tested this on mx80 and works , so probably is MPC specific.
>
>filter 2M {
> interface-specific;
> term 10 {
> then {
> count 2M;
> accept;
> }
> }
>
>filter 5M {
> interface-specific;
> term 10 {
> then {
> count 5M;
> accept;
> }
> }
>
>... junos 11.4R7.5.
>
>Regards,
>
>Catalin
>
>On Mon, Sep 30, 2013 at 8:39 AM, Terebizh, Evgeny
><eterebizh at amt.ru<mailto:eterebizh at amt.ru>> wrote:
>Hi
>Please share the firewall filter configuration.
>
>/ET
>
>
>
>
>On 9/27/13 2:14 PM, "Catalin Petrescu"
><cpmarvin at gmail.com<mailto:cpmarvin at gmail.com>> wrote:
>
>>I have a dynamic profile for static subscribers configure as below:
>>
>>root at MX240-1-R6# show dynamic-profiles 9
>>interfaces {
>> "$junos-interface-ifd-name" {
>> unit "$junos-underlying-interface-unit" {
>> family inet {
>> filter {
>> input "$junos-input-filter";
>> output "$junos-output-filter";
>> }
>> }
>> }
>> }
>>}
>>
>>root at MX240-1-R6# show system services static-subscribers
>>access-profile {
>> sbr;
>>}
>>dynamic-profile {
>> 9;
>>}
>>authentication {
>> password "$9$At-bp1RcylMLx"; ## SECRET-DATA
>> username-include {
>> interface;
>> }
>>}
>>group IP1 {
>> interface demux0.1;
>>}
>>
>>The user is authenticated and the filter are activated but only input
>>works.
>>
>>root at MX240-1-R6> show subscribers
>>Interface IP Address/VLAN ID User Name
>> LS:RI
>>demux0.1 100.100.100.6 demux0.1
>> default:default
>>
>>root at MX240-1-R6> show firewall
>>
>>ilter: 2M-demux0.1-in
>>Counters:
>>Name Bytes
>> Packets
>>2M-demux0.1-in 1596
>>19
>>
>>Filter: 5M-demux0.1-out
>>Counters:
>>Name Bytes
>> Packets
>>5M-demux0.1-out 0
>> 0
>>
>>
>>output counters is always 0.
>>
>>No idea why this is happening , with dynamic clients with dhcp output
>>filter is working.
>>
>>
>>Many thanks,
>>
>>Catalin Petrescu
>>_______________________________________________
>>juniper-nsp mailing list
>>juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
>>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list