Juniper Radius configuration with variables

This article is the second part of the Juniper MX Radius configuration tutorial.

In the first article, speed limitations were set by two Juniper Radius attributes:

ERX-Ingress-Policy-Name = “{{ tariff_name }}”
ERX-Egress-Policy-Name = “{{ tariff_name }}”

These attributes matched the Juniper firewall filter/policy to the tariff name in Splynx.

We can set up an advanced option when tariff names and firewall filters matching is not involved. The setup is quite advanced, but also elegant, variables are used to define policies and speed.

RADIUS

Let’s start again with the basic Radius configuration:


profile RAD {
authentication-order radius;
domain-name-server {
8.8.4.4;
8.8.8.8;
}
radius {
authentication-server 192.168.1.5;
accounting-server 192.168.1.5;
options {
nas-identifier JUN;
accounting-session-id-format decimal;
}
}
radius-server {
192.168.1.5 {
secret "$9$bLYJUjHqPTz7-UiHqQzRhcSvW"; ## SECRET-DATA
source-address 192.168.1.6;
}
}
accounting {
order radius;
immediate-update;
coa-immediate-update;
address-change-immediate-update;
update-interval 10;
statistics volume-time;
}
}

Important is to apply the access profile in global configuration :
access-profile RAD

DYNAMIC profile

The second part is defining dynamic profiles using variables.

svc-local-pppoe {
variables {
var-bw-download;
var-bw-upload;
var-ff-out-download {
equals "'INET-' ## $var-bw-download ## '-CLIENT-DOWNLOAD'";
uid;
}
var-ff-in-upload {
equals "'INET-' ## $var-bw-upload ## '-CLIENT-UPLOAD'";
uid;
}
var-plr-download {
equals "'plr-' ## $var-bw-download";
uid;
}
var-plr-upload {
equals "'plr-' ## $var-bw-upload";
uid;
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$var-ff-out-download" precedence 100;
output "$var-ff-in-upload" precedence 100;
}
}
family inet6 {
filter {
input "$var-ff-out-download" precedence 100;
output "$var-ff-in-upload" precedence 100;
}
}
}
}
}

As you can see we can define policies for IPv4 and IPv6 customers.
Juniper Radius attribute that Splynx should send to Juniper MX router is

RADIUS attribute

ERX-Service-Activate:1 = “svc-local-PPPoE(3072000,2048000)”
where 3072000 is download speed and 2048000 is upload speed.
It means that Juniper will set var-bw-download = 3072000 and var-bw-upload = 2048000. Then it will var-ff-out-download and var-ff-in-upload variables and set it to input and output filter names on the pp0 interface.

SETTING firewall

The last step is to define Filter rules:


firewall {
family inet {
filter "$var-ff-in-upload" {
interface-specific;
term POLICE {
then {
policer "$var-plr-upload";
service-accounting;
service-filter-hit;
accept;
}
}
term SERVICE-FILTER-HIT {
from {
service-filter-hit;
}
then accept;
}
}
filter "$var-ff-out-download" {
interface-specific;
term POLICE {
then {
policer "$var-plr-download";
service-accounting;
service-filter-hit;
accept;
}
}
term SERVICE-FILTER-HIT {
from {
service-filter-hit;
}
then accept;
}
}
}
policer "$var-plr-download" {
logical-interface-policer;
if-exceeding {
bandwidth-limit "$var-bw-download";
burst-size-limit 1m;
}
then discard;
}
policer "$var-plr-upload" {
logical-interface-policer;
if-exceeding {
bandwidth-limit "$var-bw-upload";
burst-size-limit 1m;
}
then discard;
}
}
}

$var-plr-download and $var-plr-upload were created using values from Juniper Radius attribute ERX-Service-Activate:1. We create dynamic policers using these values and then apply them in dynamic filters.

More in Network management

Network management

Simplifying network troubleshooting with Ping and Traceroute features

Explore Splynx 4.2's Ping and Traceroute features, simplifying network troubleshooting and boosting ISP team efficiency.

Network management

Hardware Backup & Change Management in Splynx

Maintaining network stability and reliability is paramount for both ISPs and their valued customers. To address this, Sp...

Network management bandwidth management

Bandwidth management in Splynx

As a local ISP business owner, ensuring efficient bandwidth management is crucial for maintaining customer satisfaction ...

Network management Splynx network management

Streamlining network management: A closer look at Splynx’s capabilities

Efficient network management is essential for ISPs to deliver reliable and high-quality services to their customers. Wit...

Network management Network topology failover server

Overview of RADIUS failover server

One of the methods used to authorize Internet services in Splynx is the RADIUS protocol. More details about the Splynx R...

Network management Below is the topology sample that depicts the captured flow of how Splynx and NetFlow accounting work.

How to configure NetFlow accounting in Splynx

Learn how to configure NetFlow accounting to to bring usage data into Splynx.

Network management Hotspot add-on in Splynx 4.0

Hotspot add-on in Splynx 4.0

The Hotspot add-on was built to help businesses from low-income communities grow and earn more.

Network management How to configure Juniper Radius

Juniper Radius configuration with variables

This article is the second part of the Juniper MX Radius configuration tutorial.

Network management How to configure Radius Juniper MX

How to configure Radius Juniper MX

Juniper Networks is one of the leading vendors producing networking equipment. Together with Cisco, Juniper defines wher...

Network management Mikrotik ipv6 configuration

How to configure Mikrotik IPv6

This blog post describes how to configure the Mikrotik router to act as a PPPoE server with IPv6 enabled.

Find out how Splynx helps ISPs grow

Learn more