I want to try to see if I can apply an ingress/egress filter to certain subscribers via radius attributes and pre-defined filters.
I've setup the radius attributes:
Unisphere-Ingress-Policy-Name
Unisphere-Egress-Policy-Name
And I've setup a test filter on the MX104 as below:
set firewall family inet filter TEST-FILTER term TEST-IP from source-address 1.2.3.4/32
set firewall family inet filter TEST-FILTER term TEST-IP from destination-address 1.2.3.4/32
set firewall family inet filter TEST-FILTER term TEST-IP then discard
set firewall family inet filter TEST-FILTER term deny-all then accept
Radius is then setup with radius attribute refering to the above filter:
Unisphere-Ingress-Policy-Name TEST-FILTER
When connected I see the below for the subscriber session:
Dynamic configuration:
junos-framed-route-ip-address-prefix: 50.0.0.0/30
junos-framed-route-nexthop: 12.12.12.12
junos-framed-route-cost: 1
junos-input-filter: TEST-FILTER
However there is no blocking/filtering happenig. I've had a look for examples and the only examples I can find refer to policing the speeds using such filters. Can it not be used for filtering certain traffic to/from a subscriber?
No comments:
Post a Comment