1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Network Router
  5. E320
  6. Configuration manual

Merged Policy Naming Conventions; Reference Counting; Persistent Configuration Differences; Policy Attachment Sequence At Login - Juniper E320 Configuration Manual

Junose internet software for e-series routing platforms
Hide thumbs Also See for E320:
Table of Contents

Advertisement

Merged Policy Naming Conventions

Merged policies are dynamically created. The naming convention is mpl_<hex of
internally generated policy ID>, such as mpl_10. If the newly generated name
already exists, then a sequence number is appended to the new name to make it
unique. The sequence number starts at 1 and increments until the name is unique,
such as mpl_10_2.

Reference Counting

The reference counts in all containers referenced within a merged policy are
incremented by the number of times they are referenced within the merged policy.
Also, the reference counts of all component policies of a merged policy are
incremented because of the association of the component policies with the merged
policy. This means you cannot delete a component policy while a merged policy is
still associated with it.

Persistent Configuration Differences

Service Manager can specify whether a component policy attachment is
non-volatile. If the interface where the component policy is attached is volatile, then
policy management makes the attachment volatile even when the Service Manager
specifies otherwise. A non-volatile interface can have both volatile and non-volatile
component policy attachments. The merged policy that is created is the merge of all
component policies attached at a given attachment point regardless of their
volatility. The merged policy and its attachments are always volatile and
reconstructed on each reload operation.

Policy Attachment Sequence at Login

During a user login, you can specify policy attachments through Service Manager,
RADIUS, and Interface Profile. The order that is used to select the policy attachment
source is Service Manager, RADIUS, and Interface Profile.
For example, if you configure Ingress-Policy-Name VSA for a user in RADIUS and
also have a profile with an input policy reference applied to this user's interface
column, when the user logs in, the RADIUS VSA is selected as the source for the
input policy attachment. If you also have service profiles applied to the user's
interface column, the service profiles override both RADIUS VSA and the policy
name specified in the interface profile.
NOTE:
Policy management does not reselect the source if the policy attachment fails for
the selected source. If the policy attachment via service profiles fails, policy
management does not reselect RADIUS VSA as the next source. This means the
interface does not have any input policy attachment.
Policy merging is not supported with ascend data filter policies.
Chapter 2: Creating Policies
!
49
Merging Policies
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Juniper E320

Related Content for Juniper E320

This manual is also suitable for:

Erx-710Erx-310Erx-1440Erx-1410Erx-705

Table of Contents