Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual page 2901

Table 375: Components of the Firewall Filter and RADIUS Server Attributes Topology (continued)
Property
Port firewall filter to be applied on the RADIUS
server
Counters
Policer
User profiles on the RADIUS server
Configuring the Port Firewall Filter and Counters
CLI Quick
Configuration
Step-by-Step
Procedure
Copyright © 2010, Juniper Networks, Inc.
Settings
filter1
counter1
from Supplicant 2.
policer p1
Supplicant 1 has the user profile
Supplicant 2 has the user profile
In this example, you configure a port firewall filter named
that will be applied to the end devices based on the MAC addresses of the end devices.
When you configure the filter, you also configure the counters
Packets from each end device are counted, which helps you verify that the configuration
is working. Policer policer p1
discard parameters. Then, you check to see that the RADIUS server attribute is available
on the RADIUS server and apply the filter to the user profiles of each end device on the
RADIUS server. Finally, you verify the configuration by displaying output for the two
counters.
NOTE: For more information about authentication, authorization, and
accounting (AAA) services, see the
Configure a port firewall filter and counters:
To quickly configure a port firewall filter with terms for Supplicant 1 and Supplicant 2 and
create parallel counters for each supplicant, copy the following commands and paste
them into the switch terminal window:
[edit]
set firewall family ethernet-switching filter filter1 term supplicant1 from source-mac-address
00:50:8b:6f:60:3a
set firewall family ethernet-switching filter filter1 term supplicant2 from source-mac-address
00:50:8b:6f:60:3b
set firewall policer p1 if-exceeding bandwidth-limit 1m
set firewall policer p1 if-exceeding burst-size-limit 1k
set firewall family ethernet-switching filter filter1 term supplicant1 then count counter1
set firewall family ethernet-switching filter filter1 term supplicant1 then policer p1
set firewall family ethernet-switching filter filter1 term supplicant2 then count counter2
To configure a port firewall filter and counters on the switch:
Configure a port firewall filter (here,
1.
upon the MAC address of each end device:
[edit firewall family ethernet-switching]
Chapter 88: Examples: Access Control Configuration
counts packets from Supplicant 1, and
supplicant1
supplicant2
limits the traffic rate based on the values for exceeding and
Junos OS System Basics Configuration Guide
filter1 ) with terms for each end device based
counter2 counts packets
.
.
filter1 . The filter contains terms
and
counter1 counter2
.
.
2797