Juniper POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X Configuration Manual page 30

JUNOSe 11.1.x Policy Management Configuration Guide
Policy management gives you the CLI tools to build databases, which can then be
drawn from to implement a policy. Each database contains global traffic specifications.
When building a policy, you specify input from one or more of these databases and
then attach the policy to an interface. By combining the information from the various
databases into policies, you can deploy a wide variety of services.
NOTE: When applying policies to interfaces that are managed by the SRC, avoid
using any other policy management tools, such as CLI, RADIUS, CoA, or Service
Manager. SRC is not compatible with other types of policy management tools. When
policies are applied to the interface before SRC management begins, such as at
access-accept time, these policies are properly replaced. However, if other policy
managers change existing policies while SRC management is active, problems can
occur. The precedence of each source when modifying configurations is:
4
Policy Management Overview
associated actions. You next create a policy list with a rule that has rate limit as
the action and associate a rate-limit profile with this rule. You can configure
rate-limit profiles to provide a variety of services, including tiered bandwidth
service where traffic conforming to configured bandwidth levels is treated
differently than traffic that exceeds the configured values, and a hard-limit service
where a fixed bandwidth limit is applied to a traffic flow. Finally, you can
configure rate-limit profiles to provide a TCP-friendly rate-limiting service that
works in conjunction with TCP's native flow-control functionality.
Security Provides a level of network security by using policy rules that selectively
forward or filter packet flows. You can use a filter rule to stop a denial-of-service
attack. You can use secure policies to mirror packets and send them to an
analyzer.
RADIUS policy support Enables you to create and attach a policy to an interface
through RADIUS.
Packet tagging Enables the traffic-class rule in policies to tag a packet flow so
that the Quality of Service (QoS) application can provide traffic-class queuing.
Policies can perform both in-band and out-of-band packet tagging.
Packet forwarding Allows forwarding of packets in a packet flow.
Packet filtering Drops packets in a packet flow.
Packet mirroring Uses secure policies to mirror packets and send them to an
analyzer.
Packet logging Logs packets in a packet flow.
If you have a pre-configured policy through CLI as part of subscriber PVC/VLAN
provisioning, SRC overwrites the policy when the SRC manages the interface
If you have a policy in the Access-Accept, SRC overwrites the policy when the
SRC manages the interface