Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
462 views14 pages

Dynamic PPPoE and IPoE Profiles Configuration

The document contains configuration settings for different types of network interfaces on a Juniper device including: - PPPoE profiles that define parameters for PPPoE interfaces like authentication, addressing, and routing. - VLAN profiles that configure VLAN tagging and underlying interfaces for dynamic VLAN interfaces. - QinQ profiles that configure double VLAN tagging for dynamic QinQ interfaces. - IPoE profiles that set addressing and routing for dynamic IPoE interfaces. The configurations can be applied to pseudowire, physical fiber, or dynamic interfaces through assignment of the profiles. This allows different interface types to be configured for services like PPPoE, IPoE, or QinQ

Uploaded by

Ederson Silva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
462 views14 pages

Dynamic PPPoE and IPoE Profiles Configuration

The document contains configuration settings for different types of network interfaces on a Juniper device including: - PPPoE profiles that define parameters for PPPoE interfaces like authentication, addressing, and routing. - VLAN profiles that configure VLAN tagging and underlying interfaces for dynamic VLAN interfaces. - QinQ profiles that configure double VLAN tagging for dynamic QinQ interfaces. - IPoE profiles that set addressing and routing for dynamic IPoE interfaces. The configurations can be applied to pseudowire, physical fiber, or dynamic interfaces through assignment of the profiles. This allows different interface types to be configured for services like PPPoE, IPoE, or QinQ

Uploaded by

Ederson Silva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 14

set dynamic-profiles PPPoE-Base routing-instances "$junos-routing-instance"

interface "$junos-interface-name"
set dynamic-profiles PPPoE-Base routing-instances "$junos-routing-instance"
routing-options access-internal route $junos-subscriber-ip-address qualified-next-
hop "$junos-interface-name"
set dynamic-profiles PPPoE-Base routing-instances "$junos-routing-instance"
routing-options access route $junos-framed-route-ip-address-prefix next-hop
"$junos-framed-route-nexthop"
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" ppp-
options ignore-magic-number

set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" ppp-


options chap
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" ppp-
options pap

set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" ppp-


options mru 1492
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" ppp-
options mtu 1492

set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" pppoe-


options underlying-interface "$junos-underlying-interface"
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" pppoe-
options server

#PPPOE BASE
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit"
keepalives interval 60 (mirktoik equivale a 180 segundos"
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" family
inet rpf-check
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" family
inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" family
inet tcp-mss 1450
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" family
inet6 address $junos-ipv6-address
set dynamic-profiles PPPoE-Base interfaces pp0 unit "$junos-interface-unit" family
inet6 unnumbered-address "$junos-loopback-interface"
set dynamic-profiles PPPoE-Base protocols router-advertisement interface "$junos-
interface-name" prefix $junos-ipv6-ndra-prefix

#IPOE BASE
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
proxy-arp
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
family inet unnumbered-address lo0.0
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
family inet6 unnumbered-address lo0.0
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" max-advertisement-interval 1800
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" min-advertisement-interval 900
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" managed-configuration
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" other-stateful-configuration
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" prefix $junos-ipv6-ndra-prefix

#PERFIL DE INTERFACE VLAN NORMAL


set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
vlan-id "$junos-vlan-id"
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe access-concentrator PPPOE-SPEEDNET
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe duplicate-protection
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe dynamic-profile PPPoE-Base

#PERFIL DE INTERFACE QINQ


set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
no-traps
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
vlan-tags inner "$junos-vlan-id"
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
demux-optbomions underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe access-concentrator BRAS-PPPOE-01-QINQ
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe duplicate-protection
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe dynamic-profile PPPoE-Base

#PERFIL DE INTERFACE QINQ


set dynamic-profiles VLAN-IPoE routing-instances "$junos-routing-instance"
interface "$junos-interface-name" any
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" actual-transit-statistics
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-source inet
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-source inet6
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" proxy-arp
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" keepalives interval 30
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"

###############################usando pseudowire
#################################################

#PPPOE ESTATICO
set interfaces ps0.0 flexible-vlan-tagging
set interfaces ps0.0 unit 10 vlan-id 10
set interfaces ps0.0 unit 10 family inet address 192.168.78.1/24
set interfaces ps0.0 unit 10 family pppoe access-concentrator PPPOE-SERVER-01
set interfaces ps0.0 unit 10 family pppoe dynamic-profile PPPoE-Base

#PPPOE DINAMICO
set interfaces ps0.0 flexible-vlan-tagging
set interfaces ps0.0 auto-configure stacked-vlan-ranges
set interfaces ps0.0 auto-configure vlan-ranges dynamic-profile vlan-profile accept
pppoe
set interfaces ps0.0 auto-configure vlan-ranges dynamic-profile vlan-profile ranges
1-4000

#PPPOE DINAMICO Q-IN-Q


set interfaces ps0.0 flexible-vlan-tagging
set interfaces ps0.0 auto-configure stacked-vlan-ranges dynamic-profile qinq-
profile accept pppoe
set interfaces ps0.0 auto-configure stacked-vlan-ranges dynamic-profile qinq-
profile ranges any,any
set interfaces ps0.0 auto-configure stacked-vlan-ranges dynamic-profile qinq-
profile ranges 1000-2000,any

#IPOE DINAMICO
set interfaces ps0.0 flexible-vlan-tagging
set interfaces ps0.0 auto-configure vlan-ranges dynamic-profile VLAN-IPoE accept
any
set interfaces ps0.0 auto-configure vlan-ranges dynamic-profile VLAN-IPoE ranges 1-
4000
set interfaces ps0.0 encapsulation flexible-ethernet-services

###############################usando interface
fisica#################################################
#PPPOE ESTATICO
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 unit 10 vlan-id 10
set interfaces ge-0/0/0 unit 10 family inet address 192.168.78.1/24
set interfaces ge-0/0/0 unit 10 family pppoe access-concentrator PPPOE-SERVER-01
set interfaces ge-0/0/0 unit 10 family pppoe dynamic-profile PPPoE-Base

#PPPOE DINAMICO
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 auto-configure stacked-vlan-ranges
set interfaces ge-0/0/0 auto-configure vlan-ranges dynamic-profile vlan-profile
accept pppoe
set interfaces ge-0/0/0 auto-configure vlan-ranges dynamic-profile vlan-profile
ranges 1-4000
#PPPOE DINAMICO Q-IN-Q
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 auto-configure stacked-vlan-ranges dynamic-profile qinq-
profile accept pppoe
set interfaces ge-0/0/0 auto-configure stacked-vlan-ranges dynamic-profile qinq-
profile ranges any,any
set interfaces ge-0/0/0 auto-configure stacked-vlan-ranges dynamic-profile qinq-
profile ranges 1000-2000,any

#IPOE DINAMICO
set interfaces xe-0/0/2 flexible-vlan-tagging
set interfaces xe-0/0/2 auto-configure vlan-ranges dynamic-profile VLAN-IPoE accept
any
set interfaces xe-0/0/2 auto-configure vlan-ranges dynamic-profile VLAN-IPoE ranges
1-4000
set interfaces xe-0/0/2 encapsulation flexible-ethernet-services

#PERFIL DE INTERFACE VLAN NORMAL


set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
vlan-id "$junos-vlan-id"
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe access-concentrator PPPOE-SPEEDNET
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe duplicate-protection
set dynamic-profiles vlan-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe dynamic-profile PPPoE-Base

#PERFIL DE INTERFACE QINQ


set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
no-traps
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
vlan-tags inner "$junos-vlan-id"
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
demux-optbomions underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe access-concentrator BRAS-PPPOE-01-QINQ
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe duplicate-protection
set dynamic-profiles qinq-profile interfaces demux0 unit "$junos-interface-unit"
family pppoe dynamic-profile PPPoE-Base

set dynamic-profiles VLAN-IPoE routing-instances "$junos-routing-instance"


interface "$junos-interface-name" any
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" actual-transit-statistics
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-source inet
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-source inet6
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" proxy-arp
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" keepalives interval 30
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
deactivate dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit
"$junos-interface-unit" family inet6

#radius

set access radius-server 35.166.241.25 port 1812


set access radius-server 35.166.241.25 accounting-port 1813
set access radius-server 35.166.241.25 secret frasesecreta
set access radius-disconnect-port 3799
set access radius-disconnect 35.166.241.25 secret frasesecreta

set access profile PPPoE-Access-Profile authentication-order radius


set access profile PPPoE-Access-Profile authentication-order none > usando quando
estou sem radius, ele vai entregar accept para todos os clientes
set access profile PPPoE-Access-Profile domain-name-server 8.8.8.8
set access profile PPPoE-Access-Profile domain-name-server 10.10.11.11
set access profile PPPoE-Access-Profile domain-name-server-inet6
2001:4860:4860::8888
set access profile PPPoE-Access-Profile domain-name-server-inet6
2001:4860:4860::8844

set access profile PPPoE-Access-Profile radius authentication-server 35.166.241.25


set access profile PPPoE-Access-Profile radius accounting-server 35.166.241.25

set access profile PPPoE-Access-Profile radius options nas-port-extended-format


slot-width 5
set access profile PPPoE-Access-Profile radius options nas-port-extended-format
adapter-width 1
set access profile PPPoE-Access-Profile radius options nas-port-extended-format
port-width 3
set access profile PPPoE-Access-Profile radius options client-authentication-
algorithm round-robin
set access profile PPPoE-Access-Profile accounting order radius
set access profile PPPoE-Access-Profile accounting accounting-stop-on-failure
set access profile PPPoE-Access-Profile accounting accounting-stop-on-access-deny
set access profile PPPoE-Access-Profile accounting immediate-update
set access profile PPPoE-Access-Profile accounting update-interval 20
set access profile PPPoE-Access-Profile accounting statistics volume-time

set access address-assignment high-utilization 85


set access address-assignment abated-utilization 50
set access address-assignment high-utilization-v6 85
set access address-assignment abated-utilization-v6 50

set access address-assignment pool pool-1 family inet network 100.64.0.0/20


set access address-assignment pool pool-1 link pool-2
set access address-assignment pool pool-2 family inet network 100.65.0.0/20

set access address-assignment pool IPOE-1 family inet network 100.64.0.0/24


set access address-assignment pool IPOE-1 family inet range IPoE-Pool low
100.64.0.2
set access address-assignment pool IPOE-1 family inet range IPoE-Pool high
100.64.0.254
set access address-assignment pool IPOE-1 family inet dhcp-attributes maximum-
lease-time 1800
set access address-assignment pool IPOE-1 family inet dhcp-attributes name-server
170.150.220.2
set access address-assignment pool IPOE-1 family inet dhcp-attributes name-server
170.150.220.22
set access address-assignment pool IPOE-1 family inet dhcp-attributes router
100.64.0.1
set access address-assignment pool IPOE-1 family inet dhcp-attributes t1-renewal-
time 432000
set access address-assignment pool IPOE-1 family inet dhcp-attributes t2-rebinding-
time 756000

#entre bng>onu/tplink)
set access address-assignment pool ndra-2001 family inet6 prefix
2804:3064:8007::/48
set access address-assignment pool ndra-2001 family inet6 range ndra-range prefix-
length 64

#delegacao de blocos BNGx cliente


set access address-assignment pool v6-prefix-pool-01 family inet6 prefix
2804:3064:cc00::/40
set access address-assignment pool v6-prefix-pool-01 family inet6 range prefix-
range prefix-length 56
set access address-assignment pool pool_bloqueado family inet network 10.0.0.0/22

set access domain map default access-profile PPPoE-Access-Profile


set access domain map default address-pool pool-1

set access address-assignment neighbor-discovery-router-advertisement ndra-2001

set interfaces lo0 unit 0 family inet address 10.10.10.101/32

set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.0101.00


set interfaces lo0 unit 0 family inet6 address 2004:f1a::101/128

set interfaces lo0 unit 0 family inet address 100.64.0.1/32


set interfaces lo0 unit 0 family inet address 100.64.1.1/32
set interfaces lo0 unit 0 family inet address 100.64.2.1/32
set interfaces lo0 unit 0 family inet address 100.64.3.1/32
set interfaces lo0 unit 0 family inet address 100.64.5.1/32
set interfaces lo0 unit 0 family inet address 100.64.6.1/32
set interfaces lo0 unit 0 family inet address 100.64.7.1/32

set system services dhcp-local-server dhcpv6 overrides interface-client-limit 100


set system services dhcp-local-server dhcpv6 overrides multi-address-embedded-
option-response
set system services dhcp-local-server dhcpv6 overrides delete-binding-on-
renegotiation
set system services dhcp-local-server dhcpv6 group dhcp6 overrides interface-
client-limit 200
set system services dhcp-local-server dhcpv6 group dhcp6 overrides delegated-pool
V6-pool-client-delegate
set system services dhcp-local-server dhcpv6 group dhcp6 interface xe-0/0/0.0
deactivate system services dhcp-local-server dhcpv6 group dhcp6
set system services dhcp-local-server pool-match-order external-authority
set system services dhcp-local-server pool-match-order ip-address-first
set system services dhcp-local-server duplicate-clients-in-subnet incoming-
interface

set system services dhcp-local-server liveness-detection method layer2-liveness-


detection transmit-interval 300
set system services dhcp-local-server liveness-detection method layer2-liveness-
detection max-consecutive-retries 6

set system services dhcp-local-server overrides no-unicast-replies


set system services dhcp-local-server overrides delete-binding-on-renegotiation
set system services dhcp-local-server group dhcp4 overrides dual-stack DS
set system services dhcp-local-server group dhcp4 interface xe-0/0/1.0
set system services dhcp-local-server dual-stack-group DS authentication password
IPoE
set system services dhcp-local-server dual-stack-group DS authentication username-
include relay-agent-interface-id
set system services dhcp-local-server dual-stack-group DS access-profile CLIENTS
set system services dhcp-local-server dual-stack-group DS dynamic-profile CLIENTS-
IPoE
set system services dhcp-local-server dual-stack-group DS classification-key mac-
address
set system services dhcp-local-server no-stale-timer-refresh
set system services dhcp-local-server stale-timer 60

DHCP V4 E V6
CONTROLE BANDA (PFERIL DE CONEXAO)

ERX-Service-Activate:1 = "VELOCIDADE(2M,10M,600K,1M)"

#2M
set dynamic-profiles VELOCIDADE variables Bandwidth-IN default-value 32k
set dynamic-profiles VELOCIDADE variables Bandwidth-IN mandatory

#10M
set dynamic-profiles VELOCIDADE variables Bandwidth-OUT default-value 32k
set dynamic-profiles VELOCIDADE variables Bandwidth-OUT mandatory

#600K
set dynamic-profiles VELOCIDADE variables Burst-IN default-value 2m
#1M
set dynamic-profiles VELOCIDADE variables Burst-OUT default-value 2m

set dynamic-profiles VELOCIDADE variables Policer-IN uid


set dynamic-profiles VELOCIDADE variables Policer-OUT uid
set dynamic-profiles VELOCIDADE variables Filter-IN uid
set dynamic-profiles VELOCIDADE variables Filter-OUT uid
set dynamic-profiles VELOCIDADE variables Filter-IN-V6 uid
set dynamic-profiles VELOCIDADE variables Filter-OUT-V6 uid

#aplicar na interface
set dynamic-profiles VELOCIDADE interfaces pp0 unit "$junos-interface-unit" family
inet filter input "$Filter-IN"
set dynamic-profiles VELOCIDADE interfaces pp0 unit "$junos-interface-unit" family
inet filter output "$Filter-OUT"

set dynamic-profiles VELOCIDADE interfaces pp0 unit "$junos-interface-unit" family


inet6 filter input "$Filter-IN-V6"
set dynamic-profiles VELOCIDADE interfaces pp0 unit "$junos-interface-unit" family
inet6 filter output "$Filter-OUT-V6"

#UPLOAD
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-IN" interface-
specific
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-IN" term 10
then policer "$Policer-IN"
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-IN" term 10
then accept
#DOWNLOAD
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT"
interface-specific
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT" term
aceita-gerencia from prefix-list ACEITA-GERENCIA-CLIENTES
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT" term
aceita-gerencia then accept
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT" term
bloqueia-acesso-remoto from destination-port 1-1024
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT" term
bloqueia-acesso-remoto the discard
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT" term 10
then policer "$Policer-OUT"
set dynamic-profiles VELOCIDADE firewall family inet filter "$Filter-OUT" term 10
then accept

set dynamic-profiles VELOCIDADE firewall family inet6 filter "$Filter-IN-V6"


interface-specific
set dynamic-profiles VELOCIDADE firewall family inet6 filter "$Filter-IN-V6" term
10 then policer "$Policer-IN"
set dynamic-profiles VELOCIDADE firewall family inet6 filter "$Filter-IN-V6" term
10 then accept
set dynamic-profiles VELOCIDADE firewall family inet6 filter "$Filter-OUT-V6"
interface-specific
set dynamic-profiles VELOCIDADE firewall family inet6 filter "$Filter-OUT-V6" term
10 then policer "$Policer-OUT"
set dynamic-profiles VELOCIDADE firewall family inet6 filter "$Filter-OUT-V6" term
10 then accept

#UPLOAD
set dynamic-profiles VELOCIDADE firewall policer "$Policer-IN" logical-interface-
policer
set dynamic-profiles VELOCIDADE firewall policer "$Policer-IN" if-exceeding
bandwidth-limit "$Bandwidth-IN"
set dynamic-profiles VELOCIDADE firewall policer "$Policer-IN" if-exceeding burst-
size-limit "$Burst-IN"
set dynamic-profiles VELOCIDADE firewall policer "$Policer-IN" then discard

#DOWNLOAD
set dynamic-profiles VELOCIDADE firewall policer "$Policer-OUT" logical-interface-
policer
set dynamic-profiles VELOCIDADE firewall policer "$Policer-OUT" if-exceeding
bandwidth-limit "$Bandwidth-OUT"
set dynamic-profiles VELOCIDADE firewall policer "$Policer-OUT" if-exceeding burst-
size-limit "$Burst-OUT"
set dynamic-profiles VELOCIDADE firewall policer "$Policer-OUT" then discard

ERX-Service-Activate:1 = "LIBERAR-CDN(2M,10M,600K,1M,400M)"

#2M
set dynamic-profiles LIBERAR-CDN variables Bandwidth-IN default-value 32k
set dynamic-profiles LIBERAR-CDN variables Bandwidth-IN mandatory

#10M
set dynamic-profiles LIBERAR-CDN variables Bandwidth-OUT default-value 32k
set dynamic-profiles LIBERAR-CDN variables Bandwidth-OUT mandatory
#600K
set dynamic-profiles LIBERAR-CDN variables Burst-IN default-value 2m
#1M
set dynamic-profiles LIBERAR-CDN variables Burst-OUT default-value 2m

set dynamic-profiles LIBERAR-CDN variables CDN default-value 2m

set dynamic-profiles LIBERAR-CDN variables Policer-IN uid


set dynamic-profiles LIBERAR-CDN variables Policer-OUT uid
set dynamic-profiles LIBERAR-CDN variables Filter-IN uid
set dynamic-profiles LIBERAR-CDN variables Filter-OUT uid
set dynamic-profiles LIBERAR-CDN variables Filter-IN-V6 uid
set dynamic-profiles LIBERAR-CDN variables Filter-OUT-V6 uid
set dynamic-profiles LIBERAR-CDN variables CDNuid uid

#aplicar na interface
set dynamic-profiles LIBERAR-CDN interfaces pp0 unit "$junos-interface-unit" family
inet filter input "$Filter-IN"
set dynamic-profiles LIBERAR-CDN interfaces pp0 unit "$junos-interface-unit" family
inet filter output "$Filter-OUT"

set dynamic-profiles LIBERAR-CDN interfaces pp0 unit "$junos-interface-unit" family


inet6 filter input "$Filter-IN-V6"
set dynamic-profiles LIBERAR-CDN interfaces pp0 unit "$junos-interface-unit" family
inet6 filter output "$Filter-OUT-V6"

#UPLOAD
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-IN"
interface-specific
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-IN" term 10
then policer "$Policer-IN"
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-IN" term 10
then accept
#DOWNLOAD
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT"
interface-specific
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
aceita-gerencia from prefix-list ACEITA-GERENCIA-CLIENTES
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
aceita-gerencia then accept
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
bloqueia-acesso-remoto from destination-port 1-1024
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
bloqueia-acesso-remoto the discard
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
libera-cdn from prefix-list CDNS
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
libera-cdn then policer "$CDNuid"
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term
libera-cdn then accept
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term 10
then policer "$Policer-OUT"
set dynamic-profiles LIBERAR-CDN firewall family inet filter "$Filter-OUT" term 10
then accept

set dynamic-profiles LIBERAR-CDN firewall family inet6 filter "$Filter-IN-V6"


interface-specific
set dynamic-profiles LIBERAR-CDN firewall family inet6 filter "$Filter-IN-V6" term
10 then policer "$Policer-IN"
set dynamic-profiles LIBERAR-CDN firewall family inet6 filter "$Filter-IN-V6" term
10 then accept
set dynamic-profiles LIBERAR-CDN firewall family inet6 filter "$Filter-OUT-V6"
interface-specific
set dynamic-profiles LIBERAR-CDN firewall family inet6 filter "$Filter-OUT-V6" term
10 then policer "$Policer-OUT"
set dynamic-profiles LIBERAR-CDN firewall family inet6 filter "$Filter-OUT-V6" term
10 then accept

#UPLOAD
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-IN" logical-interface-
policer
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-IN" if-exceeding
bandwidth-limit "$Bandwidth-IN"
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-IN" if-exceeding burst-
size-limit "$Burst-IN"
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-IN" then discard

#DOWNLOAD
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-OUT" logical-interface-
policer
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-OUT" if-exceeding
bandwidth-limit "$Bandwidth-OUT"
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-OUT" if-exceeding
burst-size-limit "$Burst-OUT"
set dynamic-profiles LIBERAR-CDN firewall policer "$Policer-OUT" then discard

#CDN
set dynamic-profiles LIBERAR-CDN firewall policer "$CDNuid" logical-interface-
policer
set dynamic-profiles LIBERAR-CDN firewall policer "$CDNuid" if-exceeding bandwidth-
limit "$CDN"
set dynamic-profiles LIBERAR-CDN firewall policer "$CDNuid" if-exceeding burst-
size-limit "$Burst-OUT"
set dynamic-profiles LIBERAR-CDN firewall policer "$CDNuid" then discard

ERX-Service-Activate:1 = "FIREWALL-LIBERADO(2M,10M)"

#2M
set dynamic-profiles FIREWALL-LIBERADO variables Bandwidth-IN default-value 32k
set dynamic-profiles FIREWALL-LIBERADO variables Bandwidth-IN mandatory

#10M
set dynamic-profiles FIREWALL-LIBERADO variables Bandwidth-OUT default-value 32k
set dynamic-profiles FIREWALL-LIBERADO variables Bandwidth-OUT mandatory

#600K
set dynamic-profiles FIREWALL-LIBERADO variables Burst-IN default-value 2m
#1M
set dynamic-profiles FIREWALL-LIBERADO variables Burst-OUT default-value 2m
set dynamic-profiles FIREWALL-LIBERADO variables Policer-IN uid
set dynamic-profiles FIREWALL-LIBERADO variables Policer-OUT uid
set dynamic-profiles FIREWALL-LIBERADO variables Filter-IN uid
set dynamic-profiles FIREWALL-LIBERADO variables Filter-OUT uid
set dynamic-profiles FIREWALL-LIBERADO variables Filter-IN-V6 uid
set dynamic-profiles FIREWALL-LIBERADO variables Filter-OUT-V6 uid

#aplicar na interface
set dynamic-profiles FIREWALL-LIBERADO interfaces pp0 unit "$junos-interface-unit"
family inet filter input "$Filter-IN"
set dynamic-profiles FIREWALL-LIBERADO interfaces pp0 unit "$junos-interface-unit"
family inet filter output "$Filter-OUT"

set dynamic-profiles FIREWALL-LIBERADO interfaces pp0 unit "$junos-interface-unit"


family inet6 filter input "$Filter-IN-V6"
set dynamic-profiles FIREWALL-LIBERADO interfaces pp0 unit "$junos-interface-unit"
family inet6 filter output "$Filter-OUT-V6"

#UPLOAD
set dynamic-profiles FIREWALL-LIBERADO firewall family inet filter "$Filter-IN"
interface-specific
set dynamic-profiles FIREWALL-LIBERADO firewall family inet filter "$Filter-IN"
term 10 then policer "$Policer-IN"
set dynamic-profiles FIREWALL-LIBERADO firewall family inet filter "$Filter-IN"
term 10 then accept
#DOWNLOAD
set dynamic-profiles FIREWALL-LIBERADO firewall family inet filter "$Filter-OUT"
interface-specific
set dynamic-profiles FIREWALL-LIBERADO firewall family inet filter "$Filter-OUT"
term 10 then policer "$Policer-OUT"
set dynamic-profiles FIREWALL-LIBERADO firewall family inet filter "$Filter-OUT"
term 10 then accept

set dynamic-profiles FIREWALL-LIBERADO firewall family inet6 filter "$Filter-IN-V6"


interface-specific
set dynamic-profiles FIREWALL-LIBERADO firewall family inet6 filter "$Filter-IN-V6"
term 10 then policer "$Policer-IN"
set dynamic-profiles FIREWALL-LIBERADO firewall family inet6 filter "$Filter-IN-V6"
term 10 then accept
set dynamic-profiles FIREWALL-LIBERADO firewall family inet6 filter "$Filter-OUT-
V6" interface-specific
set dynamic-profiles FIREWALL-LIBERADO firewall family inet6 filter "$Filter-OUT-
V6" term 10 then policer "$Policer-OUT"
set dynamic-profiles FIREWALL-LIBERADO firewall family inet6 filter "$Filter-OUT-
V6" term 10 then accept

#UPLOAD
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-IN" logical-
interface-policer
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-IN" if-exceeding
bandwidth-limit "$Bandwidth-IN"
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-IN" if-exceeding
burst-size-limit "$Burst-IN"
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-IN" then discard

#DOWNLOAD
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-OUT" logical-
interface-policer
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-OUT" if-exceeding
bandwidth-limit "$Bandwidth-OUT"
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-OUT" if-exceeding
burst-size-limit "$Burst-OUT"
set dynamic-profiles FIREWALL-LIBERADO firewall policer "$Policer-OUT" then discard

ERX-Service-Activate:1 = "GAMER(2M,10M)"

#2M
set dynamic-profiles GAMER variables Bandwidth-IN default-value 32k
set dynamic-profiles GAMER variables Bandwidth-IN mandatory

#10M
set dynamic-profiles GAMER variables Bandwidth-OUT default-value 32k
set dynamic-profiles GAMER variables Bandwidth-OUT mandatory

#600K
set dynamic-profiles GAMER variables Burst-IN default-value 2m
#1M
set dynamic-profiles GAMER variables Burst-OUT default-value 2m

set dynamic-profiles GAMER variables Policer-IN uid


set dynamic-profiles GAMER variables Policer-OUT uid
set dynamic-profiles GAMER variables Filter-IN uid
set dynamic-profiles GAMER variables Filter-OUT uid
set dynamic-profiles GAMER variables Filter-IN-V6 uid
set dynamic-profiles GAMER variables Filter-OUT-V6 uid

#aplicar na interface
set dynamic-profiles GAMER interfaces pp0 unit "$junos-interface-unit" family inet
filter input "$Filter-IN"
set dynamic-profiles GAMER interfaces pp0 unit "$junos-interface-unit" family inet
filter output "$Filter-OUT"

set dynamic-profiles GAMER interfaces pp0 unit "$junos-interface-unit" family inet6


filter input "$Filter-IN-V6"
set dynamic-profiles GAMER interfaces pp0 unit "$junos-interface-unit" family inet6
filter output "$Filter-OUT-V6"

#UPLOAD
set dynamic-profiles GAMER firewall family inet filter "$Filter-IN" interface-
specific
set dynamic-profiles GAMER firewall family inet filter "$Filter-IN" term 10 then
policer "$Policer-IN"
set dynamic-profiles GAMER firewall family inet filter "$Filter-IN" term 10 then
accept
set dynamic-profiles GAMER firewall family inet filter "$Filter-IN" term 10 then
dscp cs5
set dynamic-profiles GAMER firewall family inet filter "$Filter-IN" term 10
forwarding-class network-control
#DOWNLOAD
set dynamic-profiles GAMER firewall family inet filter "$Filter-OUT" interface-
specific
set dynamic-profiles GAMER firewall family inet filter "$Filter-OUT" term 10 then
policer "$Policer-OUT"
set dynamic-profiles GAMER firewall family inet filter "$Filter-OUT" term 10 then
accept

set dynamic-profiles GAMER firewall family inet filter "$Filter-OUT" term 10 then
dscp cs5
set dynamic-profiles GAMER firewall family inet filter "$Filter-OUT" term 10 then
forwarding-class network-control

set dynamic-profiles GAMER firewall family inet6 filter "$Filter-IN-V6" interface-


specific
set dynamic-profiles GAMER firewall family inet6 filter "$Filter-IN-V6" term 10
then policer "$Policer-IN"
set dynamic-profiles GAMER firewall family inet6 filter "$Filter-IN-V6" term 10
then accept
set dynamic-profiles GAMER firewall family inet6 filter "$Filter-OUT-V6" interface-
specific
set dynamic-profiles GAMER firewall family inet6 filter "$Filter-OUT-V6" term 10
then policer "$Policer-OUT"
set dynamic-profiles GAMER firewall family inet6 filter "$Filter-OUT-V6" term 10
then accept

#UPLOAD
set dynamic-profiles GAMER firewall policer "$Policer-IN" logical-interface-policer
set dynamic-profiles GAMER firewall policer "$Policer-IN" if-exceeding bandwidth-
limit "$Bandwidth-IN"
set dynamic-profiles GAMER firewall policer "$Policer-IN" if-exceeding burst-size-
limit "$Burst-IN"
set dynamic-profiles GAMER firewall policer "$Policer-IN" then discard

#DOWNLOAD
set dynamic-profiles GAMER firewall policer "$Policer-OUT" logical-interface-
policer
set dynamic-profiles GAMER firewall policer "$Policer-OUT" if-exceeding bandwidth-
limit "$Bandwidth-OUT"
set dynamic-profiles GAMER firewall policer "$Policer-OUT" if-exceeding burst-size-
limit "$Burst-OUT"
set dynamic-profiles GAMER firewall policer "$Policer-OUT" then discard

You might also like