Add template for PPPoE-server that can use custom RADIUS attributes for policy and firewall. The template is applied to PPP interfaces.
For example, we have a QoS policy of 20 mbit for our internal networks and 10 mbit for other networks.
set qos policy limiter my-policy-10mbps-down class 10 bandwidth '20mbit' set qos policy limiter my-policy-10mbps-down class 10 match LOCAL-NET ip source address '192.0.2.0/24' set qos policy limiter my-policy-10mbps-down class 20 bandwidth '10mbit' set qos policy limiter my-policy-10mbps-down default bandwidth '30mbit'
Example of RADIUS attribute to use it:
cisco-avpair += ip:sub-qos-policy-out=my-policy-10mbps-down cisco-avpair += ip:sub-qos-policy-in=my-policy-10mbps-up
We read those attributes and apply this configured policy for dynamic PPP interfaces.
A similar way for the firewall:
set firewall ipv4 name FRWD-IN default-action 'accept' set firewall ipv4 name FRWD-IN rule 100 action 'drop' set firewall ipv4 name FRWD-IN rule 100 destination address '192.0.2.1' set firewall ipv4 name FRWD-IN rule 100 protocol 'tcp_udp'
Example of RADIUS attribute:
Framed-Filter-Id += FRWD-IN Framed-Filter-Id += FRWD-OUT
New PPP sessions will use this firewall.
For now, we cannot set QoS/Firewall for dynamic interfaces.