If you want to steer specific traffic, or otherwise regulate certain types of
traffic, you need to have developed enforcement policies. If using a Gx interface to a
PCRF, you need to create a listener that connects to a PCRF.
You can create listeners that specify how to handle traffic for policy enforcement.
Creating a listener does preliminary setup on the BIG-IP® system
for application visibility, intelligent steering, bandwidth management, and reporting.
On the Main tab, click
The Listeners screen opens.
The New Listener screen opens.
In the Name field, type a unique name for the listener.
For the Destination setting, select Host
or Network, and type the IP address or network and netmask to
Tip: You can use a catch-all virtual server
(0.0.0.0) to specify all traffic that is routed to the BIG-IP® system.
The system will create a virtual server using the address or network you
For the Service Port setting, type or select the service port
for the virtual server.
Subscriber provisioning using RADIUS is enabled by default. If your system is using
RADIUS for snooping subscriber identity, you need to specify VLANs and tunnels. If you are
not using RADIUS, you need to disable it.
- For the VLANs and Tunnels setting, move the VLANs and
tunnels that you want to monitor for RADIUS traffic from the
Available list to the Selected
- If you do not want to use RADIUS, from the Subscriber Identity
Collection list, select Disabled.
In the Policy Provisioning area, select enforcement policies to apply to the
The system applies the global policy to all subscribers in parallel with the
subscriber policies. High-precedence global policies override conflicting subscriber
policies, and low-precedence policies are overridden by conflicting subscriber
For Global Policy, move policies to apply to all subscribers
to High Precedence or Low
For Unknown Subscriber Policy, move policies to use if the
subscriber is unknown to Selected.
The Policy Enforcement Manager creates a listener, and displays the listener
When you create a listener, the Policy Enforcement Manager™ also
creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual
server for HTTP traffic. The system enables classification and assigns the appropriate
policy enforcement profile to the virtual servers. If you are connecting to a RADIUS
authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the
BIG-IP® system, the system classifies the traffic, and if you have developed policies, the system performs
the actions specified by the enforcement policy rules.