[j-nsp] JunosE PPPOE Configuration Problem

HUNTER Jonathan Jonathan.HUNTER at mail.mobistar.be
Wed Sep 14 05:45:53 EDT 2011

Hi Gents,

Can you rewrite realms for specific users on the juniper ERX bras?

So for example jon1 at realm1.be can be rewritten before passed to radius as jon1 at realm2.be  so at a username level?

Thanks in advance.


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Hellberg
Sent: Saturday 10 September 2011 00:19
To: Paul Stewart; juniper-nsp-bounces at puck.nether.net; 'Thiago Lizardo de Moraes'
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] JunosE PPPOE Configuration Problem

A quirk of JUNOSe is that if you assign a static ip with framed-ip-address via RADIUS, you need to return DNS servers also by radius. it's been that way since day dot IIRC.


-----Original Message-----
From: "Paul Stewart" <paul at paulstewart.org>
Sender: juniper-nsp-bounces at puck.nether.net
Date: Fri, 9 Sep 2011 15:12:27
To: 'Thiago Lizardo de Moraes'<thilizardo at gmail.com>
Cc: <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] JunosE PPPOE Configuration Problem

Thank you...


I tried that again just in case but no success.  It's strange how it works with dynamic IP subscribers and not static IP subscribers as we don't have it in our Radius configuration at all.  Having said that, dynamic IP's are assigned directly by the ERX and static IP customers are assigned via Framed IP attribute in Radius.  On our Cisco platforms we added IPCP options that always worked regarding of dynamic/static assignment.


profile test

ip virtual-router default

ip unnumbered loopback 0

ip mtu 1492

ip sa-validate

ip tcp adjust-mss 1460

ppp authentication virtual-router default pap

ppp keepalive 120

ppp fragmentation

ppp reassembly

vlan auto-configure pppoe


virtual-router default

aaa authentication atm1483 default radius

aaa accounting atm1483 default radius

aaa authentication ip default radius

aaa accounting ip default radius

aaa authentication ipsec default radius

aaa accounting ipsec default radius

aaa dns primary

aaa dns secondary

aaa user accounting interval 10

aaa authentication ppp default radius

aaa accounting ppp default radius


Authentication/Accounting are working perfectly as are the dynamic/static IP assignments - it's just the lack of DNS assignment for static IP subscribers that is puzzling me...


Take care,





From: Thiago Lizardo de Moraes [mailto:thilizardo at gmail.com]
Sent: Friday, September 09, 2011 3:05 PM
To: Paul Stewart
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] JunosE PPPOE Configuration Problem


Hi Paul,


You can use this config: "aaa dns primary <DNS server IP>"

Best Regards,

Thiago Lizardo de Moraes

2011/9/9 Paul Stewart <paul at paulstewart.org>

Hi folks.

Working on a lab configuration with an ERX box.  When a PPPOE user connects and has  dynamic assignment, they get all attributes they require (ie. DNS servers).

When we do a static IP assignment to a username, they get no DNS assignments.  In the Cisco world, this was configured via the IPCP options and pushed down.

In the ERX configuration I tried to add "ppp ipcp prompt-option dns" under the default profile (which is what we're using at the moment) and this didn't solve the issue.

Is that the way that command is supposed to work?

Is there a way to have the ERX push down a specific DNS configuration when a user connections (which works on dynamic accounts) or do you have to assign the DNS via Radius attributes on static IP customers?

Thanks very much,


juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Thiago Lizardo de Moraes
Consultor Técnico
+55 41 8817 5563

juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp


This electronic transmission (and any attached document) is intended 
exclusively for the person or entity to whom it is addressed and may 
contain confidential and/or privileged material. 
Any disclosure, copying, distribution or other action  based upon 
the information by persons or entities other than the intended recipient
is prohibited. If you receive this message in error, please contact the 
sender and delete the material from any and all computers. 
Mobistar does not warrant a proper and complete transmission of this
information, nor does it accept liability for any delays.


More information about the juniper-nsp mailing list