[j-nsp] MX-80 as a BRAS and as a LAC
Paul Stewart
paul at paulstewart.org
Thu Oct 24 08:50:45 EDT 2013
Also make sure you talk to your Juniper SE and engage him in your plans -
make sure you understand which code releases you require for your
deployment. The last I checked, LNS was not supported on MX80 but that
may have changed in recent 13.2 code.
Like everything there’s several ways to configure things - here’s a pretty
base configuration that will hopefully help point you in the right
direction… the local pool assignment isn’t need if your Radius is going to
hand out all dynamic addresses...
dynamic-profiles {
PPPOE {
predefined-variable-defaults {
input-filter PERMIT-ALL;
output-filter PERMIT-ALL;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
filter {
input "$junos-input-filter";
output "$junos-output-filter";
}
unnumbered-address lo0.0;
}
}
}
}
}
}
interfaces {
ge-1/0/0 {
description ge0-1-0.dis4.xxxxxxxxxx;
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 404 {
description xxxxxxxxx;
vlan-id 404;
family pppoe {
duplicate-protection;
dynamic-profile PPPOE;
short-cycle-protection;
}
}
}
}
access {
radius-server {
Xx.xxx.xx.xxx {
secret “xxxxxxxxxxx"; ## SECRET-DATA
source-address xx.xx.xxx.xx;
}
Xx.xxx.xxx.xx {
secret “xxxxxxxxxxx"; ## SECRET-DATA
source-address xx.xxx.xx.xx;
}
}
group-profile DNS {
ppp {
primary-dns xxx.xxx.xx.xxx;
secondary-dns xx.xx.x.xxx;
}
}
profile RADIUS {
accounting-order radius;
authentication-order radius;
radius {
authentication-server [ xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx ];
accounting-server [ xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx ];
options {
revert-interval 0;
client-authentication-algorithm round-robin;
client-accounting-algorithm round-robin;
}
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
immediate-update;
update-interval 10;
statistics volume-time;
}
}
address-assignment {
pool PPPOE-1 {
link PPPOE-2;
family inet {
network 10.0.0.0/24;
range 1 {
low 10.0.0.1;
high 10.0.0.254;
}
}
}
}
}
}
access-profile RADIUS;
Also note that this example doesn’t include anything for your routing. So
everything in JunOS is “access-internal” and you need to redistribute them
into OSPF (or whatever IGP you are running). When you redistribute them,
each route shows up separately for each subscriber - a large amount of /32
routes if you are not careful which can cause “bad things to happen(™)”.
What I did to work around this was to summarize the routes but in doing so
I had to ensure that static IP assignments would still function:
routing-options {
static {
route 10.0.0.0/24 discard;
}
}
policy-options {
term access-internal-1 {
from {
protocol access-internal;
route-filter 10.0.0.0/24 longer;
then reject;
}
term access-internal-2 {
from protocol access-internal;
then accept;
}
term implicit-deny {
then reject;
}
}
}
Hope that helps...
Paul
On 10/24/2013, 3:12 AM, "Terebizh, Evgeny" <eterebizh at amt.ru> wrote:
>Hi,
>Check out the feature map below:
>https://www.juniper.net/techpubs/en_US/junos12.3/information-products/path
>w
>ay-pages/subscriber-access/technology-overview-graphic.html
>
>Here¹s the relevant L2TP section:
>https://www.juniper.net/techpubs/en_US/junos13.2/information-products/path
>w
>ay-pages/subscriber-access/l2tp/subscriber-management-l2tp.html
>
>Bear in mind that you might need a juniper.net account to access these
>links.
>
>
>/Evgeny
>
>
>
>
>On 19/10/13 23:44, "Enoch Nyatoti" <enyatoti at yahoo.com> wrote:
>
>>Hello,
>>
>>I am new to Juniper hence my request. We would like to deploy BRAS and
>>LAC functionality on MX80 routers to existing Cisco NAS and I was
>>wondering if you could give me a lead on
>>how to configure these features in Junos including the relevant PPPoE
>>interface configuration. The idea is to tunnel some sessions to an LNS
>>depending on
>>the domain name.
>>_______________________________________________
>>juniper-nsp mailing list juniper-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list