[j-nsp] MX80 Subscriber Management
Dan White
dwhite at olp.net
Thu Nov 10 10:26:18 EST 2016
On 11/10/16 08:55 -0600, kworm83 at gmail.com wrote:
>Hi, I’m trying to get rid of an old Redback SMS device in our network and
>I would like to replicate it’s functionality on an MX. We have some
>legacy subscribers that come in via Ethernet in the SVLAN model, i.e. an
>outer tag that identifies the MSAN and then an inner tag for each
>subscriber. Currently the Redback relays the DHCP requests and no radius
>auth is done…our DHCP server allows or denies the request based on MAC.
>Would anyone familiar with this feature on the MX80 care to share a config
>snippet as to how that would be done. I’ve had a look at some of the Day
>One stuff but it seems to be more complex and involve radius auth which I
>would like to avoid.
We went through a similar migration a few years back. I've attached some
snippets. We're currently in a v4 to v6 transition, so you'll see
references to both.
--
Dan White
-------------- next part --------------
dynamic-profiles {
double_tagged_hsi {
interfaces {
demux0 {
unit "$junos-interface-unit" {
proxy-arp;
vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family inet {
unnumbered-address lo0.0 preferred-source-address 192.0.2.1;
}
family inet6;
}
}
}
}
user-profile {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-underlying-interface-unit" {
family inet;
family inet6;
}
}
}
}
double_tagged_ipv6_hsi {
interfaces {
demux0 {
unit "$junos-interface-unit" {
demux-source [ inet inet6 ];
proxy-arp;
vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family inet {
unnumbered-address lo0.0 preferred-source-address 192.0.2.1;
}
family inet6 {
address $junos-ipv6-address;
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
max-advertisement-interval 30;
other-stateful-configuration;
default-lifetime 9000;
prefix $junos-ipv6-ndra-prefix;
}
}
}
}
}
system {
...
services {
...
dhcp-local-server {
dhcpv6 {
overrides {
process-inform {
pool v6_prefix_pool;
}
}
group hsiv6 {
overrides {
process-inform {
pool v6_prefix_pool;
}
delegated-pool v6_prefix_pool;
}
interface ge-4/0/7.1;
interface ae0.109;
interface demux0.1073746207;
...
}
}
authentication {
username-include {
mac-address;
}
}
}
static-subscribers {
access-profile {
hsi_access;
}
dynamic-profile {
user-profile;
}
}
interfaces {
gigether-options {
802.3ad {
lacp {
port-priority 32769;
}
ae0;
}
}
gigether-options {
802.3ad {
lacp {
port-priority 32768;
}
ae0;
}
}
ae0 {
description HSI_LAG;
hierarchical-scheduler;
flexible-vlan-tagging;
auto-configure {
stacked-vlan-ranges {
dynamic-profile double_tagged_hsi {
accept inet;
ranges {
2-2408,any;
2410-4094,any;
}
}
dynamic-profile double_tagged_ipv6_hsi {
accept [ inet inet6 ];
ranges {
2409-2409,any;
}
}
access-profile hsi_access;
}
}
mtu 9192;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
lacp {
active;
}
}
unit 2 {
### This is a "static" customer as opposed to a dynamic/demux customer
description 20014_Al_Smith;
proxy-arp;
vlan-tags outer 2150 inner 25;
family inet {
unnumbered-address lo0.0 preferred-source-address 192.0.2.1;
}
}
lo0 {
unit 0 {
family inet {
address 192.0.2.1/32;
}
family inet6 {
2001:DB8::1/32
}
}
}
}
forwarding-options {
dhcp-relay {
authentication {
username-include {
mac-address;
}
}
overrides {
always-write-giaddr;
interface-client-limit 5;
}
server-group {
hsi {
198.51.100.254;
198.51.100.253;
}
}
active-server-group hsi;
group hsi {
overrides {
trust-option-82;
interface-client-limit 5;
proxy-mode;
}
relay-option-82 {
circuit-id;
}
interface ge-4/0/6.0;
interface ae0.42;
interface ae0.88 {
overrides {
interface-client-limit 100;
}
}
interface demux0.1073742944 {
overrides {
interface-client-limit 10;
}
}
}
}
}
routing-options {
static {
route 192.0.2.2/32 {
qualified-next-hop ae0.2;
}
}
}
protocols {
router-advertisement {
interface demux0.0;
interface ae0.2 {
max-advertisement-interval 10;
prefix 2001:DB8:a:2::/64 {
on-link;
}
}
}
access {
profile hsi_access {
authentication-order none;
}
profile hsi_v6_access {
authentication-order none;
}
address-assignment {
neighbor-discovery-router-advertisement hsi_v6_ra;
pool hsi_v6_ra {
family inet6 {
prefix 2001:DB8:2::/48;
range hsi_v6_ra_64 prefix-length 64;
dhcp-attributes {
dns-server {
2001:DB8::254;
2001:DB8::253;
}
}
}
}
pool v6_prefix_pool {
family inet6 {
prefix 2001:DB8:4000::/34;
range v6_prefix_pool_v8 prefix-length 48;
dhcp-attributes {
maximum-lease-time 86400;
grace-period 3600;
dns-server {
2001:DB8::254;
2001:DB8::253;
}
}
}
}
}
}
More information about the juniper-nsp
mailing list