[j-nsp] Non-dhcp users with subscriber management
Andrey Kostin
ankost at podolsk.ru
Mon Jul 15 17:07:18 EDT 2019
Hi Baldur,
Maybe this feature could be useful for you despite it's documented in
completely wrong place?
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dual-stack-pppoe-access-ndra.html#id-ip-demultiplexing-interfaces-on-packet-triggered-subscribers-services-overview
Kind regards,
Andrey
Baldur Norddahl писал 2019-07-04 13:10:
> Hello
>
> I am new to Juniper MX. I successfully managed to configure customer
> vlan with dynamic profiles for dhcp users. I attached the important
> parts of the configuration at the end of this message.
>
> In the real network we are using q-in-q double tagged vlans, but to
> make thing simple I am working with single tagged vlans for my lab. We
> have customers vlan, which is each customer has a unique vlan
> combination.
>
> My configuration will first cause a radius server to be queried for
> the validity of the vlan. Then the DHCP server is queried and finally
> the subscriber is active. This is working now.
>
> The problem is that I want customers to be able to configure without
> using DHCP. Each customer has a static IP configuration. When using
> DHCP the customer will always get the same IP address. We then tell
> the user that he can optionally use DHCP. Or he can use a static
> configuration if he likes that better.
>
> This is an existing ISP network working as described. We are working
> to replace the old BRAS with Juniper MX204. So it would be nice if we
> can keep it working like it is today.
>
> I am a bit stuck on where to go from here. Most of the examples I find
> are all assuming DHCP. I am thinking that it should be possible to
> supply the customer IP address via Radius instead of DHCP.
>
> If needed, I could find out which users are using static configuration
> without DHCP and then have Radius return something different for those
> users.
>
> Anyone have some advice for me?
>
> Regards,
>
> Baldur
>
> The working DHCP configuration:
>
> system {
> services {
> subscriber-management {
> maintain-subscriber {
> interface-delete;
> }
> enable;
> }
> }
> dynamic-profile-options {
> versioning;
> }
> }
> chassis {
> network-services enhanced-ip;
> }
> access-profile rad;
> interfaces {
> et-0/0/0 {
> flexible-vlan-tagging;
> auto-configure {
> vlan-ranges {
> dynamic-profile DYNINTF-1VLANS-DHCP-INET {
> accept any;
> ranges {
> any;
> }
> }
> authentication {
> password 12345678;
> username-include {
> user-prefix vlan;
> vlan-tags;
> }
> }
> access-profile rad;
> }
> }
> lo0 {
> unit 0 {
> family inet {
> address 1.2.3.4/32;
> }
> }
> }
> }
> forwarding-options {
> dhcp-relay {
> server-group {
> dhcp-group-1 {
> 1.2.3.5;
> }
> }
> active-server-group dhcp-group-1;
> group dhcp-group-1 {
> relay-option-82;
> interface et-0/0/0.0;
> }
> }
> }
> access {
> radius-server {
> 1.2.3.6 {
> secret "xxx"; ## SECRET-DATA
> source-address 1.2.3.4;
> }
> }
> profile rad {
> accounting-order radius;
> authentication-order radius;
> radius {
> authentication-server 1.2.3.6;
> accounting-server 1.2.3.6;
> options {
> revert-interval 0;
> }
> }
> accounting {
> order radius;
> immediate-update;
> update-interval 15;
> }
> }
> }
> dynamic-profiles {
> DYNINTF-1VLANS-DHCP-INET {
> interfaces {
> "$junos-interface-ifd-name" {
> unit "$junos-interface-unit" {
> proxy-arp restricted;
> vlan-id "$junos-vlan-id";
> family inet {
> unnumbered-address lo0.0;
> }
> }
> }
> }
> }
> }
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list