Hi Baldur,
Maybe this feature could be useful for you despite it's documented in
completely wrong place?
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dual-stack-pppoe-access-ndra.html#id-ip-demultiplexing-interfaces-on-packet-triggered-subscribers-services-overview
Kind regards,
Andrey
Baldur Norddahl писал 2019-07-04 13:10:
Hello
I am new to Juniper MX. I successfully managed to configure customer
vlan with dynamic profiles for dhcp users. I attached the important
parts of the configuration at the end of this message.
In the real network we are using q-in-q double tagged vlans, but to
make thing simple I am working with single tagged vlans for my lab. We
have customers vlan, which is each customer has a unique vlan
combination.
My configuration will first cause a radius server to be queried for
the validity of the vlan. Then the DHCP server is queried and finally
the subscriber is active. This is working now.
The problem is that I want customers to be able to configure without
using DHCP. Each customer has a static IP configuration. When using
DHCP the customer will always get the same IP address. We then tell
the user that he can optionally use DHCP. Or he can use a static
configuration if he likes that better.
This is an existing ISP network working as described. We are working
to replace the old BRAS with Juniper MX204. So it would be nice if we
can keep it working like it is today.
I am a bit stuck on where to go from here. Most of the examples I find
are all assuming DHCP. I am thinking that it should be possible to
supply the customer IP address via Radius instead of DHCP.
If needed, I could find out which users are using static configuration
without DHCP and then have Radius return something different for those
users.
Anyone have some advice for me?
Regards,
Baldur
The working DHCP configuration:
system {
services {
subscriber-management {
maintain-subscriber {
interface-delete;
}
enable;
}
}
dynamic-profile-options {
versioning;
}
}
chassis {
network-services enhanced-ip;
}
access-profile rad;
interfaces {
et-0/0/0 {
flexible-vlan-tagging;
auto-configure {
vlan-ranges {
dynamic-profile DYNINTF-1VLANS-DHCP-INET {
accept any;
ranges {
any;
}
}
authentication {
password 12345678;
username-include {
user-prefix vlan;
vlan-tags;
}
}
access-profile rad;
}
}
lo0 {
unit 0 {
family inet {
address 1.2.3.4/32;
}
}
}
}
forwarding-options {
dhcp-relay {
server-group {
dhcp-group-1 {
1.2.3.5;
}
}
active-server-group dhcp-group-1;
group dhcp-group-1 {
relay-option-82;
interface et-0/0/0.0;
}
}
}
access {
radius-server {
1.2.3.6 {
secret "xxx"; ## SECRET-DATA
source-address 1.2.3.4;
}
}
profile rad {
accounting-order radius;
authentication-order radius;
radius {
authentication-server 1.2.3.6;
accounting-server 1.2.3.6;
options {
revert-interval 0;
}
}
accounting {
order radius;
immediate-update;
update-interval 15;
}
}
}
dynamic-profiles {
DYNINTF-1VLANS-DHCP-INET {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
proxy-arp restricted;
vlan-id "$junos-vlan-id";
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
}
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
