Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] Example Configuration for Wifi Access Gateway (WAG)

0

0

Article ID: KB34538 KB Last Updated: 13 Jun 2019Version: 1.0
Summary:

This article is to demonstrates configuring and verifying a WAG client for Enhanced Subscriber Management using IP-DEMUX and DHCP Local Server functionality.

Solution:

Wifi Access Gateway is supported 16.1R4 Enhanced Subscriber Management.

TOPOLOGY

 

 

CONFIGURATION

The configuration noted below based on this simple topology is using DHCPv4 only with the WAG acting as a DHCPv4 local server. In this example, VLAN-demux0 and IP-DEMUX is used to terminate these subscribers.

CHASSIS STANZA

Define tunnel-services for FPC/PIC used for LT interfaces.

set chassis fpc 5 pic 0 tunnel-services bandwidth 10g

Define the amount of pseudo interfaces used globally.

set chassis pseudowire-service device-count 100

INTERFACE STANZA

Interface receiving the GRE encapsulated DHCP control/traffic.

set interfaces xe-5/3/0 vlan-tagging
set interfaces xe-5/3/0 unit 4000 vlan-id 4000
set interfaces xe-5/3/0 unit 4000 family inet address 60.60.60.1/24

Define PSX interface for GRE tunnel termination.

set interfaces ps1 anchor-point lt-5/0/0
set interfaces ps1 flexible-vlan-tagging  <-- must use even with untagged
set interfaces ps1 unit 0 encapsulation ethernet-ccc <-- must use as it’s the transport logical interface

Define lt-x/x/x to support HS for COS at the subscriber level.  If one needs COS for clients, then HS maybe added to the lt-x/x/x.  COS is NOT supported for GRE Tunnels attachments.

set interfaces lt-5/0/0 hierarchical-scheduler 
 

DYNAMIC-PROFILE FOR SOFT-GRE

Profile used for dynamically creating GRE tunnels.  This contains a nested profile for the auto-sensed VLAN creation.

labroot@MXtest# run show configuration dynamic-profiles WAG-GRE-TUNNEL
interfaces {
    "$junos-interface-ifd-name" {
        unit "$junos-interface-unit" {
            auto-configure {
                stacked-vlan-ranges {
                    dynamic-profile WAG-SVLAN {
                        accept inet;
                        ranges {
                            any,any;
                        }
                    }
                }
                remove-when-no-subscribers;
            }
            family inet {
                unnumbered-address lo0.0; <-- tunnel will fail if family inet is missing
            }

DYNAMIC-PROFILE FOR AUTO-SENSED VLAN

Profile used to create dynamic VLAN’s within the GRE tunnel. In this example, dual-tagged VLAN are required.  Single/dual-tag and untagged are supported.  VLAN and VLAN demux0 is supported.

labroot@MXtest# run show configuration dynamic-profiles WAG-SVLAN
interfaces {
    demux0 {
        unit "$junos-interface-unit" {
            demux-source inet;
            vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
            demux-options {
                underlying-interface "$junos-interface-ifd-name";
            }
            family inet {
                unnumbered-address lo0.0;
            }

DYNAMIC-PROFILE FOR DHCP-IP-DEMUX0

labroot@MXtest> show configuration dynamic-profiles IP-DEMUX        
routing-instances {
    "$junos-routing-instance" {
        interface "$junos-interface-name";
    }
}
interfaces {
    demux0 {
        unit "$junos-interface-unit" {
            demux-options {
                underlying-interface "$junos-underlying-interface";
            }
            family inet {
                demux-source {
                    $junos-subscriber-ip-address;
                }
                unnumbered-address "$junos-loopback-interface";
            }

SERVICE SOFT-GRE STANZA

Define GRE source and destination address.  Source address would typically be lo0.0.  Destination address is networks used for the access-points.  PS and GRE dynamic-profile defined.

set services soft-gre GRE-DHCP source-address 20.1.1.100  ****lo0.0
set services soft-gre GRE-DHCP destination-networks 60.60.60.0/24 ****Access points
set services soft-gre GRE-DHCP service-interface ps1
set services soft-gre GRE-DHCP dynamic-profile WAG-GRE-TUNNEL

DHCP LOCAL SERVER

set system services dhcp-local-server group WAG-DHCPv4 interface demux0.0
set system services dhcp-local-server group WAG-DHCPv4 interface ps1.0
 
set access address-assignment pool WAG-POOL family inet network 200.187.80.0/24
set access address-assignment pool WAG-POOL family inet range TEST low 200.187.80.2
set access address-assignment pool WAG-POOL family inet range TEST high 200.187.80.221
set access address-assignment pool WAG-POOL family inet dhcp-attributes server-identifier 20.1.1.100
set access address-assignment pool WAG-POOL family inet dhcp-attributes router 60.60.60.1

VERIFYING:

Service Tunnel output – SA/DA of tunnel with traffic stats.  Subscriber count seems to be only accurate with IP-DEMUX0 interfaces.

labroot@MXtest> show services soft-gre tunnel extensive
  Interface Name: ps1.3221231188, Group Name: GRE-DHCP
    Local IP: 20.1.1.100
    Remote IP: 60.60.60.2
    Subscribers: 1
    Routing Instance: default
    Create time: 2018-04-06 15:03:44 UTC
    Statistics since: Fri Apr  6 15:03:44 2018
      Statistic         Packets        Bytes
       Data Rx               11         2492
       Data Tx               10         2495
 

Show subscriber – Provide output of GRE/VLAN/DHCP via SMID

labroot@MXtest> show subscribers 
Interface           IP Address/VLAN ID    User Name     LS:RI
ps1.3221231188      60.60.60.2                          ****GRE TUNNEL Endpoint
demux0.3221231189   0x8100.100 0x8100.1                 default:default***VLAN-DMEUX
demux0.3221231191   200.187.80.14                       default:default***IP-Demux0

labroot@MXtest> show subscribers client-type gre extensive  
Type: GRE
IP Address: 60.60.60.2
Interface: ps1.3221231188
Dynamic Profile Name: WAG-GRE-TUNNEL
Dynamic Profile Version: 2
State: Active
Session ID: 5717
PFE Flow ID: 5904
Login Time: 2018-04-06 15:03:44 UTC

labroot@MXtest> show subscribers client-type vlan extensive      
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.3221231189
Interface type: Dynamic
Underlying Interface: ps1  **** ps1.3221231188 (bug)
Dynamic Profile Name: WAG-SVLAN
Dynamic Profile Version: 2
State: Active
Session ID: 5718
PFE Flow ID: 5906
Stacked VLAN Id: 0x8100.100
VLAN Id: 0x8100.1
Login Time: 2018-04-06 15:03:44 UTC

labroot@MXtest> show subscribers client-type dhcp extensive    
Type: DHCP
IP Address: 200.187.80.14
IP Netmask: 255.255.255.0
Logical System: default
Routing Instance: default
Interface: demux0.3221231191
Interface type: Dynamic
Underlying Interface: demux0.3221231189
Dynamic Profile Name: IP-DEMUX
Dynamic Profile Version: 1
MAC Address: 00:15:01:00:00:01
State: Active
Radius Accounting ID: 5720
Session ID: 5720
PFE Flow ID: 5908
Stacked VLAN Id: 100
VLAN Id: 1
Login Time: 2018-04-06 15:16:59 UTC
DHCP Options: len 11
35 01 01 37 06 01 03 33 36 3a 3b
IP Address Pool: WAG-POOL
Accounting interval: 28800

DHCP binding information:

labroot@MXtest# run show dhcp server binding detail             
Client IP Address:  200.187.80.14
     Hardware Address:             00:15:01:00:00:01
     State:                        BOUND(LOCAL_SERVER_STATE_BOUND)
     Protocol-Used:                DHCP
     Lease Expires:                2018-04-10 06:17:27 UTC
     Lease Expires in:             61515 seconds
     Lease Start:                  2018-04-06 15:17:00 UTC
     Last Packet Received:         2018-04-09 06:17:27 UTC
     Incoming Client Interface:    demux0.3221231189***VlAN-DEMUX0 Interface
     Client Interface Svlan Id:    100
     Client Interface Vlan Id:     1
     Demux Interface:              demux0.3221231191  ***IP-DEMUX0 Interface
     Server Identifier:            20.1.1.100
     Session Id:                   5720
     Client Pool Name:             WAG-POOL
     Client Profile Name:          IP-DEMUX


SMGD statistics does have a counter for RX GRE packets

labroot@MXtest# run show system subscriber-management statistics extensive all | match gre 
    rx inet gre                          : 6


Route-table information.  Access/Access-internal routes will always show as Private Unicast for JSM subscribers.

labroot@MXtest# run show route protocol access-internal
inet.0: 265 destinations, 266 routes (147 active, 0 holddown, 118 hidden)
@ = Routing Use Only, # = Forwarding Use Only
+ = Active Route, - = Last Active, * = Both
 
200.187.80.14/32   *[Access-internal/12] 2d 21:56:37
                      Private unicast


labroot@MXtest# run show system subscriber-management route family inet route-type access-internal detail

 Route:  200.187.80.14/32
     Routing-instance:         default:default
     Kernel rt-table id :      0
     Family:                   AF_INET
     Route Type:               Access-internal
     Protocol Type:            Unspecified
     Interface:                demux0.3221231191
     Interface index:          5908
     Internal Interface index: 5908
     Route index:              5711
     Next-Hop:                 1288
     Reference-count:          1
     L2 Address:               00:15:01:00:00:01
     Flags:                    0x0
     Dirty Flags:              0x0


labroot@MXtest# run show system subscriber-management route family inet route-type kernel detail            

Route:  20.1.1.100.60.60.60/56
     Routing-instance:         default:default
     Kernel rt-table id :      0
     Family:                   AF_INET
     Route Type:               Kernel
     Protocol Type:            Access
     Interface:                none
     Interface index:          0
     Internal Interface index: 0
     Route index:              1
     Next-Hop:                 0
     Reference-count:          1
     L2 Address:               00:00:00:00:00:00
     Flags:                    0x80800
     Dirty Flags:              0x0
Route:  20.1.1.100.60.60.60.2.47.0.0.101.88/104 **Long route will be installed on every FPC
     Routing-instance:         default:default
     Kernel rt-table id :      0
     Family:                   AF_INET
     Route Type:               Kernel
     Protocol Type:            Access
     Interface:                ps1.3221231188
     Interface index:          5904
     Internal Interface index: 5904
     Route index:              5709
     Next-Hop:                 1288
     Reference-count:          1
     L2 Address:               00:00:00:00:00:00
     Flags:                    0x80400
     Dirty Flags:             

Breakdown of Long route:

4-byte Source IP address
4-byte destination IP address
1-byte IP protocol type 47 for GRE
4-byte GRE encapsulation (2-byte flags and version =0x0000 and 2-byte encaps bridging 0x6558)
 

CLEAR SERVICE SOFT-GRE TUNNEL

There is a new clear command that will clear out all/specific tunnels.  The tunnel must not have any upper bindings attached such as DHCP/VLAN.

Example:

labroot@MXtest# run show subscribers
Interface           IP Address/VLAN ID                User Name     LS:RI
ps1.3221231185      60.60.60.2
[edit]
labroot@MXtest# run clear services soft-gre tunnel all 
[edit]
labroot@MXtest# run show subscribers                     
Total subscribers: 0, Active Subscribers: 0

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search