Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] Example configuration - assigning fixed IPv4 address and IPv6 prefix for a Dual Stack PPPoE subscriber by radius server

0

0

Article ID: KB35642 KB Last Updated: 04 Apr 2020Version: 1.0
Summary:

This article provides an example on how to assign fixed IPv4 address and IPv6 prefix for a Dual Stack PPPoE subscriber.

In this example, the radius server is Freeradius.

Solution:

Topology:

Dual Stack PPPoE subscriber <----> (xe-0/2/0)MX(ge-0/0/0) <----> Radius Server

In this example, two users are created to verify the result.

  • User "pppoe" will get dynamic addresses from pool, which configured on MX.
  • User "pppoe-u1" will get a fixed IPv4 address and ndra+dhcpv6-pd prefixes, which is assigned by radius server.
First, check if relevant standard files have been included into "dictionary" file:
[root@radius ~]# more /usr/local/share/freeradius/dictionary | egrep "2865|3162|4818"
$INCLUDE dictionary.rfc2865
$INCLUDE dictionary.rfc3162
$INCLUDE dictionary.rfc4818
The RFC files above includes the following attributes, which is needed to use in this example:
[root@radius ~]# more /usr/local/share/freeradius/dictionary.rfc2865 | grep "Framed-IP-Address"
ATTRIBUTE	Framed-IP-Address			8	ipaddr

[root@radius ~]# more /usr/local/share/freeradius/dictionary.rfc3162 | grep "Framed-IPv6-Prefix"
ATTRIBUTE	Framed-IPv6-Prefix			97	ipv6prefix

[root@radius ~]# more /usr/local/share/freeradius/dictionary.rfc4818 | grep "Delegated-IPv6-Prefix"
ATTRIBUTE	Delegated-IPv6-Prefix			123	ipv6prefix
By default, Freeradius included those files. You may need to add "$INCLUDE dictionary.rfc4818" in the dictionary file.

Then add the following two users in the file of "/usr/local/etc/raddb/users" as follows:
pppoe    Cleartext-Password := "$ABC123"
         Service-Type = Framed-User,
         Framed-Protocol = PPP

pppoe-u1    Cleartext-Password := "$ABC123"
            Service-Type = Framed-User,
            Framed-Protocol = PPP,
            Framed-IPv6-Prefix = "fec0:1:1:1::/64",
            Delegated-IPv6-Prefix = "fec0:1:1:1000::/64",
            Framed-IP-Address = 3.3.3.3

MX configuration example:

dynamic-profiles {
    dyn-pppoe {
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    no-traps;
                    ppp-options {
                        chap;
                        pap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    family inet {
                        unnumbered-address lo0.0;
                    }
                    family inet6 {
                        address $junos-ipv6-address;
                    }
                }
            }
        }
        protocols {
            router-advertisement {
                interface "$junos-interface-name" {
                    other-stateful-configuration;
                    prefix $junos-ipv6-ndra-prefix;
                }
            }
        }
    }
    dyn-vlan {
        interfaces {
            "$junos-interface-ifd-name" {
                unit "$junos-interface-unit" {
                    no-traps;
                    vlan-id "$junos-vlan-id";
                    family pppoe {
                        dynamic-profile dyn-pppoe;
                    }
                }
            }
        }
    }
}
system {
    services {
        dhcp-local-server {
            dhcpv6 {
                overrides {
                    process-inform {
                        pool v6-ndra-p1;
                    }
                    delegated-pool v6-pd-p1;
                }
                group v6-ppp {
                    interface pp0.0;
                }
            }
        }
    }
}
access-profile dyn-radius;
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 9.0.0.1/24;
            }
        }
    }        
    xe-0/2/0 {
        flexible-vlan-tagging;
        auto-configure {
            vlan-ranges {
                dynamic-profile dyn-vlan {
                    accept pppoe;
                    ranges {
                        1-4094;
                    }
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.1.1.1/32;
            }
        }
    }
}
access {
    group-profile dns-server {
        ppp {
            primary-dns 8.8.8.8;
            secondary-dns 8.8.4.4;
        }
    }
    profile dyn-radius {
        authentication-order radius;
        radius {
            authentication-server 9.0.0.9;
            accounting-server 9.0.0.9;
        }
        radius-server {
            9.0.0.9 {
                port 1812;
                accounting-port 1813;
                secret "$ABC123"; ## SECRET-DATA
                source-address 1.1.1.1;
            }
        }
        accounting {
            order radius;
            accounting-stop-on-failure;
            accounting-stop-on-access-deny;
            coa-immediate-update;
            update-interval 10;
            statistics volume-time;
        }
    }
    address-assignment {
        neighbor-discovery-router-advertisement v6-ndra-p1;
        pool pppoe-p1 {
            family inet {
                network 3.1.0.0/16;
                range p1 {
                    low 3.1.0.2;
                    high 3.1.100.254;
                }
                xauth-attributes {
                    primary-dns 8.8.8.8/32;
                    secondary-dns 8.8.4.4/32;
                }
            }
        }
        pool v6-ndra-p1 {
            family inet6 {
                prefix 3001::/48;
                range v6-ndra-p1-r1 prefix-length 64;
                dhcp-attributes {
                    dns-server {
                        2222::5;
                        2222::6;
                    }
                }
            }
        }
        pool v6-pd-p1 {
            family inet6 {
                prefix 3000::/48;
                range v6-pd-p1-r1 prefix-length 64;
                dhcp-attributes {
                    dns-server {
                        2222::3;
                        2222::4;
                    }
                }
            }
        }
    }
    address-protection;
}

Verification

User “pppoe” got dynamic addresses from pool and user "pppoe-u1" got fixed address which is assigned by the radius server:
user@mx> show subscribers user-name pppoe
Interface             IP Address/VLAN ID                      User Name                      LS:RI
pp0.3221225474        3.1.0.2                                 pppoe                     default:default
*                     3000::/64
*                     3001::/64

user@mx> show subscribers user-name pppoe-u1
Interface             IP Address/VLAN ID                      User Name                      LS:RI
pp0.3221225473        3.3.3.3                                 pppoe-u1                  default:default
*                     fec0:1:1:1000::/64
*                     fec0:1:1:1::/64
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search