This article provides an example on how to assign fixed IPv4 address and IPv6 prefix for a Dual Stack PPPoE subscriber.
In this example, the radius server is Freeradius.
Topology:
Dual Stack PPPoE subscriber <----> (xe-0/2/0)MX(ge-0/0/0) <----> Radius Server
In this example, two users are created to verify the result.
- User "pppoe" will get dynamic addresses from pool, which configured on MX.
- User "pppoe-u1" will get a fixed IPv4 address and ndra+dhcpv6-pd prefixes, which is assigned by radius server.
First, check if relevant standard files have been included into "dictionary" file:
[root@radius ~]# more /usr/local/share/freeradius/dictionary | egrep "2865|3162|4818"
$INCLUDE dictionary.rfc2865
$INCLUDE dictionary.rfc3162
$INCLUDE dictionary.rfc4818
The RFC files above includes the following attributes, which is needed to use in this example:
[root@radius ~]# more /usr/local/share/freeradius/dictionary.rfc2865 | grep "Framed-IP-Address"
ATTRIBUTE Framed-IP-Address 8 ipaddr
[root@radius ~]# more /usr/local/share/freeradius/dictionary.rfc3162 | grep "Framed-IPv6-Prefix"
ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix
[root@radius ~]# more /usr/local/share/freeradius/dictionary.rfc4818 | grep "Delegated-IPv6-Prefix"
ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix
By default, Freeradius included those files. You may need to add "$INCLUDE dictionary.rfc4818" in the dictionary file.
Then add the following two users in the file of "/usr/local/etc/raddb/users" as follows:
pppoe Cleartext-Password := "$ABC123"
Service-Type = Framed-User,
Framed-Protocol = PPP
pppoe-u1 Cleartext-Password := "$ABC123"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IPv6-Prefix = "fec0:1:1:1::/64",
Delegated-IPv6-Prefix = "fec0:1:1:1000::/64",
Framed-IP-Address = 3.3.3.3
MX configuration example:
dynamic-profiles {
dyn-pppoe {
interfaces {
pp0 {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
family inet {
unnumbered-address lo0.0;
}
family inet6 {
address $junos-ipv6-address;
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
other-stateful-configuration;
prefix $junos-ipv6-ndra-prefix;
}
}
}
}
dyn-vlan {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
no-traps;
vlan-id "$junos-vlan-id";
family pppoe {
dynamic-profile dyn-pppoe;
}
}
}
}
}
}
system {
services {
dhcp-local-server {
dhcpv6 {
overrides {
process-inform {
pool v6-ndra-p1;
}
delegated-pool v6-pd-p1;
}
group v6-ppp {
interface pp0.0;
}
}
}
}
}
access-profile dyn-radius;
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 9.0.0.1/24;
}
}
}
xe-0/2/0 {
flexible-vlan-tagging;
auto-configure {
vlan-ranges {
dynamic-profile dyn-vlan {
accept pppoe;
ranges {
1-4094;
}
}
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
}
}
access {
group-profile dns-server {
ppp {
primary-dns 8.8.8.8;
secondary-dns 8.8.4.4;
}
}
profile dyn-radius {
authentication-order radius;
radius {
authentication-server 9.0.0.9;
accounting-server 9.0.0.9;
}
radius-server {
9.0.0.9 {
port 1812;
accounting-port 1813;
secret "$ABC123"; ## SECRET-DATA
source-address 1.1.1.1;
}
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
coa-immediate-update;
update-interval 10;
statistics volume-time;
}
}
address-assignment {
neighbor-discovery-router-advertisement v6-ndra-p1;
pool pppoe-p1 {
family inet {
network 3.1.0.0/16;
range p1 {
low 3.1.0.2;
high 3.1.100.254;
}
xauth-attributes {
primary-dns 8.8.8.8/32;
secondary-dns 8.8.4.4/32;
}
}
}
pool v6-ndra-p1 {
family inet6 {
prefix 3001::/48;
range v6-ndra-p1-r1 prefix-length 64;
dhcp-attributes {
dns-server {
2222::5;
2222::6;
}
}
}
}
pool v6-pd-p1 {
family inet6 {
prefix 3000::/48;
range v6-pd-p1-r1 prefix-length 64;
dhcp-attributes {
dns-server {
2222::3;
2222::4;
}
}
}
}
}
address-protection;
}
Verification
User “pppoe” got dynamic addresses from pool and user "pppoe-u1" got fixed address which is assigned by the radius server:
user@mx> show subscribers user-name pppoe
Interface IP Address/VLAN ID User Name LS:RI
pp0.3221225474 3.1.0.2 pppoe default:default
* 3000::/64
* 3001::/64
user@mx> show subscribers user-name pppoe-u1
Interface IP Address/VLAN ID User Name LS:RI
pp0.3221225473 3.3.3.3 pppoe-u1 default:default
* fec0:1:1:1000::/64
* fec0:1:1:1::/64