Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] Example of minimal MX LAC configuration with a RADIUS-based subscriber profile

0

0

Article ID: KB37499 KB Last Updated: 30 Sep 2021Version: 1.0
Summary:

This article explains how MX BNG can be used as L2TP LAC by using only a dynamic RADIUS-based subscriber profile.

The example:

  • Includes dynamic VLAN configuration options for the Point-to-Point Protocol over Ethernet (PPPoE) subscriber interface

  • Uses the FreeRADIUS RADIUS server. An example of a FreeRADIUS user profile is included.

Solution:

If MX BNG is already configured to terminate PPPoE subscribers, it is not necessary to add any static L2TP configuration in order to enable the Layer 2 Tunneling Protocol (L2TP) L2TP access concentrator (LAC) functionality.

Topology

CPE <-----> ([SVLAN 100, CVLAN 100]ge-0/0/0) MX BNG (ge-0/0/3) <-----> [core network] <-----> LNS, RADIUS, etc

Configuration

system {
    configuration-database {
        max-db-size 314572800;
    }
    services {
        subscriber-management {
            enable;
        }
    }
    dynamic-profile-options {
        versioning;
    }
}
chassis {
    network-services enhanced-ip;
}
access-profile aaa-profile;
interfaces {
    ge-0/0/0 {
        flexible-vlan-tagging;
        auto-configure {
            stacked-vlan-ranges {
                dynamic-profile auto-stacked-vlan {
                    accept pppoe;
                    ranges {
                        1-4000,any;
                    }
                }
            }
            remove-when-no-subscribers;
        }
    }
    ge-0/0/3 {
        unit 0 {
            family inet {
                address 10.1.12.1/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.1.1.1/32;
            }
        }
    }
}
access {
    radius-server {
        10.1.6.30 secret "$ABC123"; ## SECRET-DATA
    }
    profile aaa-profile {
        authentication-order radius;
        radius {
            authentication-server 10.1.6.30;
        }
    }
}
protocols {
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/3.0 {
                interface-type p2p;
            }
            interface lo0.0 {
                passive;
            }
        }
    }
}
dynamic-profiles {
    auto-stacked-vlan {
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    no-traps;
                    vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
                    demux-options {
                        underlying-interface "$junos-interface-ifd-name";
                    }
                    family pppoe {
                        dynamic-profile prod-pppoe-base;
                    }
                }
            }
        }
    }
    prod-pppoe-base {
        routing-instances {
            "$junos-routing-instance" {
                interface "$junos-interface-name";
            }
        }
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    no-traps;
                    ppp-options {
                        chap;
                        pap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    keepalives interval 30;
                    family inet {
                        rpf-check;
                        unnumbered-address "$junos-loopback-interface";
                    }
                }
            }
        }
    }
}

FreeRADIUS subscriber profile

l2tp    Cleartext-Password := "spirent"
        Service-Type = Framed-User,
        Tunnel-Client-Endpoint:1 += 10.1.1.1,
        Tunnel-Server-Endpoint:1 += 10.1.1.3,
        Tunnel-Type:1 += l2tp,
        Tunnel-Medium-Type:1 += IP

Verification

user@device> show version | match os:
Junos: 19.4R3-S2.2

user@device> show subscribers
Interface             IP Address/VLAN ID                      User Name                      LS:RI
demux0.3221225472     0x8100.100 0x8100.100                                             default:default
pp0.3221225473        Tunneled                                l2tp                      default:default
user@device> show subscribers detail
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.3221225472
Interface type: Dynamic
Underlying Interface: ge-0/0/0
Dynamic Profile Name: auto-stacked-vlan
Dynamic Profile Version: 1
State: Active
Session ID: 1
PFE Flow ID: 26
Stacked VLAN Id: 0x8100.100
VLAN Id: 0x8100.100
Login Time: 2021-09-14 12:33:26 CEST

Type: PPPoE
User Name: l2tp
Logical System: default
Routing Instance: default
Interface: pp0.3221225473
Interface type: Dynamic
Underlying Interface: demux0.3221225472
Dynamic Profile Name: prod-pppoe-base
Dynamic Profile Version: 1
MAC Address: 00:10:94:00:00:01
State: Active
PPP State: Tunneled
Local IP Address: 10.1.1.1
Remote IP Address: 10.1.1.3
Radius Accounting ID: 2
Session ID: 2
PFE Flow ID: 28
Stacked VLAN Id: 100
VLAN Id: 100
Login Time: 2021-09-14 12:33:26 CEST

user@device> show dynamic-profile session client-id 2
prod-pppoe-base {
    routing-instances {
        default {
            interface pp0.3221225473;
        }
    }
    interfaces {
        pp0 {
            unit 3221225473 {
                no-traps;
                ppp-options {
                    chap;
                    pap;
                }
                pppoe-options {
                    underlying-interface demux0.3221225472;
                    server;
                }
                keepalives interval 30;
                family {
                    inet {
                        rpf-check;
                        unnumbered-address NONE;
                    }
                }
            }
        }
    }
}
Refer to KB36435 - [Subscriber Management] Understanding end-to-end IPv4 PPPoE Subscriber config on MX with Static/Dynamic VLAN option for yet another example of MX BNG configuration that can be used to terminate PPPoE subscribers.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search