JUNOSe 8.0.x Broadband Access Configuration Guide > Table of Contents
Table of Contents
-
About This Guide
- Objectives
- E-series Routers
- Audience
- Documentation Conventions
- Related E-series and JUNOSe Documentation
- E-series and JUNOSe Documents
- JUNOSe Configuration Guides
- Obtaining Documentation
- Documentation Feedback
- Requesting Support
-
Configuring Remote Access
- Overview
- B-RAS Data Flow
- Configuring IP Addresses for Remote Clients
- AAA Overview
- Platform Considerations
- B-RAS Protocol Support
- References
- Before You Configure B-RAS
- Configuration Tasks
- Configuring a B-RAS License
- Mapping a User Domain Name to a Virtual Router
- Mapping User Requests Without a Valid Domain Name
- Mapping User Requests Without a Configured Domain Name
- Using DNIS
- Redirected Authentication
- IP Hinting
- Setting Up Domain Name and Realm Name Usage
- Using the Realm Name as the Domain Name
- Using Delimiters Other Than @
- Using Either the Domain or the Realm as the Domain Name
- Specifying the Domain Name or Realm Name Parse Direction
- Stripping the Domain Name
- Domain Name and Realm Name Examples
- Specifying a Single Name for Users from a Domain
- Configuring RADIUS Authentication and Accounting Servers
- Server Access
- Server Request Processing Limit
- Authentication and Accounting Methods
- Supporting Exchange of Extensible Authentication Protocol Messages
- Immediate Accounting Updates
- Duplicate and Broadcast Accounting
- Configuring AAA Duplicate Accounting
- Configuring AAA Broadcast Accounting
- Overriding AAA Accounting NAS Information
- UDP Checksums
- Collecting Accounting Statistics
- Configuring RADIUS AAA Servers
- SNMP Traps and System Log Messages
- SNMP Traps
- System Log Messages
- Configuring SNMP Traps
- Configuring Local Authentication Servers
- Creating the Local Authentication Environment
- Creating Local User Databases
- Adding User Entries to Local User Databases
- Using the username Command
- Using the aaa local username Command
- Assigning a Local User Database to a Virtual Router
- Enabling Local Authentication on the Virtual Router
- Configuration Commands
- Local Authentication Example
- Configuring Name Server Addresses
- Configuration Tasks
- DNS Primary and Secondary NMS Configuration
- WINS Primary and Secondary NMS Configuration
- Configuring Local Address Servers
- Local Address Pool Ranges
- Local Address Pool Aliases
- Shared Local Address Pools
- SNMP Thresholds
- Configuring a Local Address Server
- Configuring DHCP Features
- Creating an IP Interface
- Single Clients per ATM Subinterface
- Multiple Clients per ATM Subinterface
- Configuring AAA Profiles
- Allowing or Denying Domain Names
- Configuration Example
- Using Domain Name Aliases
- Manually Setting NAS-Port-Type Attribute
- Service-Description Attribute
- Using VSAs for Dynamic IP Interfaces
- Traffic Shaping for PPP over ATM Interfaces
- Mapping Application Terminate Reasons to RADIUS Terminate Codes
- Configuration Example
- Configuring Timeout
- Limiting Active Subscribers
- Notifying RADIUS of AAA Failure
- Configuring the SDX Client
- Setting Baselines
- Monitoring Remote Access
-
Configuring RADIUS Attributes
- Overview
- RADIUS Services
- RADIUS Attributes
- Platform Considerations
- References
- Subscriber AAA Access Messages
- Supported RADIUS IETF Attributes
- Supported Juniper Networks VSAs
- Subscriber AAA Accounting Messages
- Supported RADIUS IETF Attributes
- Supported Juniper Networks VSAs
- Tunnel Accounting Messages
- DSL Forum VSAs in AAA Access and Accounting Messages
- CLI AAA Messages
- CLI Commands Used to Modify RADIUS Attributes
- RADIUS IETF Attributes
- [4] NAS-IP-Address
- [5] NAS-Port
- [8] Framed-IP-Address
- [9] Framed-Ip-Netmask
- [13] Framed-Compression
- [25] Class
- [30] Called-Station-Id
- [31] Calling-Station-Id
- [32] NAS-Identifier
- [41] Acct-Delay-Time
- [44] Acct-Session-Id
- [45] Acct-Authentic
- [49] Acct-Terminate-Cause
- [50] Acct-Multi-Session-Id
- [51] Acct-Link-Count
- [52] Acct-Input-Gigawords
- [53] Output-Gigawords
- [55] Event-Timestamp
- [61] NAS-Port-Type
- [64] Tunnel-Type
- [65] Tunnel-Medium-Type
- [66] Tunnel-Client-Endpoint
- [67] Tunnel-Server-Endpoint
- [68] Acct-Tunnel-Connection
- [77] Connect-Info
- [82] Tunnel-Assignment-Id
- [83] Tunnel-Preference
- [87] NAS-Port-Id
- [90] Tunnel-Client-Auth-Id
- [91] Tunnel-Server-Auth-Id
- [188] Ascend-Num-In-Multilink
- All Tunnel Server Attributes
- Juniper Networks Vendor-Specific Attributes
- [26-1] Virtual-Router
- [26-10] Ingress-Policy-Name
- [26-11] Egress-Policy-Name
- [26-14] Service-Category
- [26-15] PCR
- [26-16] SCR
- [26-17] MBS
- [26-24] Pppoe-Description
- [26-35] Acct-Input-Gigapackets
- [26-36] Acct-Output-Gigapackets
- [26-44] Tunnel-Interface-Id
- [26-51] Disconnect-Cause
- [26-53] Service-Description
- [26-55] DHCP-Options
- [26-56] DHCP-MAC-Address
- [26-57] DHCP-GI-Address
- [26-62] MLPPP-Bundle-Name
- [26-63] Interface-Desc
- [26-81] L2C-Information
- [26-92] L2C-Up-Stream-Data
- [26-93] L2C-Down-Stream-Data
- DSL Forum Vendor-Specific Attributes
- Including or Excluding Attributes in RADIUS Messages
- Ignoring Attributes When Receiving Access-Accept Messages
- Monitoring RADIUS Included and Ignored Attributes
-
Configuring RADIUS Dynamic-Request Server
- Overview
- Platform Considerations
- References
- How RADIUS Dynamic-Request Server Works
- RADIUS-Initiated Disconnect
- Disconnect Messages
- Message Exchange
- Error-Cause Attributes
- Qualifications for Disconnect
- Security/Authentication
- Configuring RADIUS-Initiated Disconnect
- RADIUS-Initiated Change of Authorization
- Change-of-Authorization Messages
- Message Exchange
- Error-Cause Attributes
- Qualifications for Change of Authorization
- Security/Authentication
- Configuring RADIUS-Initiated Change of Authorization
- RADIUS Dynamic-Request Server Commands
- Monitoring RADIUS Dynamic-Request Servers
-
Configuring RADIUS Relay Server
- Overview
- Platform Considerations
- References
- How RADIUS Relay Server Works
- Authentication and Addressing
- Accounting
- Terminating the Wireless Subscriber's Connection
- RADIUS Relay Server and the SDX Application
- Using the SDX Application for Addressing
- Using the SDX Application for Accounting
- Configuring RADIUS Relay Server Support
- Monitoring RADIUS Relay Server
-
Configuring TACACS+
- Overview
- AAA Overview
- Administrative Login Authentication
- Privilege Authentication
- Login Authorization
- Accounting
- Platform Considerations
- References
- Before You Configure TACACS+
- Configuring TACACS+ Support
- Configuring Authentication
- Configuring Accounting
- Monitoring TACACS+
-
Configuring L2TP
- Overview
- Terminology
- Implementing L2TP
- Sequence of Events on the LAC
- Sequence of Events on the LNS
- Packet Fragmentation
- Platform Considerations
- Module Requirements
- ERX-7xx Models, ERX-14xx Models, and the ERX-310 Router
- E320 Router
- Sessions and Tunnels Supported
- References
- Before You Configure the LAC or LNS
- Configuring the LAC
- Configuring Calling Number AVP Formats
- Configuration Tasks
- Mapping a User Domain Name to an L2TP Tunnel
- Mapping from Domain Map Tunnel Mode
- Mapping from Tunnel Group Tunnel Mode
- Configuring the RX Speed on the LAC
- Managing the L2TP Destination Lockout Process
- Modifying the Lockout Procedure
- Managing Address Changes Received from Remote Endpoints
- Configuring the LNS
- Configuring Maximum LNS Sessions
- Configuring the RADIUS Connect-Info Attribute on the LNS
- Selecting Tunnel-Service Modules for LNS Sessions Using MLPPP
- Overriding All Endpoint Discriminators
- Enabling Tunnel Switching
- Enabling Tunnel Selection
- Failover Between Preference Levels
- Failover Within a Preference Level
- Maximum Sessions per Tunnel
- Weighted Load Balancing
- Creating Persistent Tunnels
- Testing Tunnel Configuration
- Managing L2TP
- Configuring Disconnect Cause Information
- Configuring the Receive Window Size
- Configuring the Default RWS
- Configuring the RWS on the LAC
- Configuring the RWS on the LNS
- Configuring Peer Resynchronization
- Using the CLI to Configure Peer Resynchronization
- Using RADIUS to Configure Peer Resynchronization
- Configuring L2TP Tunnel Switch Profiles
- Applying the L2TP Tunnel Switch Profile
- Configuration Guidelines
- Configuring L2TP AVPs for Relay
- Configuration Tasks
- Enabling Tunnel Switching
- Configuring L2TP Tunnel Switch Profiles
- Applying L2TP Tunnel Switch Profiles by Using AAA Domain Maps
- Applying L2TP Tunnel Switch Profiles by Using AAA Tunnel Groups
- Applying L2TP Tunnel Switch Profiles by Using RADIUS
- Applying Default L2TP Tunnel Switch Profiles
- Configuring the Transmit Connect Speed Calculation Method
- Calculation Methods
- Static Layer 2
- Dynamic Layer 2
- QoS
- Actual
- Calculation Examples
- Example 1: L2TP Session over ATM 1483 Interface
- Example 2: L2TP Session over Ethernet VLAN Interface
- Transmit Connect Speed Reporting Considerations
- Session Termination for Dynamic Speed Timeout
- Advisory Speed Precedence for VLANs over Bridged Ethernet
- Using AAA Domain Maps to Configure the Transmit Connect Speed Calculation Method
- Using AAA Tunnel Groups to Configure the Transmit Connect Speed Calculation Method
- Using RADIUS to Configure the Transmit Connect Speed Calculation Method
- Using AAA Default Tunnel Parameters to Configure the Transmit Connect Speed Calculation Method
- PPP Accounting Statistics
- Monitoring L2TP
-
Configuring L2TP Dial-Out
- Overview
- Terms
- Network Model for Dial-Out
- Dial-Out Process
- Dial-Out Operational States
- Chassis
- Virtual Router
- Targets
- Sessions
- Outgoing Call Setup Details
- Access-Request Message
- Access-Accept Message
- Outgoing Call
- Mutual Authentication
- Route Installation
- Platform Considerations
- References
- Before You Configure L2TP Dial-Out
- Configuring L2TP Dial-Out
- Monitoring L2TP Dial-Out
-
Configuring DHCP
- Overview
- Integrated DHCP Access Server
- Service Deployment System
- Platform Considerations
- References
- Configuring the DHCP Access Model
- Configuring DHCP Proxy Clients
- Configuring DHCP Relay and BOOTP Relay
- Trust-All Method
- Assigning the Giaddr to Source IP Address
- Protecting Against Spoofed Giaddr and Relay Agent Option Values
- Using the Giaddr to Identify the Primary Interface for Dynamic Subscriber Interfaces
- DHCP Relay Configuration and ARP Spoof Checking
- Including Relay Agent Option Values in the PPPoE Remote Circuit ID
- Configuring Layer 2 Unicast Transmission Method for Reply Packets to DHCP Clients
- Configuring Relay Agent Information Option (Option 82) Suboption Values
- Format of the JUNOSe Data Field in the Vendor-Specific Suboption for Option 82
- Configuration Example—Using DHCP Relay Option 82 to Pass IEEE 802.1p Values to DHCP Servers
- Configuring DHCP Relay Proxy
- Managing Host Routes
- Selecting the DHCP Server Response
- Configuring DHCP Local Server
- DHCP Local Server Modes
- DHCPv6 Local Server
- Equal-Access Mode
- Standalone Mode
- Linking Local Address Pools
- DHCP Local Server Event Logs
- DHCP Local Server SNMP Traps
- Before You Configure DHCP Local Server
- Configuration Tasks
- Configuring the DHCP Local Server
- Configuring Grace Periods for Address Leases
- Configuring AAA Authentication for DHCP Standalone Mode
- Differentiating Between Clients with the Same Client ID or Hardware Address
- Logging Out DHCP Local Server Subscribers
- Clearing an IP DHCP Local Server Binding
- Configuring Cable Modem DHCP Relay
- Configuring the Router to Work with the SDX Application
- Configuring the DHCPv6 Local Server
- Configuring DHCP External Server Application
- Interoperating with Ethernet DSLAMs
- Configuring DHCP External Server Support
- Logging DHCP Packet Information
- Monitoring DHCP
-
Configuring Subscriber Management
- Overview
- Platform Considerations
- Subscriber Management Attributes
- Dynamic IP Subscriber Interfaces
- Subscriber Management Procedure
- Configuring Subscriber Management with an External DHCP Server
- Subscriber Management Commands
- Configuration Examples
- Username with ATM Circuit Identifier and No Circuit Type
- Username with VLAN Circuit Identifier and Circuit Type
- Username with MAC Address
- Monitoring Subscriber Management
-
Configuring Subscriber Interfaces
- Overview
- Relationship to Shared IP Interfaces
- Relationship to Primary IP Interfaces
- Ethernet Interfaces and VLANs
- Moving Interfaces
- Preventing IP Spoofing
- Routing Protocols
- Policies and QoS
- Applications
- Directing Traffic Toward Special Local Content
- Differentiating Traffic for VPNs
- Platform Considerations
- Interface Specifiers
- References
- Dynamic Creation of Subscriber Interfaces
- DHCP Servers
- DHCP Local Server and Address Allocation
- DHCP External Server and Address Allocation
- Supported Configurations
- Packet Detection
- Designating Traffic for the Primary IP Interface
- Configuring Static Subscriber Interfaces
- Using a Destination Address to Demultiplex Traffic
- Using a Source Address to Demultiplex Traffic
- Configuring Dynamic Subscriber Interfaces
- Configuring Dynamic Subscriber Interfaces over Ethernet
- Configuring Dynamic Subscriber Interfaces over VLANs
- Configuring Dynamic Subscriber Interfaces over Bridged Ethernet
- Configuring Dynamic Subscriber Interfaces over GRE Tunnels
- Dynamic Subscriber Interface Configuration Example
- Monitoring Subscriber Interfaces
-
Configuring Service Manager
- Overview
- Service Manager Terms and Acronyms
- Platform Considerations
- References
- Configuration Tasks
- Service Definitions
- Creating Service Definitions
- Managing Your Service Definitions
- Referencing Policies in Service Definitions
- Referencing QoS Configurations in Service Definitions
- Specifying QoS Profiles in a Service Definition
- Configuring a QoS Profile for Service Manager
- Specifying QoS Profiles in a Service Definition
- Specifying QoS Parameter Instances in a Service Definition
- Creating a Parameter Instance in a Profile
- Specifying QoS Parameter Instances in a Service Definition
- Modifying QoS Configurations with Service Manager
- Modifying Parameter Instances
- Modifying QoS Configurations in a Single Service Manager Event
- Modifying QoS Configurations Using Other Sources
- Removing QoS Configurations Referenced by Service Manager
- QoS for Service Manager Considerations
- RADIUS or Service Manager
- Interoperability with Other Service Components
- QoS Statistics
- Ranges
- Configuring the Service Manager License
- Managing and Activating Service Sessions
- Using RADIUS to Manage Subscriber Service Sessions
- Using RADIUS to Activate Subscriber Service Sessions
- Service Manager RADIUS Attributes
- Using Tags with RADIUS Attributes
- Using RADIUS to Deactivate Service Sessions
- Setting Thresholds
- Using the Deactivate-Service Attribute
- Configuring RADIUS Accounting for Service Manager
- Using the CLI to Manage Subscriber Service Sessions
- Using the CLI to Activate Subscriber Service Sessions
- Preprovisioning Services
- Using Service Session Profiles
- Using the CLI to Deactivate Subscriber Service Sessions
- Gracefully Deactivating Subscriber Service Sessions
- Forcing Immediate Deactivation of Subscriber Service Sessions
- Using Service Session Profiles to Deactivate Service Sessions
- Configuring Service Manager Statistics
- Setting Up the Service Definition File for Statistics Collection
- Enabling Statistics Collection with RADIUS
- Enabling Statistics Collection with the CLI
- Service Manager Performance Considerations
- Service Definition Examples
- Tiered Service Example
- Video-on-Demand Service Definition Example
- Voice-over-IP Service Definition Example
- Guided Entrance Service Example
- Guided Entrance Service Definition Example
- Using CoA Messages with Guided Entrance Services
- Configuring the HTTP Local Server to Support Guided Entrance
- Monitoring the HTTP Local Server
- Monitoring Service Manager
-
RADIUS Attribute Descriptions
- RADIUS IETF Attributes
- Juniper Networks VSAs
- DSL Forum VSAs
- Pass Through RADIUS Attributes
- References
-
L2TP Disconnect Cause Codes
-
Application Terminate Reasons
- AAA Terminate Reasons
- L2TP Terminate Reasons
- PPP Terminate Reasons
- RADIUS Client Terminate Reasons
-
Index