示例:配置 VLAN 订阅者的动态接口集
要求
此示例使用以下软件和硬件组件:
具有 MPC 的 MX 系列路由器
概述
在此示例中,网络管理员将动态 VLAN 接口分组到接口集中。接口集在动态配置文件中配置,并为多播服务的 VLAN 接口启用分层调度。
DHCP 用作接入方法,RADIUS 用作与接口集关联的接口的身份验证方法。
配置动态 VLAN
CLI 快速配置
要快速配置动态 VLAN,请复制以下命令并将其粘贴到路由器终端窗口中:
[edit] edit dynamic-profiles vlan-prof edit interfaces $junos-interface-ifd-name unit $junos-interface-unit set vlan-id $junos-vlan-id set demux-source inet set family inet unnumbered-address lo0.0 preferred-source-address 203.0.113.32 top edit interfaces ge-1/0/0 set hierarchical-scheduler set vlan-tagging edit auto-configure vlan-ranges dynamic-profile vlan-prof set ranges any set accept inet top set interfaces lo0 unit 0 family inet address 203.0.113.32/32
为自动配置的 VLAN 配置动态配置文件
分步程序
在本部分中,您将创建一个动态配置文件,以便在订阅者登录时自动分配 VLAN ID。
要为 VLAN 配置动态配置文件,请执行以下作:
配置动态配置文件。
[edit] user@host#edit dynamic-profile vlan-prof
配置接口。
[edit dynamic-profiles vlan-prof] user@host#edit interfaces $junos-interface-ifd-name unit $junos-interface-unit
添加 VLAN ID 变量。
[edit dynamic-profiles vlan-prof interfaces $junos-interface-ifd-name unit $junos-interface-unit] user@host#set vlan-id $junos-vlan-id
将多路分离源配置为 IPv4。
[edit dynamic-profiles vlan-prof interfaces $junos-interface-ifd-name unit $junos-interface-unit] user@host#set demux-source inet
配置家族。
[edit dynamic-profiles vlan-prof interfaces $junos-interface-ifd-name unit $junos-interface-unit] user@host#set family inet unnumbered-address lo0.0 preferred-source-address 203.0.113.32
配置 VLAN 接口
分步程序
要配置 VLAN 接口,请执行以下作:
创建 VLAN 接口。
[edit] user@host# edit interfaces ge-1/0/0
启用分层调度。
[edit interfaces ge-1/0/0] user@host# set hierarchical-scheduler
配置 VLAN 标记。
[edit interfaces ge-1/0/0] user@host# set vlan-tagging
为动态配置文件配置自动配置。
[edit interfaces ge-1/0/0] user@host# edit auto-configure vlan-ranges dynamic-profile vlan-prof
配置任意 VLAN ID 范围。
[edit interfaces ge-1/0/0 auto-configure vlan-ranges dynamic-profile vlan-prof] user@host# set ranges any
为 VLAN 指定 IPv4 流量。
[edit interfaces ge-1/0/0 auto-configure vlan-ranges dynamic-profile vlan-prof] user@host# set accept inet
配置环路接口
分步程序
要配置环路接口,请执行以下作:
创建环路接口。
[edit] user@host# edit interfaces lo0
配置设备和家族。
[edit intefaces lo0] user@host# set unit 0 family inet address 203.0.113.32/32
配置动态流量调度和整形
CLI 快速配置
要快速配置流量调度和整形参数,请将以下命令复制粘贴到路由器终端窗口中:
[edit] edit dynamic-profiles multiplay class-of-service schedulers be_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit ef_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit af_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit nc_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit voice_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit video_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit game_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up edit data_sch set transmit-rate percent 12 set buffer-size percent 12 set priority low up 2 edit scheduler-maps all_smap set forwarding-class be scheduler be_sch set forwarding-class ef scheduler ef_sch set forwarding-class af scheduler af_sch set forwarding-class nc scheduler nc_sch set forwarding-class voice scheduler voice_sch set forwarding-class video scheduler video_sch set forwarding-class game scheduler game_sch set forwarding-class data scheduler data_sch up 2 edit traffic-control-profiles multiplay set scheduler-map all_smap set shaping-rate 100m set guaranteed-rate 20m
在动态配置文件中配置调度器
分步程序
在本节中,您将为多播服务创建动态配置文件并配置调度和整形。
要配置调度程序,请执行以下作:
创建
multiplay动态配置文件。[edit] user@host# edit dynamic-profiles multiplay class-of-service schedulers
配置尽力服务计划程序。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit be_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置加速转发时间表。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit ef_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置有保证的转发时间表。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit af_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置网络控制时间表。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit nc_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置语音调度器。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit voice_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置视频调度程序。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit video_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置游戏调度程序。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit game_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
配置数据调度器。
[edit dynamic-profiles multiplay class-of-service schedulers] user@host# edit data_sch user@host# set transmit-rate percent 12 user@host# set buffer-size percent 12 user@host# set priority low
在动态配置文件中配置调度器图
分步程序
要配置调度器图,请执行以下作:
为所有服务配置调度器图。
[edit dynamic-profiles multiplay class-of-service] user@host# edit scheduler-maps all_smap
为调度器图中的每项服务配置转发类。
[edit dynamic-profiles multiplay class-of-service scheduler-maps all_smap] user@host# set forwarding-class be scheduler be_sch user@host# set forwarding-class ef scheduler ef_sch user@host# set forwarding-class af scheduler af_sch user@host# set forwarding-class nc scheduler nc_sch user@host# set forwarding-class voice scheduler voice_sch user@host# set forwarding-class video scheduler video_sch user@host# set forwarding-class game scheduler game_sch user@host# set forwarding-class data scheduler data_sch
在动态配置文件中配置流量控制配置文件
分步程序
要配置流量控制配置文件,接口集:
配置流量控制配置文件。
[edit dynamic-profiles multiplay class-of-service] user@host# edit traffic control-profiles multiplay
配置调度器图。
[edit dynamic-profiles multiplay class-of-service traffic control-profiles multiplay] user@host# set scheduler-map all_smap
配置整形速率。
[edit dynamic-profiles multiplay class-of-service traffic control-profiles multiplay] user@host# set shaping-rate 100m
配置保证速率。
[edit dynamic-profiles multiplay class-of-service traffic control-profiles multiplay] user@host# set guaranteed-rate 20m
在动态配置文件中配置接口集
CLI 快速配置
要快速配置接口集,请复制以下命令并将其粘贴到路由器终端窗口中:
[edit] edit dynamic-profiles multiplay edit interfaces interface-set $junos-interface-set-name set interface $junos-interface-ifd-name unit $junos-underlying-interface-unit top edit class-of-service interfaces interface-set set output-traffic-control-profile multiplay
为接口集配置接口
分步程序
要为接口集配置接口变量:
为接口集配置动态配置文件。
[edit] user@host#edit dynamic-profiles multiplay
使用 Junos OS 预定义变量配置接口。
[edit dynamic-profiles multiplay] user@host#edit interfaces $junos-interface-ifd-name unit $junos-underlying-interface-unit
配置家族。
[edit dynamic-profiles multiplay interfaces $junos-interface-set-name unit $junos-underlying-interface-unit] user@host#set family inet unnumbered-address lo0.0 preferred-source-address 203.0.113.32
配置接口集
分步程序
要配置接口集,请执行以下作:
使用 Junos OS 预定义变量配置接口集。
[edit dynamic-profiles multiplay] user@host#edit interfaces interface-set $junos-interface-set-name
将动态 VLAN 接口添加到接口集。
[edit dynamic-profiles multiplay interfaces $junos-interface-set-name] user@host#set interface $junos-interface-ifd-name unit $junos-underlying-interface-unit
将流量控制配置文件应用于接口集
分步程序
在层次结构中的 [edit class-of-service] 动态配置文件之外应用流量控制配置文件。
要应用流量控制配置文件,请执行以下作:
指定要应用流量控制配置文件的接口集。
[edit class-of-service] user@host#edit interfaces interface-set dynamic-set
将动态配置文件中定义的输出流量控制配置文件连接到接口集。
[edit class-of-service interfaces] user@host#set output-traffic-control-profile multiplay
配置 DHCP 访问
CLI 快速配置
要快速配置 DHCP 访问,请复制以下命令并将其粘贴到路由器终端窗口中:
[edit] edit system services dhcp-local-server authentication set password $ABC123 set username-include user-prefix multiplay up 1 set dynamic-profile dhcp-vlan-prof aggregate-clients replace set group vlans interface ge-1/0/0 top edit access address-assignment pool v4 family inet set network 203.0.113.0/16 set range limited low 203.0.113.10 set range limited high 203.0.113.250 set dhcp-attributes maximum-lease-time 84600
配置 DHCP 本地服务器
分步程序
要配置 DHCP 访问:
配置 DHCP 本地服务器。
[edit system] user@host# edit services dhcp-local-server authentication
设置密码。
[edit system services dhcp-local-server authentication] user@host# set password $ABC123
指定您希望在用户名中包含可选信息。
[edit system services dhcp-local-server authentication] user@host# set username-include user-prefix multiplay
使用接口集附加动态配置文件。
[edit system services dhcp-local-server] user@host# set dynamic-profile dhcp-vlan-prof aggregate-clients replace
为 VLAN 接口配置组。
[edit system services dhcp-local-server] user@host# set group vlans interface ge-1/0/0
配置地址分配池
分步程序
要配置地址分配池:
配置 IPv4 地址池。
[edit access] user@host#edit address-assignment pool v4 family inet
配置池中的接口家族。
[edit access address-assignment pool v4] user@host#set network 203.0.113.0/16
配置地址范围的上限和下限。
[edit access address-assignment pool v4] user@host#set range limited low 203.0.113.10 user@host#set range limited high 203.0.113.250
配置订阅者可以请求并保留租约的最长时间长度(以秒为单位)。
[edit access address-assignment pool v4] user@host#set dhcp-attributes maximum-lease-time 84600
配置 RADIUS 身份验证
CLI 快速配置
要快速配置 RADIUS 身份验证,请复制以下命令并将其粘贴到路由器终端窗口中:
[edit] edit access radius-server 192.51.100.108 set secret $ABC123ABC123ABC123 set timeout 5 set retry 5 up 2 edit profile acc-prof set authentication-order radius set radius authentication-server 192.51.100.108
配置 RADIUS 访问
分步程序
要配置 RADIUS 访问:
配置 RADIUS 服务器。
[edit access] user@host#edit radius-server 192.51.100.108
配置本地路由器或交换机传递给 RADIUS 客户端所需的密钥(密码)。
[edit access radius-server 192.51.100.108] user@host# set secret $ABC123ABC123ABC123
配置本地路由器或交换机等待从 RADIUS 服务器接收响应的时间长度。
[edit access radius-server 192.51.100.108] user@host# set timeout 5
配置路由器或交换机尝试联系 RADIUS 计费服务器的次数。
[edit access radius-server 192.51.100.108] user@host# set retry 5
配置访问配置文件。
[edit access] user@host#edit profile acc-prof
配置身份验证顺序。
[edit access profile acc-prof ] user@host# set authentication-order radius
配置身份验证服务器。
[edit access profile acc-prof] user@host#set radius authentication-server 192.51.100.108
结果
dynamic-profiles {
vlan-prof {
interfaces {
“$junos-interface-ifd-name” {
unit "$junos-interface-unit" {
vlan-id "$junos-vlan-id";
demux-source inet;
family inet {
unnumbered-address lo0.0 preferred-source-address 203.0.113.32;
}
}
}
}
}
multiplay {
class-of-service {
traffic-control-profiles {
multiplay {
scheduler-map all_smap;
shaping-rate 100m;
guaranteed-rate 20m;
}
}
interfaces {
interface-set “$junos-interface-set-name” {
interface “$junos-interface-ifd-name” {
unit “$junos-underlying-interface-unit”;
}
}
“$junos-interface-ifd-name” {
unit "$junos-interface-unit" {
output-traffic-control-profile multiplay;
}
}
}
scheduler-maps {
all_smap {
forwarding-class be scheduler be_sch;
forwarding-class ef scheduler ef_sch;
forwarding-class af scheduler af_sch;
forwarding-class nc scheduler nc_sch;
forwarding-class voice scheduler voice_sch;
forwarding-class video scheduler video_sch;
forwarding-class game scheduler game_sch;
forwarding-class data scheduler data_sch;
}
}
schedulers {
be_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
ef_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
af_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
nc_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
voice_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
video_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
game_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
data_sch {
transmit-rate percent 12;
buffer-size percent 12;
priority low;
}
}
}
}
access {
radius-server {
192.51.100.108 {
secret "$ABC123ABC123ABC123"; ## SECRET-DATA
timeout 5;
retry 5;
}
}
profile acc-prof {
authentication-order radius;
radius {
authentication-server 192.51.100.108;
}
}
address-assignment {
pool v4 {
family inet {
network 203.0.113.0/16;
range limited {
low 203.0.113.10;
high 203.0.113.250;
}
dhcp-attributes {
maximum-lease-time 84600;
}
}
}
}
}
class-of-service {
interfaces {
interface-set dynamic-set {
output-traffic-control-profile multiplay;
}
}
}
interfaces {
interface-set “$junos-interface-set-name” {
interface "$junos-interface-ifd-name" {
unit "$junos-underlying-interface-unit";
}
}
"$junos-interface-ifd-name" {
unit "$junos-underlying-interface-unit" {
family inet {
unnumbered-address lo0.0 preferred-source-address 203.0.113.32;
}
}
}
}
}
}
interfaces {
ge-1/0/0 {
hierarchical-scheduler;
vlan-tagging;
auto-configure {
vlan-ranges {
dynamic-profile vlan-prof {
accept inet;
ranges {
any;
}
}
}
}
}
lo0 {
unit 0 {
family inet {
address 203.0.113.32/32;
}
}
}
}
system {
services {
dhcp-local-server {
authentication {
password $ABC123;
username-include {
user-prefix multiplay;
}
}
dynamic-profile multiplay aggregate-clients replace;
group vlans {
interface ge-1/0/0.0;
}
}
}
}
验证
要确认配置正确,请执行以下任务: