RADIUS NAS Port Attributes and Options

 

Manual Configuration of the NAS-Port-ID RADIUS Attribute

Subscriber management uses the NAS-Port-ID (RADIUS attribute 87) to provide an interface description that identifies the physical interface that is used to authenticate subscribers. The NAS-Port-ID is included in RADIUS Access-Request, Acct-Start, Acct-Stop, Acct-On, and Acct-Off messages.

You can configure access profiles to specify additional information in the NAS-Port-ID. The additional information can be any combination of the interface description (the default value), the Agent Circuit ID, the Agent Remote ID, and the NAS identifier. You can also specify an optional delimiter character, which separates the values in a NAS-Port-ID. The default delimiter character is the hash character (#).

A default NAS-Port-ID for nonchannelized interfaces consists of the following interface-description string:

interface-type-slot/adapter/port.subinterface[:svlan-vlan]

For example: ge-1/2/0.100:100.

Starting in Junos OS Release 17.3R1, a logical port number is added to the default format for only channelized interfaces. For channelized interfaces, the default format for a NAS-Port-ID consists of the following interface-description string:

interface-type-slot/adapter/logical-port-number.subinterface[:svlan-vlan]

For example, xe-0/1/143.4-5.6.

You can optionally configure the interface description format in an access profile to exclude the adapter, channel, or subinterface information.

You might optionally configure an access profile that specifies that the NAS-Port-ID includes the NAS identifier, the Agent Circuit ID, and the Agent Remote ID, in addition to the default interface description. For this configuration, the NAS-Port-ID consists of the following string:

nas-identifier#interface-description#agent-circuit-id#agent-remote-id

For example:

retailer25#ge-1/2/0.100:100#ACI 12/1/22/1230:1.1.23#ARI 55/2/23.9999:10.11.1923

Note

The NAS-Port-ID displays the configured values in the following order (where # is the delimiter):

nas-identifier#interface-description#agent-circuit-id#agent-remote-id

Configuring a NAS-Port-ID with Additional Options

The NAS-Port-ID (RADIUS attribute 87) identifies the physical interface that subscriber management uses to authenticate subscribers. By default, the NAS-Port-ID includes the interface-description value that describes the physical interface. You can include the following optional values in the NAS-Port-ID:

  • agent-circuit-id

  • agent-remote-id

  • interface-description

  • interface-text-description

  • nas-identifier

  • postpend-vlan-tags

Note

If you specify any optional values, the default interface-description value is no longer automatically included. You must explicitly specify the interface-description value if you want it to appear in the NAS-Port-ID.

When you specify optional values, the router arranges the values in the following default order, where the # character is the default delimiter:

nas-identifier # interface-description # interface-text-description # agent-circuit-id # agent-remote-id # postpend-vlan-tags

You can use the order option to configure the explicit order in which the specified optional values appear in the NAS-Port-ID string.

To configure optional values in the NAS-Port-ID string:

  1. Specify the access profile you want to configure.
  2. Specify that you want to configure RADIUS options.
  3. Specify the character to use as the delimiter between the different attribute values in the NAS-Port-ID. By default, subscriber management uses the hash character (#).
  4. Specify that you want to configure the format of the NAS-Port-ID.
  5. (Optional) Specify the optional values you want to include in the NAS-Port-ID string. The optional values appear in the default order.
  6. (Optional) To specify an explicit non-default order in which the optional values appear in the NAS-Port-ID string, include the order option before each optional value. Specify the values in the order you want them to appear.

    See Configuring the Order in Which Optional Values Appear in the NAS-Port-ID.

Configuring the Order in Which Optional Values Appear in the NAS-Port-ID

In addition to specifying the values that you want to include in the NAS-Port-ID, you can use the order option to specify the explicit order in which you want the values to appear.

By default, the router arranges the specified values in the following order, where the # character is the delimiter:

Note

The default order and the customized order are mutually exclusive. The configuration fails if you try to specify both.

To configure the specific order in which you want the optional values to appear in the NAS-Port-ID:

  1. Specify that you want to configure the format of the NAS-Port-ID.
  2. Include the order option before each optional value that you want to include in the NAS-Port-ID. Specify the optional values in the order in which you want them to appear.

    This configuration configures the following NAS-Port-ID string, where the % character is the delimiter:

    interface-description % nas-identifier % agent-remote-id % interface-text-description

  3. (Optional) To add an optional value to an existing NAS-Port-ID string:

    Use the order option and the name of the optional value to add the new value to the existing NAS-Port-ID. The new value is added at the end of the string. For example:

    This configuration modifies the example in the previous step by adding the agent-circuit-id to the end of the NAS-Port-ID string:

    interface-description % nas-identifier % agent-remote-id % interface-text-description % agent-circuit-id

    Note

    If you attempt to add an optional value that already exists in the NAS-Port-ID string, the new specification is ignored and the existing value remains in the order in which it was originally configured.

    If you want to modify the existing order, delete the existing specification and define the new order.

Enabling Unique NAS-Port Attributes (RADIUS Attribute 5) for Subscribers

Typically, the router derives the RADIUS NAS-Port attribute (attribute 5) value from a subscriber’s physical port, as shown in the following list.

  • Subscribers over Ethernet interfaces—combination of slot/adapter/port/SVLAN ID/VLAN ID

  • Subscribers over ATM interfaces—combination of slot/adapter/port/VPI/VCI

However, in some customer environments, a NAS-Port attribute that is based on the physical port might not be unique, and multiple subscribers might have the same NAS-Port value. To avoid the duplicate use of a NAS-Port attribute, you can configure the router to provide unique NAS-Port attributes. The unique NAS-Port attribute consists of 32 bits (the most significant bit [MSB] is always 0), which make up two parts— a unique number that the router internally generates, and an optional unique chassis ID that you specify.

If you create the NAS-Port value based on the internally generated number only, the resulting NAS-Port value is unique within the router only. If your implementation requires NAS-Port values to be unique across all MX series routers in the network, you must also configure the unique chassis ID.

Uniqueness across all routers—To configure a NAS-Port attribute that is unique across all routers in the network, you use the following procedure:

  • Configure the chassis ID width (1–7 bits)—You must use the same width for all routers in the network.

  • Configure the chassis ID—You must ensure that you configure a unique ID for each router.

  • The router uses the remainder of the 31 bits (minus the MSB and the number of bits used for the chassis ID width) for the internally generated number.

Uniqueness within the local router—To configure a NAS-Port attribute that is unique within the local router only, you use the following procedure:

  • Do not configure the chassis ID width or chassis ID.

  • The router uses all 31 bits for the internally generated number. The resulting NAS-Port attribute is unique only within the router and cannot be guaranteed to be unique for any other routers in the network.

To configure unique NAS-Port attribute values for subscribers:

Note

Before configuring the unique NAS-Port attribute, ensure that neither the nas-port-extended-format statement or the vlan-nas-port-stacked-format statement is configured at the [edit access profile profile-name radius options] hierarchy level. Otherwise, the commit operation will fail.

  1. Specify that you want to configure RADIUS options at the [edit access] hierarchy level.
  2. Specify that you want to enable unique NAS-Port attribute support.
    Note

    This step configures the router to generate a unique number, which creates a NAS-Port value that is unique within the router.

  3. (Optional) If you want to provide NAS-Port values that are unique across all MX series routers in the network, complete the following additional steps.
    • Specify the number of bits used in the chassis ID portion of the NAS-Port attribute. You can specify 1-7 bits. You must use the same chassis ID width for all routers across the network.

    • Specify the value you want to use for chassis ID portion of the NAS-Port attribute. The chassis ID can be in the range from 0-127 bits. You must configure a unique chassis ID for each MX router in the network.

RADIUS NAS-Port Options for Subscriber Access per Physical Interface, VLAN, or Stacked VLAN Overview

On MX Series routers with Modular Port Concentrator/Modular Interface Card (MPC/MIC) interfaces, you can configure the NAS-Port-Type (61) RADIUS IETF attribute, and an extended format for the NAS-Port (5) RADIUS IETF attribute, on a per-interface, per-VLAN, or per-stacked VLAN basis. The router passes the NAS-Port and NAS-Port-Type attributes to the RADIUS server during the authentication, authorization, and accounting (AAA) process.

This overview covers the following topics:

NAS-Port-Type RADIUS Attribute

The NAS-Port-Type attribute specifies the type of physical port that the network access server (NAS) uses to authenticate the subscriber. When you use the nas-port-type statement to configure the NAS-Port-Type, you can specify one of several predefined port types, or a user-defined port type value in the range 0 through 65535.

NAS-Port RADIUS Attribute

The NAS-Port attribute specifies the physical port number of the NAS that is authenticating the user, and is formed by a combination of the physical port’s slot number, port number, adapter number, VLAN ID, and S-VLAN ID. The NAS-Port extended format, which you configure with the nas-port-extended-format statement, specifies the number of bits (bit width) for each field in the NAS-Port attribute: slot, adapter, port, VLAN, and S-VLAN.

To include stacked VLAN IDs, in addition to VLAN IDs, in the NAS-Port extended format, use the stacked option as part of the nas-port-extended-format statement. If you do not configure the stacked option, stacked VLAN IDs are not included in the extended format.

NAS-Port Options Configuration and Subscriber Network Access Models

Configuring the NAS-Port-Type and the extended format for NAS-Port on a per-VLAN, per-stacked VLAN, or per-physical interface basis is useful in network configurations that use the following subscriber access models:

  • 1:1 access model (per-VLAN basis)—In a 1:1 access model, dedicated customer VLANs (C-VLANs) provide a one-to-one correspondence between an individual subscriber and the VLAN encapsulation.

  • N:1 access model (per–S-VLAN basis)—In an N:1 access model, service VLANs are dedicated to a particular service, such as video, voice, or data, instead of to a particular subscriber. Because a service VLAN is typically shared by many subscribers within the same household or in different households, the N:1 access model provides a many-to-one correspondence between individual subscribers and the VLAN encapsulation.

  • 1:1 or N:1 access model (per-physical interface basis)—You can configure the NAS-Port-Type and NAS-Port format on a per-physical interface basis for both the 1:1 access model and the N:1 access model.

NAS-Port Options Definition

As an alternative to globally configuring the NAS-Port-Type and NAS-Port extended format in an access profile, you can configure these attributes on a per-interface, per-VLAN, or per-stacked VLAN basis. To do so, you must create a NAS-Port options definition, which includes some or all of the following components:

  • NAS-Port-Type value—Specifies the type of physical port that the network access server (NAS) uses to authenticate the subscriber.

  • NAS-Port extended format—Configures the number of bits (bit width) for each field in the NAS-Port attribute, including: slot, adapter, port, VLAN, and S-VLAN. Optionally, you can also use the stacked option as part of the nas-port-extended-format statement to include S-VLAN IDs, in addition to VLAN IDs, in the extended format. If you do not configure the stacked option, stacked VLAN IDs are not included in the extended format.

  • VLAN ranges or S-VLAN ranges—Defines the VLAN range of subscribers or stacked VLAN range of subscribers to which each NAS-Port options definition applies.

Guidelines for Configuring RADIUS NAS-Port Options for Subscriber Access per Physical Interface, VLAN, or Stacked VLAN

The following guidelines apply when you configure the NAS-Port-Type attribute and the extended format for the NAS-Port attribute on a per-VLAN, per-stacked VLAN, or per-physical interface basis:

  • You can create a maximum of 16 NAS-Port options definitions per physical interface. Each definition can include either a maximum of 32 VLAN ranges or a maximum of 32 stacked VLAN ranges, but cannot include a combination of VLAN ranges and stacked VLAN ranges.

  • Configuring the NAS-Port-Type attribute and NAS-Port extended format on a per-VLAN, per-stacked VLAN, or per-physical interface basis overrides the global settings for these attributes configured in an access profile.

  • If the NAS-Port-Type attribute and the NAS-Port extended format are not configured on a per-VLAN basis (in a 1:1 access model) or on a per-stacked VLAN basis (in an N:1 access model), the router uses the global settings configured for these attributes in an access profile for all RADIUS request messages.

Configuring RADIUS NAS-Port Options for Subscriber Access per Physical Interface, VLAN, or Stacked VLAN

On MX Series routers with MPC/MIC interfaces, you can configure the NAS-Port-Type (61) RADIUS IETF attribute, and an extended format for the NAS-Port (5) RADIUS IETF attribute, on a per-physical interface, per-VLAN, or per-stacked VLAN (S-VLAN) basis. The router passes the NAS-Port-Type and NAS-Port attributes to the RADIUS server during the authentication, authorization, and accounting (AAA) process.

To configure the NAS-Port-Type and NAS-Port extended format on a per-physical interface, per-VLAN, or per-stacked VLAN basis, you must create a NAS-Port options definition, which includes the following components:

  • NAS-Port-Type value—Specifies the type of physical port that the network access server (NAS) uses to authenticate the subscriber.

  • NAS-Port extended format—Configures the number of bits (bit width) for each field in the NAS-Port attribute, which specifies the physical port number of the NAS that is authenticating the subscriber. Fields in the NAS-Port attribute include: slot, adapter, port, VLAN, and S-VLAN. Optionally, you can also use the stacked option as part of the nas-port-extended-format statement to include S-VLAN IDs, in addition to VLAN IDs, in the extended format. If you do not configure the stacked option, stacked VLAN IDs are not included in the extended format.

  • VLAN ranges or S-VLAN ranges—Defines the VLAN range of subscribers or stacked VLAN range of subscribers to which each NAS-Port options definition applies.

Note

You can create a maximum of 16 NAS-Port options definitions per physical interface. Each definition can include a maximum of 32 VLAN ranges or 32 stacked VLAN ranges, but cannot include a combination of VLAN ranges and stacked VLAN ranges.

To configure the NAS-Port-Type and NAS-Port extended format on a per-physical interface, per-VLAN, or per-stacked VLAN basis:

  1. Specify the physical interface you want to configure.
  2. Enable VLAN tagging, stacked VLAN tagging, or flexible VLAN tagging on the interface.
  3. Specify that you want to configure RADIUS options for a physical interface, VLAN, or S-VLAN.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port-Type, and the VLAN ranges or stacked VLAN ranges to which the named NAS-Port options definition applies.
  6. Configure the NAS-Port extended format, and the VLAN ranges or stacked VLAN ranges to which the named NAS-Port options definition applies.

Manual Configuration of the NAS-Port-Type RADIUS Attribute

Subscriber management uses the NAS-Port-Type (RADIUS attribute 61) to identify the type of physical port that is used to authenticate subscribers. By default, subscriber management uses a NAS-Port-Type of ethernet.

You can optionally configure access profiles to provide the value for the NAS-Port-Type attribute, which enables you to explicitly specify the NAS port type that is used for a given connection. For example, you might configure an access profile that specifies that a NAS port type of wireless is used for all Ethernet connections that are managed by that access profile.

Note

The ethernet-port-type-virtual configuration statement takes precedence over the nas-port-type statement when you include both statements in the same access profile. When you include the ethernet-port-type-virtual statement, subscriber management uses the RADIUS attribute value of 5, which specifies a NAS port type of virtual.

Table 1 shows the supported port type values for RADIUS attribute 61 (NAS-Port-Type) that you can include in an access profile.

Table 1: RADIUS NAS-Port-Type Values

Statement Option

NAS-Port-Type Value

Description

value

0–65535

Number that indicates either the IANA-assigned value for the RADIUS port type or a custom number-to-port type defined by the user

adsl-cap

12

Asymmetric DSL, carrierless amplitude phase (CAP) modulation

adsl-dmt

13

Asymmetric DSL, discrete multitone (DMT)

async

0

Asynchronous

cable

17

Cable

ethernet

15

Ethernet

fddi

21

Fiber Distributed Data Interface

g3-fax

10

G.3 Fax

hdlc-clear-channel

7

HDLC Clear Channel

iapp

25

Inter-Access Point Protocol (IAPP)

idsl

14

ISDN DSL

isdn-sync

2

ISDN Synchronous

isdn-v110

4

ISDN Async V.110

isdn-v120

3

ISDN Async V.120

piafs

6

Personal Handyphone System (PHS) Internet Access Forum Standard

sdsl

11

Symmetric DSL

sync

1

Synchronous

token-ring

20

Token Ring

virtual

5

Virtual

wireless

18

Other wireless

wireless-1x-ev

24

Wireless 1xEV

wireless-cdma2000

22

Wireless code division multiple access (CDMA) 2000

wireless-ieee80211

19

Wireless 802.11

wireless-umts

23

Wireless universal mobile telecommunications system (UMTS)

x25

8

X.25

x75

9

X.75

xdsl

16

DSL of unknown type

Configuring the RADIUS NAS-Port-Type per Physical Interface

As an alternative to globally configuring the NAS-Port-Type (61) RADIUS attribute in an access profile, you can configure the NAS-Port-Type on a per-physical interface basis as part of a NAS-Port options definition. The NAS-Port-Type specifies the type of physical port that the network access server (NAS) uses to authenticate the subscriber.

Configuring NAS-Port options definitions on a per-physical interface basis is useful in network configurations that use a 1:1 access model or an N:1 access model.

To configure the NAS-Port-Type RADIUS attribute per physical interface:

  1. Specify the interface you want to configure.
  2. Enable VLAN tagging on the interface.

    Setting VLAN tagging enables the reception and transmission of 802.1Q VLAN-tagged frames on the interface. You must enable VLAN tagging before you can configure the VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a physical interface.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port-Type.
  6. Configure the VLAN range or ranges to which the NAS-Port options definition applies.

    Per-physical interface configurations typically require you to create a VLAN range that consists of all VLAN IDs on the physical interface. To do so, use the any option with the vlan-ranges statement.

The following example shows a per-interface NAS-Port options definition named subscribers-east that configures the wireless-umts NAS-Port-Type for a VLAN range consisting of all VLAN IDs on Gigabit Ethernet physical interface ge-1/0/0.

Configuring the RADIUS NAS-Port-Type per VLAN

As an alternative to globally configuring the NAS-Port-Type (61) RADIUS attribute in an access profile, you can configure the NAS-Port-Type on a per-VLAN basis as part of a NAS-Port options definition. The NAS-Port-Type specifies the type of physical port that the network access server (NAS) uses to authenticate the subscriber.

Configuring NAS-Port options definitions on a per-VLAN basis is useful in network configurations that use a 1:1 access model.

To configure the NAS-Port-Type RADIUS attribute per VLAN:

  1. Specify the interface you want to configure.
  2. Enable VLAN tagging on the interface.

    Setting VLAN tagging enables the reception and transmission of 802.1Q VLAN-tagged frames on the interface. You must enable VLAN tagging before you can configure the VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a VLAN interface.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port-Type.
  6. Configure the VLAN range or ranges to which the NAS-Port options definition applies.

    Per-VLAN configurations typically require you to create a VLAN range that consists of a single VLAN ID on the physical interface. To do so, set the low-tag and high-tag options in the vlan-ranges statement to the same value, as shown in the following example.

The following example shows a per-VLAN NAS-Port options definition named subscribers-west that configures the ethernet NAS-Port-Type for VLAN ID 3 on Gigabit Ethernet physical interface ge-1/1/0.

Configuring the RADIUS NAS-Port-Type per Stacked VLAN

As an alternative to globally configuring the NAS-Port-Type (61) RADIUS attribute in an access profile, you can configure the NAS-Port-Type on a per-stacked VLAN basis as part of a NAS-Port options definition. The NAS-Port-Type specifies the type of physical port that the network access server (NAS) uses to authenticate the subscriber.

Configuring NAS-Port options definitions on a per-stacked VLAN basis is useful in network configurations that use an N:1 access model.

To configure the NAS-Port-Type RADIUS attribute per stacked VLAN:

  1. Specify the interface you want to configure.
  2. Enable stacked VLAN tagging on the interface.

    Setting stacked VLAN tagging enables you to configure dual VLAN tags for all logical interfaces on the physical interface. You must enable stacked VLAN tagging before you can configure the stacked VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a stacked VLAN interface.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port-Type.
  6. Configure the stacked VLAN range or ranges to which the NAS-Port options definition applies.

    Per-stacked VLAN configurations require you to create a stacked VLAN range of subscribers to which the NAS-Port options definition applies. You must configure the low and high outer tags (VLAN IDs) in the range 1 through 4094, and the inner tag (S-VLAN ID) as any to represent all S-VLAN ID tags.

  7. Repeat Steps 3 through 6 to configure additional NAS-Port options definitions on this interface.

The following example creates two NAS-Port options definitions, subscribers-north and subscribers-south, configured on a per-stacked VLAN basis on Gigabit Ethernet physical interface ge-1/1/0.

The subscribers-north definition configures a NAS-Port-Type user-defined value (4711) for a stacked VLAN range with outer VLAN ID 1 and all inner S-VLAN IDs. The subscribers-south definition configures a NAS-Port-Type user-defined value (4722) for a stacked VLAN range with outer VLAN IDs in the range 2 through 10, and all inner S-VLAN IDs.

Configuring the RADIUS NAS-Port Extended Format per Physical Interface

As an alternative to globally configuring the extended format for the NAS-Port (5) RADIUS attribute in an access profile, you can configure the NAS-Port extended format on a per-physical interface basis as part of a NAS-Port options definition. The NAS-Port extended format configures the number of bits (bit width) in each field in the NAS-Port attribute, including: slot, adapter, port, VLAN, and S-VLAN.

Configuring NAS-Port options definitions on a per-physical interface basis is useful in network configurations that use a 1:1 access model or an N:1 access model.

To configure an extended format for the NAS-Port RADIUS attribute per physical interface:

  1. Specify the interface you want to configure.
  2. Enable VLAN tagging on the interface.

    Setting VLAN tagging enables the reception and transmission of 802.1Q VLAN-tagged frames on the interface. You must enable VLAN tagging before you can configure the VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a physical interface.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port extended format.
  6. Configure the VLAN range or ranges to which the NAS-Port options definition applies.

    Per-physical interface configurations typically require you to create a VLAN range that consists of all VLAN IDs on the physical interface. To do so, use the any option with the vlan-ranges statement.

The following example shows a per-interface NAS-Port options definition named boston-subscribers that configures a NAS-Port extended format consisting of an 8-bit slot field, 8-bit adapter field, 8-bit port field, and 4-bit VLAN field. The boston-subscribers definition applies to a VLAN range consisting of all VLAN IDs on Gigabit Ethernet physical interface ge-2/0/1.

Configuring the RADIUS NAS-Port Extended Format per VLAN

As an alternative to globally configuring the extended format for the NAS-Port (5) RADIUS attribute in an access profile, you can configure the NAS-Port extended format on a per-VLAN basis as part of a NAS-Port options definition. The NAS-Port extended format configures the number of bits (bit width) in each field in the NAS-Port attribute, including: slot, adapter, port, VLAN, and S-VLAN.

Configuring NAS-Port options definitions on a per-VLAN basis is useful in network configurations that use a 1:1 access model.

To configure an extended format for the NAS-Port RADIUS attribute per VLAN:

  1. Specify the interface you want to configure.
  2. Enable VLAN tagging on the interface.

    Setting VLAN tagging enables the reception and transmission of 802.1Q VLAN-tagged frames on the interface. You must enable VLAN tagging before you can configure the VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a VLAN interface.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port extended format.
  6. Configure the VLAN range or ranges to which the NAS-Port options definition applies.

    Per-VLAN configurations typically require you to create a VLAN range that consists of a single VLAN ID on the physical interface. To do so, set the low-tag and high-tag options in the vlan-ranges statement to the same value, as shown in the following example.

The following example shows a per-VLAN NAS-Port options definition named paris-subscribers that configures a NAS-Port extended format consisting of a 4-bit slot field, 2-bit adapter field, 4-bit port field, and 2-bit VLAN field. The paris-subscribers definition applies to VLAN ID 1 on Gigabit Ethernet physical interface ge-1/0/1.

Configuring the RADIUS NAS-Port Extended Format per Stacked VLAN

As an alternative to globally configuring the extended format for the NAS-Port (5) RADIUS attribute in an access profile, you can configure the NAS-Port extended format on a per- stacked VLAN basis as part of a NAS-Port options definition. The NAS-Port extended format configures the number of bits (bit width) in each field in the NAS-Port attribute, including: slot, adapter, port, VLAN, and S-VLAN.

Configuring NAS-Port options definitions on a per-stacked VLAN basis is useful in network configurations that use an N:1 access model.

To configure an extended format for the NAS-Port RADIUS attribute per stacked VLAN:

  1. Specify the interface you want to configure.
  2. Enable stacked VLAN tagging on the interface.

    Setting stacked VLAN tagging enables you to configure dual VLAN tags for all logical interfaces on the physical interface. You must enable stacked VLAN tagging before you can configure the stacked VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a stacked VLAN interface.
  4. Create a named NAS-Port options definition.
  5. Configure the NAS-Port extended format.

    To include S-VLAN IDs, in addition to VLAN IDs, in the NAS-Port extended format, include the stacked option in the nas-port-extended-format statement.

  6. Configure the stacked VLAN range or ranges to which the NAS-Port options definition applies.

    Per-stacked VLAN configurations require you to create a stacked VLAN range of subscribers to which the NAS-Port options definition applies. You must configure the low and high outer tags (VLAN IDs) in the range 1 through 4094, and the inner tag (S-VLAN ID) as any to represent all S-VLAN ID tags.

  7. Repeat Steps 3 through 6 to configure additional NAS-Port options definitions on this interface.

The following example creates two NAS-Port options definitions, chicago-subscribers and barcelona-subscribers, configured on a per-stacked VLAN basis on Gigabit Ethernet physical interface ge-3/2/1.

The chicago-subscribers definition configures a NAS-Port extended format consisting of a 8-bit slot field, 8-bit adapter field, 8-bit port field, 4-bit stacked VLAN field, and 4-bit VLAN field. Because the stacked option is configured in this definition, S-VLAN IDs, in addition to VLAN IDs, are included in the extended format. The chicago-subscribers definition applies to a stacked VLAN range with outer VLAN ID 1, and all inner S-VLAN IDs.

The barcelona-subscribers definition configures a NAS-Port extended format consisting of a 8-bit slot field, 8-bit adapter field, 8-bit port field, 4-bit stacked VLAN field, and 4-bit VLAN field. Because the stacked option is not configured in this definition, S-VLAN IDs are not included in the extended format. The barcelona-subscribers definition applies to a stacked VLAN range with outer VLAN IDs in the range 2 through 10, and all inner S-VLAN IDs.

Configuring the RADIUS NAS-Port Extended Format for ATM Interfaces

As an alternative to globally configuring an extended format for the NAS-Port (5) RADIUS attribute in an access profile, you can configure the NAS-Port extended format on a per-physical interface basis for both Ethernet subscribers and ATM subscribers as part of a NAS-Port options definition. The NAS-Port extended format configures the number of bits (bit width) in each field of the NAS-Port attribute, including: slot, adapter, port, ATM virtual path identifier (VPI), and ATM virtual circuit identifier (VCI).

To configure the NAS-Port extended format for an ATM interface, include one or both of the following options in the nas-port-extended-format statement along with the other options as appropriate for your needs:

  • vpi-width—Number of bits in the ATM VPI field, in the range 1 through 32

  • vci-width—Number of bits in the ATM VCI field, in the range 1 through 32

Note

For ATM subscribers, the combined total of the widths of all fields must not exceed 32 bits, or the configuration fails. The router may truncate the values of individual fields depending on the bit width you specify.

To configure an extended format for the NAS-Port RADIUS attribute for an ATM interface:

  1. Specify the ATM interface you want to configure.
  2. Specify that you want to configure RADIUS options for a physical interface.
  3. Create a named NAS-Port options definition.
  4. Configure the NAS-Port extended format.

The following example shows a NAS-Port options definition named boston-subscribers for ATM interface at-1/0/4 that configures a NAS-Port extended format with an ATM slot width of 6 bits, ATM adapter width of 3 bits, ATM port width of 4 bits, ATM VPI width of 12 bits, and ATM VCI width of 24 bits.

Release History Table
Release
Description
Starting in Junos OS Release 17.3R1, a logical port number is added to the default format for only channelized interfaces.