Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Profile Characteristics

    This topic describes the various characteristics that can be configured for a profile.

    Configuring Bridged Ethernet Characteristics for a Profile

    To configure bridged Ethernet characteristics for a profile:

    • Set the maximum allowable size, in bytes, of the MTU for bridged Ethernet interfaces.
      host1(config-profile)#bridge1483 mtu 1684

      Use the no version to restore the default MTU size for bridged Ethernet interfaces, 1518 bytes.

    Configuring IPv4 Characteristics for a Profile

    To configure IPv4 characteristics for a profile:

    • Enable an access route in a profile.
      host1(config-profile)#ip access-routes

      Use the no version to remove the access route.

    • Assign an IP address to a profile.
      host1(config-profile)#ip address 192.13.5.61

      Use the no version to remove the IP address assignment from the profile.

    • Allow more than one subscriber to have the same IP address across different virtual routers in the dynamic subscriber interface configuration by appending the virtual router name to the interface. You can use this command from either Interface Configuration mode or Profile Configuration mode.
      host1(config-profile)#ip auto-configure append-virtual-router-name

      Use the no version to disable ip auto-configure on the static primary interface if it is already configured. This feature is enabled by default in non-dynamic subscriber interface configuration with DHCP-Local Server

    • Configure a primary IP interface to enable dynamic creation of subscriber interfaces.

      You can use the include-primary keyword to specify that the primary interface is assigned to the first subscriber.

      You can use the exclude-primary keyword to specify that the primary interface is not used for dynamic subscribers. By default, the primary interface is not assigned to a dynamic subscriber.

      host1(config-profile)#ip auto-configure ip-subscriber include-primary

      Use the no version to disable creation of dynamic subscriber interfaces associated with this primary IP interface. Use the no version with the include-primary keyword to specify that the primary interface is not assigned to a subscriber. Use the no version with the exclude-primary keyword to specify that the primary interface is assigned to a subscriber.

    • Enable packet detection on the router and specify that IP automatically detect packets that do not match any entries in the demultiplexer table.
      host1(config-profile)#ip auto-detect ip-subscriber

      Use the no version to restore the default behavior, which disables packet detection.

    • Enable a directed broadcast address in a profile.
      host1(config-profile)#ip directed-broadcast

      Use the no version to remove the directed broadcast address from the profile.

    • Filter out packets that include IP options.
      host1(config-profile)#ip filter-options all

      Use the no version to disable filtering of packets with IP options.

    • Enable IGMP on an interface, and set the IGMP version to IGMPv2.
      host1(config-profile)#ip igmp

      Use the no version to disable IGMP on an interface.

    • Force the router to ignore the DF bit if it is set in the IP packet header for packets on an interface.

      Note: You can also use RADIUS VSA [26-70] to configure the router’s DF bit support. The action configured by the RADIUS VSA takes precedence over the action configured by the ip ignore-df-bit command. For more information, see Juniper Networks VSAs and Juniper Networks VSAs Supported for Subscriber AAA Access Messages.

      host1(config-profile)#ip ignore-df-bit

      Use the no version to restore the default behavior, which is to consider the DF bit before fragmentation.

    • Configure an inactivity timer value for an IP interface. IP polls the dynamic interface at the configured interval to determine whether the interface was active during the interval. Inactive interfaces are deleted only when the period of inactivity is equal to or greater than the configured value.

      For example, if you configure an inactivity timer of 15 minutes, IP polls the interface every 15 minutes. If a poll determines that the interface was last active 14 minutes earlier, the inactive time is less than the configured value so nothing happens. IP polls again 15 minutes later. If the interface is still inactive then the total period of inactivity is now 29 minutes. This is greater than the configured value and the interface is deleted.

      host1(config-profile)#ip inactivity-timer 100

      Use the no version to restore the default behavior, which disables the inactivity timer.

    • Associate an inspection list to the inbound or outbound side of the IP interface.
      host1(config-profile)#ip inspection list1

      Use the no version to remove the inspection list association to this interface.

    • Assign the maximum transmission unit size sent on an IP interface.
      host1(config-profile)#ip mtu 1000

      Use the no version to restore the default value, 0, which means that the router takes the value from a lower protocol layer.

    • Mark interfaces that participate in NAT translation as residing on the inside or the outside network.
      host1(config-profile)#ip nat inside

      Use the no version to unmark the interface (the default) so that it does not participate in NAT translation.

    • Assign a policy list to the ingress or egress of an interface to which the profile is attached.
      host1(config-profile)#ip policy secondary-input my-policy

      Use the no version to remove the association between a policy list and a profile.

    • Enable the sending of redirect messages if the software is forced to resend a packet through the same interface on which it was received.
      host1(config-profile)#ip redirects

      Use the no version to remove the assignment from the profile.

    • Enable J-Flow statistics on the interface.
      host1(config-profile)#ip route-cache flow sampled

      Use the no version to delete J-Flow statistics from the profile.

    • Configure an interface for route-map processing and specify the route map that is applied to the IP interface subscriber.
      host1(config-profile)#ip route-map ip-subscriber chicagoRouteMap

      Use the no version to delete the route map.

    • Enable source address validation on an IP interface. Source address validation verifies that a packet has been sent from a valid source address.
      host1(config-profile)#ip sa-validate

      Use the no version to disable source address validation.

    • Modify the maximum segment size for TCP SYN packets traveling through the interface.
      host1(config-profile)#ip tcp adjust-mss 200

      Use the no version to remove the maximum segment size modification.

    • Specify the unnumbered interface with which dynamic interfaces created with the profile are associated.

      You can configure a loopback using RADIUS instead of adding one to the profile using the ip unnumbered loopback command.

      host1(config-profile)#ip unnumbered loopback 5

      Use the no version to remove the assignment from the profile.

    • Assign a virtual router to a profile. Interfaces created by the profile are attached to this virtual router.

      If the virtual router specified in a profile with the ip virtual-router command differs from the virtual router provided by AAA, IP uses the virtual router provided by AAA when the dynamic IP upper-layer interface is created. For more information about using the ppp authentication virtual-router command, see Configuring MLPPP and PPP Characteristics for a Profile.

      host1(config-profile)#ip virtual-router salem1

      Use the no version to remove the virtual router assignment from the profile. If no virtual router is specified via RADIUS, then any subsequent use of the profile to create a dynamic interface fails for lack of a virtual router.

    Configuring IPv6 Characteristics for a Profile

    To configure IPv6 characteristics for a profile:

    • Configure an IPv6 address on an interface to which the profile is attached.
      host1(config-profile)#ipv6 address 1::1/64

      Use the no version to remove the IPv6 address from the interface.

    • Create the HTTP local server to listen and process for IPv6 exception packets. For more information, see Configuring the HTTP Server to Support Guided Entrance in the JunosE Broadband Access Configuration Guide.
      host1(config)#ipv6 http

      Use the no version to delete the HTTP local server.

    • Specify the URL to which a subscriber’s HTTP access session is redirected. For more information, see Configuring the HTTP Server to Support Guided Entrance in the JunosE Broadband Access Configuration Guide.

      The first access session is typically used by the Service Manager application to provide initial provisioning and service selection for the subscriber.

      HTTP redirect is per-interface; use the command in Interface, Subinterface or Profile Configuration mode for static interfaces.

      The redirect URL can be a maximum of 64 characters.

      Note: The HTTP local server must be configured and enabled in the virtual router for the interface on which you use the ipv6 http redirectUrl command. Otherwise, the URL redirect operation will fail.

      host1(config-profile)#ipv6 http redirectUrl http://ispsite.redirect.com

      Use the no version to restore the default, which disables the HTTP redirect feature.

    • Enable MLD on an interface, and set the MLD version to MLDv2.
      host1(config-profile)#ipv6 mld

      Use the no version to disable MLD on an interface.

    • Set the maximum transmission unit size of IPv6 packets sent on an interface.
      host1(config-profile)#ipv6 mtu 1000

      Use the no version to restore the default value, 0, which means that the router takes the value from a lower protocol layer.

    • Enable the IPv6 Neighbor Discovery process on an interface.
      host1(config-profile)#ipv6 nd

      Use the no version to disable the Neighbor Discovery process.

    • Set the “managed address configuration” flag in IPv6 router advertisements.
      host1(config-profile)#ipv6 nd managed-config-flag

      Use the no version to clear the flag from IPv6 router advertisements.

    • Set the “other stateful configuration” flag in IPv6 router advertisements.
      host1(config-profile)#ipv6 nd other-config-flag

      Use the no version to clear the flag from IPv6 router advertisements.

    • Specify which IPv6 prefixes the system includes in IPv6 router advertisements.
      host1(config-profile)#ipv6 nd prefix-advertisement 2002:1::/64 60000 45000 onlink autoconfig

      Use the no version to remove any prefixes from the IPv6 routing advertisements.

    • Specify the interval, in seconds, between IPv6 router advertisement retransmissions on an interface.
      host1(config-profile)#ipv6 nd ra-interval 500

      Use the no version to restore the default interval, 200 seconds.

    • Specify the router lifetime value, in seconds, in IPv6 router advertisements on an interface. The router lifetime value is the amount of time the router is considered the default router on this interface.
      host1(config-profile)#ipv6 nd ra-lifetime 900

      Use the no version to restore the default lifetime, 1800 seconds.

    • Specify the amount of time, in milliseconds, that the E Series router can reach a remote IPv6 node after some reachability confirmation event has occurred.
      host1(config-profile)#ipv6 nd reachable-time 30000

      Use the no version to restore the default value 0 milliseconds for router advertisements and 3,600,000 milliseconds (1 hour) for Neighbor Discovery activity of the E Series router.

    • Suppress IPv6 router advertisement transmissions on a LAN local area network (Ethernet) interface.
      host1(config-profile)#ipv6 nd suppress-ra

      Use the no version to reenable the sending of IPv6 router advertisement transmissions on the LAN (Ethernet) interface

    • Assign a policy list to the ingress or egress of an interface to which the profile is attached.
      host1(config-profile)#ipv6 policy secondary-input my-policy

      Use the no version to remove the association between a policy list and a profile.

    • Enable source address validation on an IPv6 interface.
      host1(config-profile)#ipv6 sa-validate

      Use the no version to disable source address validation.

    • Enable IPv6 processing on an interface without assigning an explicit IPv6 address to that interface.
      host1(config-profile)#ipv6 unnumbered loopback 0

      Use the no version to remove the IPv6 address from the interface.

    • Specify a virtual router in an IPv6 profile. Dynamic interfaces created with the profile are assigned to this virtual router
      host1(config-profile)#ipv6 virtual-router westford01

      Use the no version to remove the virtual router assignment from the profile. If no virtual router is specified via RADIUS, then any subsequent use of the profile to create a dynamic interface fails for lack of a virtual router.

    Configuring L2TP Characteristics for a Profile

    To configure L2TP characteristics for a profile:

    • Assign a policy list to the ingress or egress of an interface to which the profile is attached.
      host1(config-profile)#l2tp policy secondary-input my-policy

      Use the no version to remove the association between a policy list and a profile.

    Configuring MLPPP and PPP Characteristics for a Profile

    To configure MLPPP and PPP characteristics for a profile:

    • Assign a broadcast virtual router group to enable broadcast accounting in a PPP profile. For more information about broadcast accounting, see RADIUS Authentication and Accounting Servers Configuration Overview and Broadband Remote Access Support for PPP Overview.

      Note: When the broadcast virtual router group is configured at both PPP profile and virtual router levels, AAA sends accounting messages only to broadcast accounting servers in the broadcast virtual router group that is configured at both PPP profile and virtual router levels.

      host1(config-profile)#ppp aaa-accounting-broadcast groupxyz

      Use the no version to remove the broadcast virtual router group assignment.

    • Assign an AAA profile to static and dynamic, multilink and nonmultilink PPP interfaces.

      Note:

      • Although an AAA profile and an interface profile have similar functionality, they are not related and you need to treat them differently.
      • For more information about AAA profiles, see JunosE Broadband Access Configuration Guide.
      host1(config-profile)#ppp aaa-profile westford24

      Use the no version to remove the AAA profile assignment.

    • Request authentication from a PPP peer router.
      host1(config-profile)#ppp authentication pap chap

      To specify the name of a virtual router to be used as the authentication virtual router context, use the virtual-router keyword.

      host1(config-profile)#ppp authentication virtual-router boston pap chap

      Use the no version to specify that the router does not require authentication.

    • Modify the length of the CHAP challenge by specifying the minimum length and maximum length.

      Caution: Do not use the ppp chap-challenge-length command; increasing the minimum length (from the default 16 bytes) or decreasing the maximum length (from the default 32 bytes) reduces the security of your router.

      host1(config-profile)#ppp chap-challenge-length 24 28

      Use the no version to restore the default minimum 16 bytes and default maximum 32 bytes.

    • Enable fragmentation on an MLPPP link interface and optionally specify the maximum fragment size, in octets, to be used on the link.
      host1(config-profile)#ppp fragmentation 128

      Use the no version to disable fragmentation on the link and restore the default fragment size, which is the link’s MTU.

    • Enable use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on the dynamic MLPPP interfaces created by this profile.
      host1(config-profile)#ppp hash-link-selection

      Use the no version to restore the default round-robin algorithm for MLPPP link selection.

    • Initiate IPv4 for passive clients. By default, PPP creates IP instances when it receives client requests.
      host1(config-profile)#ppp initiate-ip

      Use the no version to disable initiation of IP.

    • Initiate IPv6 for passive clients. By default, PPP creates IPv6 instances when it receives client requests.
      host1(config-profile)#ppp initiate-ipv6

      Use the no version to disable initiation of IPv6.

    • Terminate invalid IPv4 subscribers and prevent additional IPCP negotiations.

      For more information about how the IPv4 addresses are restored, see Configuring Point-to-Point Protocol in JunosE Link Layer Configuration Guide.

      host1(config-profile)#ppp ipcp lockout

      Use the no version to disable the IPCP lockout option on the interface.

    • Specify IPCP option 0x90 for each PPP interface. By default, IPCP option 0x90 is disabled on the interface.
      host1(config-profile)#ppp ipcp netmask

      Use the no version to disable IPCP option 0x90 option on the interface.

    • Configure the time period during which additional IPCP negotiations are prevented.
      host1(config-profile)#ppp ipcp-lockout-duration 400

      Use the no version to restore the default value, 600 seconds.

    • Configure the maximum number of requests for IPv4 addresses that can be received per subscriber during the time interval configured for IPCP renegotiations to be received.
      host1(config-profile)#ppp ipcp-max-negotiation 4

      Use the no version to restore the default value, 6.

    • Configure the time period during which IPCP renegotiations for IPv4 addresses that the router or the provider edge device can receive from a subscriber are restricted.
      host1(config-profile)#ppp ipcp-nego-duration 300

      Use the no version to restore the default value, 60 seconds.

    • Configure to prompt the CPE to negotiate the IPCP primary and secondary DNS options that are locally available with the broadband remote access server.
      host1(config-profile)#ppp ipcp prompt-option dns

      Use the no version to disable the command.

    • Specify the keepalive timeout value.

      You can use the ppp keepalive command without a value to restore the default, 30 seconds.

      host1(config-profile)#ppp keepalive 50

      Use the no version to disable keepalive.

    • Enable PPP packet or state machine logging on any dynamic interface that uses the profile being configured.
      host1(config-profile)#ppp log pppPacket

      Or

      host1(config-profile)#ppp log pppStateMachine

      Note: This command is equivalent to the log severity debug pppPacket and log severity debug pppStateMachine commands.

      Use the no version to disable packet or state machine logging.

    • Disable negotiation of the local magic number.
      host1(config-profile)#ppp magic-number disable

      Issuing this command prevents the router from detecting loopback configurations. Use the no version to restore negotiation of the local magic number.

    • Configure the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.

      For more information about using this command and LCP peer magic number validation, see Understanding PPP Link Control Protocol.

      host1(config-profile)#ppp magic-number ignore-mismatch

      Use the no version to restore the default behavior, in which the router terminates the PPP connection if it detects an LCP peer magic number mismatch.

    • Configure the maximum number of LCP, IPCP, or IPv6CP renegotiation attempts, in the range 1–65535, that the router accepts before terminating a PPP session.
      host1(config-profile)#ppp max-negotiations 15

      Note: If you do not specify the optional lcp, ipcp, or ipv6cp keyword, the ppp max-negotiations command sets the maximum number of renegotiation attempts for each of LCP, IPCP, and IPv6CP to the value you specify, or to the default value (30) if you omit the optional value for maximum renegotiation attempts.

      Use the no version to restore the default value, 30 renegotiation attempts.

    • Control the negotiation of the MRU.
      host1(config-profile)#ppp mru 576

      Use the no version to restore the default value, which causes PPP to use the lower-layer MRU minus the PPP header length as the MRU value.

    • Enable the creation of dynamic MLPPP interfaces.
      host1 (config-profile)#ppp multilink enable

      Use the no version to cause the LNS to reject any incoming requests to create dynamic MLPPP interfaces.

    • Enable multiclass MLPPP and the creation of multilink classes on a dynamic MLPPP interface.
      host1 (config-profile)#ppp multilink multiclass multilink-classes 6

      Use the no version to disable multiclass MLPPP or to restore the number of multilink classes to the default value, 1.

    • Enable fragmentation on a multilink class on a dynamic MLPPP interface.
      host1(config-profile)#ppp multilink multiclass fragmentation best-effort voice low-loss video

      Use the no version to disable fragmentation on a multilink class.

    • Enable reassembly on a multilink class on a dynamic MLPPP interface.
      host1(config-profile)#ppp multilink multiclass reassembly best-effort voice low-loss video

      Use the no version to disable reassembly on a multilink class.

    • Configure mapping of QoS traffic classes to multilink classes on a dynamic MLPPP interface.
      host1(config-profile)#ppp multilink multiclass traffic-class best-effort voice low-loss video

      Use the no version to delete the mapping of QoS traffic classes to multilink classes.

    • Force a static or dynamic PPP interface into passive mode before LCP negotiation begins, for a period of one second. This delay enables slow clients to start up and initiate the LCP negotiation.
      host1(config-profile)#ppp passive-mode

      Use the no version to disable passive mode.

    • Resolve conflicts when the router and the PPP peer system have the primary and secondary DNS and WINS addresses configured with different values.
      host1(config-profile)#ppp peer dns

      Use the no ppp peer dns command or the no ppp peer wins command when you want the router to take precedence during setup negotiations between the router and the remote PC client. If the IP addresses passed to the router by the remote PC client differ from the ones you have configured on your router, the router returns the values that you configured as the correct values to the remote PC client.

    • Enable reassembly on an MLPPP link interface and optionally specify the administrative MRRU value, in octets, for the link.
      host1(config-profile)#ppp reassembly 1590

      Use the no version to disable reassembly on the link and restore the default value, which is the link’s local MRU.

    Configuring PPPoE Characteristics for a Profile

    To configure PPPoE characteristics for a profile:

    • Add an access concentrator name to the profile configuration.
      host1(config-profile)#pppoe acName CYM9876

      Use the no version to remove the AC name.

    • Set up the router to offer to set up a session for the client, even if the router has insufficient resources to establish a session.
      host1(config-profile)#pppoe always-offer

      Use the no version to disable this feature.

    • Prevent a client from establishing more than one session using the same MAC address.

      For a list of considerations to be observed when you use the duplicate protection feature for IWF PPPoE sessions, see Guidelines for Configuring Duplicate Protection for IWF PPPoE Sessions.

      host1(config-profile)#pppoe duplicate-protection

      Use the no version to disable duplicate protection.

    • Enable packet trace logging on PPPoE dynamic interfaces created with this profile. Packet trace information is logged to the pppoeControlPacket log.
      host1(config-profile)#pppoe log pppoeControlPacket

      Use the no version to turn off packet trace logging.

    • Configure the PPPoE application to send a PADM Message Of The Minute message. The recipient of the message is determined by the mode from which the command is issued.
      host1(config-profile)#pppoe motm string

      Use the no version to disable the command.

    • Set the MTU using a combination of lower layer restrictions and controls.

      You can use the use-lower-layer keyword to use the lower layer interface value minus any PPPoE overhead. You can use the use-mtu-tag keyword to use the provided PPPoE mtu tag value.

      host1(config-profile)#pppoe mtu 1380

      Use the no version to restore the default value, 1494.

    • Enable the router to capture and process a vendor-specific tag containing a remote circuit ID transmitted from a DSLAM device.

      Optionally, the router can use the remote circuit ID in place of either or both of the Calling-Station-Id [31] and NAS-Port-Id [87] RADIUS attributes to uniquely identify subscriber locations.

      host1(config-profile)#pppoe remote-circuit-id

      Use the no version to restore the default behavior, which is not to capture and process the remote circuit ID.

    • Assign a PPPoE service name table to dynamic interfaces created with this profile.
      host1(config-profile)#pppoe service-name-table myServiceTable1

      Use the no version to remove the PPPoE service name table assignment.

    • Specify the maximum number of PPPoE subinterfaces permitted on an interface, in the range 1–8000 (ERX routers) or 1–32,000 (E120 and E320 routers). On the ES2 10G ADV LM (E120 and E320 routers), you can have PPPoE subinterfaces in the range 1–32,000. The default value is 8000 (ERX routers) or 16,000 (E120 and E320 Broadband Services Routers) or 32,000 (ES2 10G ADV LM).
      host1(config-profile)#pppoe sessions 3000

      Use the no version to restore the default value, 8000 (ERX routers) or 16,000 (E120 and E320 routers) or 32,000 (ES2 10G ADV LM).

    • Configure the PPPoE application to send the string to the new client created when the profile is dynamically attached to an IP interface.
      host1(config-profile)#pppoe url http://www.relevanturl.com

      Use the no version to disable the command.

    Note: If you assign profiles to static PPPoE major interfaces, the PPPoE settings that you configure on the interfaces become effective and the PPPoE parameters that you configure in the profiles are not processed. However, for dynamic PPPoE interfaces that are assigned with profiles, the PPPoE settings in the profile are processed and applied on the interface.

    Configuring VLAN Characteristics for a Profile

    To configure VLAN characteristics for a profile:

    • Assign an Ethertype value for the S-VLAN subinterface.
      host1(config-profile)#svlan ethertype 8100

      Or

      host1(config-profile)#svlan ethertype 88a8

      Use the no version to restore the default value, 9100.

    • Set an advisory receive speed for VLAN subinterfaces that are created with the profile you are configuring.
      host1(config-profile)#vlan advisory-rx-speed 2000

      Use the no version to restore the default behavior—the Rx speed is not sent to the LNS.

    • Set an advisory connect speed for VLAN subinterfaces that are created with the profile that you are configuring.
      host1(config-profile)#vlan advisory-tx-speed 2000

      Use the no version to restore the default behavior—the Tx speed is not sent to the LNS.

    • Specify the types of dynamic upper-interface encapsulations that are accepted or detected by a dynamic VLAN subinterface.
      host1(config-profile)#vlan auto-configure ip

      Use the no version to terminate detection of the specified encapsulation type.

    • Create a VLAN subinterface that is based on the agent-circuit-id information in the option 82 field of DHCP messages or in the DSL Forum VSA 26-1 of PPPoE PADR and PADI packets.
      host1(config-profile)#vlan auto-configure agent-circuit-identifier

      Use the no version to disable creation of VLAN subinterfaces based on agent-circuit-identifier information.

    • Assign a description to VLAN subinterfaces that are created with this profile.
      host1(config-profile)#vlan description test1

      Use the no version to remove the VLAN description.

    • Assign a VLAN policy list to an interface.
      host1(config-profile)#vlan policy input VlanPolicy33 statistics enabled preserve

      Use the no version to remove the association between a policy list and an interface or a profile.

    • Add a nested profile assignment to a base profile for a dynamic VLAN subinterface.

      A nested profile assignment references another profile that configures attributes for a dynamic upper-interface type over the VLAN subinterface.

      host1(config-profile)#vlan profile pppoe vlanProfilePppoe host1(config-profile)#vlan profile ip vlanProfileIP

      Use the no version to remove the profile assignment for the upper-interface encapsulation type.

    • Specify a service profile name for a dynamic VLAN and to enter Service Profile Configuration mode. Service profiles contain user and password information, and are used in route maps for subscriber management and to authenticate subscribers with RADIUS.
      host1(config)#vlan service-profile vlanClass1Service host1(config-service-profile)#

      Use the no version to delete the service profile.

    Published: 2014-08-14