JUNOS 9.3 Subscriber Access Configuration Guide DVD Home Techpubs Home Report an Error Collapse TOC List of Figures List of Tables Index Index of Statements and Commands Entire manual as PDF		About This Guide Objectives Audience Supported Routing Platforms Using the Indexes Using the Examples in This Manual Documentation Conventions List of Technical Publications Documentation Feedback Requesting Technical Support Subscriber Access Overview Subscriber Access Overview Subscriber Access Terms and Acronyms Subscriber Access Environment Relationship Between Subscribers and Interfaces in an Access Network Subscriber Access Support Limitations Platform Support Interface Support Subscriber Access Licensing Overview Subscriber Access Operation Flow Activating Subscribers and Managing Services in an Access Network Components of a Dynamic Profile Router Internal Variables Used by Dynamic Profiles Configuring Subscriber Access Subscriber Management Overview Subscriber Access Management Overview Configuring the AAA Service Framework for Subscriber Access AAA Service Framework Overview Router Interaction with RADIUS Servers Overview Configuring Authentication and Accounting Parameters for Subscriber Access Specifying the Authentication and Accounting Methods for Subscriber Access Configuring How Accounting Statistics Are Collected for Subscriber Access Configuring RADIUS Server Parameters for Subscriber Access Specifying the RADIUS Authentication and Accounting Servers for Subscriber Access Configuring RADIUS Server Options for Subscriber Access Configuring How RADIUS Attributes Are Used for Subscriber Access Using RADIUS Dynamic Requests for Subscriber Access Management Dynamic Service Activation During Login Overview RADIUS-Initiated Change of Authorization (CoA) Overview CoA Messages Qualifications for Change of Authorization Message Exchange RADIUS-Initiated Disconnect Overview Disconnect Messages Qualifications for Disconnect Message Exchange Configuring RADIUS-Initiated Dynamic Request Support Verifying and Managing the RADIUS Dynamic-Request Feature RADIUS Attributes and Juniper Networks VSAs Supported by the AAA Service Framework RADIUS IETF Attributes Supported by the AAA Service Framework Juniper Networks VSAs Supported by the AAA Service Framework Error-Cause Codes (RADIUS Attribute 101) for Dynamic Requests Attaching Access Profiles Verifying and Managing Subscriber Information Configuring Address-Assignment Pools for Subscriber Access DHCP and Address Assignment Pools Overview Configuring Address-Assignment Pools Configuring an Address-Assignment Pool Name and Network Address Configuring a Named Address Range for Dynamic Address Assignment Configuring Static Address Assignment Configuring DHCP Client-Specific Attributes DHCP Attributes Table License Requirements for Address-Assignment Pools Tracing Address-Assignment Pool Processes Configuring the Address-Assignment Pool Trace Log Filename Configuring the Number and Size of Address-Assignment Pool Processes Log Files Configuring Access to the Log File Configuring a Regular Expression for Lines to Be Logged Configuring the Trace Operation Configuring DHCP Local Server for Subscriber Access Extended DHCP Local Server Overview Interaction Among the DHCP Client, Extended DHCP Local Server, and Address-Assignment Pools Providing DHCP Client Configuration Information Minimal Configuration for Clients DHCP Local Server and Address-Assignment Pools Dynamic Profile Attachment to DHCP Subscriber Interfaces Overview Multiple DHCP Subscribers Sharing the Same VLAN Logical Interface Primary Dynamic Profile Using External AAA Authentication Services with DHCP Configuring How the Extended DHCP Local Server Determines Which Address-Assignment Pool To Use Grouping Interfaces with Common DHCP Configurations Overriding Default DHCP Local Server Configuration Settings Specifying the Maximum Number of DHCP Clients Per Interface Disabling ARP Table Population Attaching Dynamic Profiles to DHCP Subscriber Interfaces Attaching a Dynamic Profile to All DHCP Subscriber Interfaces Attaching a Dynamic Profile to a Group of DHCP Subscriber Interfaces Configuring Passwords for Usernames Creating Unique Usernames for DHCP Clients Verifying and Managing DHCP Local Server Configuration Tracing Extended DHCP Operations Configuring the Extended DHCP Log Filename Configuring the Number and Size of Extended DHCP Log Files Configuring Access to the Extended DHCP Log File Configuring a Regular Expression for Extended DHCP Lines to Be Logged Configuring the Extended DHCP Tracing Flags Configuring DHCP Relay for Subscriber Access Extended DHCP Relay Agent Overview Interaction Among the DHCP Relay Agent, DHCP Client, and DHCP Servers Access and Access-Internal Routes DHCP State Persistence Graceful Routing Engine Switchover Dynamic Profile Attachment to DHCP Subscriber Interfaces Overview Multiple DHCP Subscribers Sharing the Same VLAN Logical Interface Primary Dynamic Profile Using External AAA Authentication Services with DHCP Grouping Interfaces with Common DHCP Configurations Group-Specific DHCP Relay Options Overriding the Default DHCP Relay Configuration Overwriting giaddr Information Overriding Option 82 Information Using Layer 2 Unicast Transmission for DHCP Packets Trusting Option 82 Information Disabling ARP Table Population Specifying the Maximum Number of DHCP Clients Per Interface Disabling DHCP Relay Using Option 60 Information to Forward Client Traffic to Specific DHCP Servers Using Matching Option 60 Strings to Process DHCP Client Traffic Using Nonmatching Option 60 Strings to Process DHCP Client Traffic Displaying a Count of Discarded DHCP Packets with Option 60 Information Enabling and Disabling Insertion of Option 82 Information Configuring Agent-Circuit-Id Information Configuring an Option 82 Prefix Configuring Server Groups Configuring Active Server Groups Attaching Dynamic Profiles to DHCP Subscriber Interfaces Attaching a Dynamic Profile to All DHCP Subscriber Interfaces Attaching a Dynamic Profile to a Group of DHCP Subscriber Interfaces Verifying and Managing DHCP Relay Configuration Tracing Extended DHCP Operations Configuring the Extended DHCP Log Filename Configuring the Number and Size of Extended DHCP Log Files Configuring Access to the Extended DHCP Log File Configuring a Regular Expression for Extended DHCP Lines to Be Logged Configuring the Extended DHCP Tracing Flags AAA and Remote Subscriber Access Configuration Examples Example: Configuring RADIUS-Based Subscriber Authentication and Accounting Example: Configuring an Address-Assignment Pool Example: Minimum Extended DHCP Local Server Configuration Example: Extended DHCP Local Server Configuration with Optional Pool Matching Example: Minimum DHCP Relay Agent Configuration Example: DHCP Relay Agent Configuration with Multiple Clients and Servers Example: Using Option 60 Strings to Forward DHCP Client Traffic Example: Using Option 60 Strings to Drop DHCP Client Traffic Summary of AAA and Remote Subscriber Access Statements accounting accounting-port accounting-server accounting-session-id-format accounting-stop-on-access-deny accounting-stop-on-failure active-server-group address-assignment always-write-giaddr always-write-option-82 attributes authentication authentication authentication-order authentication-server boot-file boot-server circuit-id circuit-id circuit-type circuit-type default-local-server-group default-relay-server-group delimiter delimiter dhcp-attributes dhcp-local-server dhcp-relay disable-relay domain-name domain-name domain-name drop dynamic-profile dynamic-profile ethernet-port-type-virtual exclude grace-period group group hardware-address host ignore immediate-update interface interface interface-client-limit interface-client-limit interface-description-format ip-address ip-address-first layer2-unicast-replies local-server-group logical-system-name logical-system-name mac-address mac-address maximum-lease-time name-server nas-identifier nas-port-extended-format netbios-node-type network no-arp no-arp option option-60 option-60 option-82 option-82 option-82 option-82 option-match options order override-nas-information overrides overrides password password pool pool-match-order port prefix profile radius radius-server range relay-option-60 relay-option-82 relay-server-group remote-id retry revert-interval router routing-instance routing-instance-name routing-instance-name secret server-group source-address statistics tftp-server timeout traceoptions traceoptions traceoptions trust-option-82 update-interval username-include username-include user-prefix user-prefix vendor-option vlan-nas-port-stacked-format wins-server Mobile IP Overview Mobile IP Home Agent Overview Mobile IP Home Agent Overview Mobile IP Registration Home Address Assignment Authentication Re-authentication AAA Authentication Local Authentication Mobile IP Routing and Forwarding Configuring Mobile IP Configuring Mobile IP Tracing Mobile IP Operations Configuring the Mobile IP Trace Log Filename Configuring the Number and Size of Mobile IP Log Files Configuring Access to the Mobile IP Log File Configuring a Regular Expression for Mobile IP Lines to Be Logged Configuring the Mobile IP Tracing Flags Configuring the Mobile IP Authentication Method Configuring the Mobile IP Home Agent Configuring the Authentication Attributes for the Mobile Node Configuring Dynamic Home Assignment for the Mobile Node Summary of Mobile IP Statements algorithm authenticate dynamic-home-assignment enable-service entity-type home-agent home-agent home-agent home-agent-address key mobile-ip nai order peer registration-revocation replay-method spi traceoptions virtual-network Dynamic Profiles Overview Dynamic Profiles Overview Dynamic Profile Interface Support What Dynamic Profiles Do How Dynamic Profiles Work Dynamic Variables Overview How Dynamic Variables Work JUNOS Predefined Internal Variables User-Defined Variables Configuring Dynamic Profiles Configuring a Basic Dynamic Profile Configuring Predefined Internal Dynamic Variables in Dynamic Profiles Configuring User-Defined Dynamic Variables in Dynamic Profiles Configuring a Dynamic Profile for Client Access Configuring a Dynamic Profile for Various Levels of Services Modifying Dynamic Profiles Dynamic Profile Examples Example: IGMP Dynamic Profile Example: Firewall Dynamic Profile Summary of Dynamic Profile Statements attribute default-value dynamic-profiles mandatory radius tag variables vendor-id Subscriber Interface Overview Subscriber Interface Overview Statically Identifying Subscribers Dynamically Identifying Subscribers Static Subscriber Interfaces and VLAN Overview Subscriber Interfaces and IP Demux Overview Interface Sets of Static Demux Interfaces Dynamic Demux Interfaces Guidelines for Configuring IP Demux Interfaces for Subscriber Access MAC Address Validation for Subscriber Interfaces Overview Supported Types of Subscriber Interfaces Trusted Addresses Types of MAC Address Validation Configuring Subscriber Interfaces for Dynamic Profiles Configuring Static Subscriber Interfaces in Dynamic Profiles Configuring a Subscriber Interface with a Static VLAN Interface Associating Dynamic Profiles with Statically Created Interfaces Configuring a Subscriber Interface Using a Set of Static IP Demux Interfaces Configuring Dynamic Subscriber Interfaces Using IP Demux Interfaces in Dynamic Profiles Configuring MAC Address Validation for Subscriber Interfaces Configuring MAC Address Validation for Static Subscriber Interfaces Configuring MAC Address Validation for Dynamic Subscriber Interfaces Subscriber Interface Examples Example: Configuring a Static Subscriber Interface on a Gigabit Ethernet VLAN Interface (Multiple Logical Units) Example: Configuring a Static Subscriber Interface on a Gigabit Ethernet VLAN Interface Example: Configuring a Static Subscriber Interface on a Gigabit Ethernet VLAN Interface (No Autonegotiation) Example: Configuring a Static Subscriber Interface with a Loopback Example: Configuring Dynamic Subscriber Interfaces on IP Demux Interfaces Summary of Subscriber Interface Statements address demux0 demux-options demux-source family family filter interfaces interfaces mac-validate preferred-source-address underlying-interface unit unit unnumbered-address vlan-id vlan-tagging Dynamic Firewall Services Overview Dynamic Firewall Filters Overview Firewall Filter Types Firewall Filter Components Firewall Filter Processing Guidelines for Creating and Applying Filters for Subscriber Interfaces Basic Filter Syntax Configuring Filters for Dynamic Profiles Dynamically Attaching Statically Created Filters Dynamically Attaching Filters Using RADIUS Variables Firewall Filter Examples Static Filter Examples Class of Service for Subscriber Access Overview CoS for Subscriber Access Overview Hardware Requirements for CoS for Dynamic Subscriber Access CoS and Static IP Demux Interface Set Overview Changing CoS Services Overview Types of CoS Variables Static and Dynamic CoS Configurations Scenarios for Static and Dynamic Configuration of CoS Parameters Guidelines for Configuring CoS for Subscriber Access Configuring Class of Service for Subscriber Access Configuring Static Scheduling and Queuing in a Dynamic Profile for Subscriber Access Configuring Dynamic Scheduling and Queuing in a Dynamic Profile for Subscriber Access Configuring Traffic Shaping and Scheduling in a Dynamic Profile Configuring Schedulers in a Dynamic Profile Configuring CoS Variables in a Dynamic Profile Applying CoS to an Interface in a Dynamic Profile Configuring CoS on a Set of Static IP Demux Interfaces Class of Service for Subscriber Access Examples Example: Configuring Static Scheduling and Queuing for Subscriber Access Example: Configuring Aggregate Scheduling of Queues for Residential Subscribers on Static IP Demux Interfaces Example: Configuring Dynamic Scheduling and Queuing for Subscriber Access Summary of Class of Service for Subscriber Access Statements buffer-size class-of-service delay-buffer-rate drop-profile drop-profile-map forwarding-class guaranteed-rate interfaces loss-priority output-traffic-control-profile priority protocol scheduler scheduler-map scheduler-maps schedulers shaping-rate traffic-control-profiles transmit-rate unit Dynamic Protocol Configuration Overview Dynamic IGMP Configuration Overview Summary of IGMP Dynamic Profile Statements accounting disable group group-policy igmp immediate-leave interface no-accounting promiscuous-mode protocols source ssm-map static version Service Profile Examples Example: Configuring a Tiered Service Profile for Subscriber Access Subscriber Access Statement Hierarchy [edit access address-assignment] Hierarchy Level [edit access profile] Hierarchy Level [edit dynamic-profiles] Hierarchy Level [edit forwarding-options dhcp-relay] Hierarchy Level [edit system services dhcp-local-server] Hierarchy Level Index Index Index of Statements and Commands