 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To configure access, include the following statements at the [edit access] hierarchy level:
- [edit access]
-
address-assignment {
-
-
pool pool-name family inet {
-
network address-or-prefix</subnet-mask>;
-
-
range name {
- low lower-limit high upper-limit;
- }
-
-
host hostname {
-
hardware-address mac-address;
-
ip-address ip-address;
- }
-
-
dhcp-attributes {
- [protocol-specific-attributes];
- }
- }
- }
-
address-pool pool-name {
-
address address-or-prefix;
-
address-range low <lower-limit> high <upper-limit>;
- }
-
group-profile profile-name {
-
-
l2tp {
-
interface-id interface-id;
-
lcp-renegotiation;
-
local-chap;
-
maximum-sessions-per-tunnel number;
-
-
multilink {
-
drop-timeout milliseconds;
-
fragmentation-threshold bytes;
- }
- }
-
-
ppp {
-
cell-overhead;
-
encapsulation-overhead bytes;
-
framed-pool pool-id;
-
idle-timeout seconds;
-
interface-id interface-id;
-
keepalive seconds;
-
primary-dns primary-dns;
-
primary-wins primary-wins;
-
secondary-dns secondary-dns;
-
secondary-wins secondary-wins;
- }
- }
-
profile profile-name {
-
-
accounting {
-
accounting-stop-on-access-deny;
-
accounting-stop-on-failure;
-
order [ accounting-method ];
-
statistics (time);
-
update-interval minutes;
- }
-
accounting-order radius;
-
-
authentication {
-
order [ authentication-methods ];
- }
-
authentication-order [ authentication-methods ];
-
-
client client-name {
-
chap-secret chap-secret;
-
group-profile profile-name;
-
-
ike {
-
-
allowed-proxy-pair {
- remote remote-proxy-address local local-proxy-address;
- }
-
pre-shared-key (ascii-text character-string | hexadecimal hexadecimal-digits);
-
ike-policy policy-name
-
interface-id interface-id;
- }
-
-
l2tp {
-
interface-id interface-id;
-
lcp-renegotiation;
-
local-chap;
-
maximum-sessions-per-tunnel number;
-
-
multilink {
-
drop-timeout milliseconds;
-
fragmentation-threshold bytes;
- }
-
ppp-authentication (chap | pap);
-
ppp-profile profile-name;
-
shared-secret shared-secret;
- }
-
pap-password pap-password;
-
-
ppp {
-
cell-overhead;
-
encapsulation-overhead bytes;
-
framed-ip-address ip-address;
-
framed-pool framed-pool;
-
idle-timeout seconds;
-
interface-id interface-id;
-
keepalive seconds;
-
primary-dns primary-dns;
-
primary-wins primary-wins;
-
secondary-dns secondary-dns;
-
secondary-wins secondary-wins;
- }
-
user-group-profile profile-name;
- }
-
-
radius {
-
authentication-server [ ip-address ];
-
accounting-server [ ip-address ];
-
-
options {
-
accounting-session-id-format (decimal | description);
-
ethernet-port-type-virtual;
-
interface-description-format [sub-interface | adapter];
-
nas-identifier identifier-value;
-
-
nas-port-extended-format {
- adapter-width width;
- port-width width;
- slot-width width;
- stacked-vlan-width width;
- vlan-width width;
- }
-
override-nas-information;
-
revert-interval interval;
-
vlan-nas-port-stacked-format;
- }
-
-
attributes {
-
-
ignore {
- framed-ip-netmask;
- input-filter;
- logical-system-routing-instance;
- output-filter;
- }
-
-
exclude
- accounting-authentic [ accounting-on | accounting-off ];
- accounting-delay-time [ accounting-on | accounting-off
];
- accounting-session-id [ access-request | accounting-on
| accounting-off | accounting-stop ];
- accounting-terminate-cause [ accounting-off ];
- called-station-id [ access-request | accounting-start |
accounting-stop ];
- calling-station-id [ access-request | accounting-start
| accounting-stop ];
- class [ accounting-start | accounting-stop ];
- dhcp-options [ access-request | accounting-start | accounting-stop
];
- dhcp-gi-address [ access-request | accounting-start | accounting-stop
];
- dhcp-mac-address [ access-request | accounting-start |
accounting-stop ];
- output-filter [ accounting-start | accounting-stop ];
- event-timestamp [ accounting-on | accounting-off | accounting-start
| accounting-stop ];
- framed-ip-address [ accounting-start | accounting-stop
];
- framed-ip-netmask [ accounting-start | accounting-stop
];
- input-filter [ accounting-start | accounting-stop ];
- input-gigapackets [ accounting-stop ];
- input-gigawords [ accounting-stop ];
- interface-description [ access-request | accounting-start
| accounting-stop ];
- nas-identifier [ access-request | accounting-on | accounting-off
| accounting-start | accounting-stop ];
- nas-port [ access-request | accounting-start | accounting-stop
];
- nas-port-id [ access-request | accounting-start | accounting-stop
];
- nas-port-type [ access-request | accounting-start | accounting-stop
];
- output-gigapackets [ accounting-stop ];
- output-gigawords [ accounting-stop ];
- }
- }
- }
-
-
radius-server server-address {
-
accounting-port port-number;
-
port port-number;
-
retry attempts ;
-
routing-instance routing-instance-name;
-
secret password;
-
source-address source-address;
-
timeout seconds;
- }
- }
-
radius-disconnect {
-
-
client-address {
-
secret password;
- }
- }
-
radius-disconnect-port port-number;
-
radius-server server-address {
-
accounting-port port-number;
-
port port-number;
-
retry attempts;
-
routing-instance routing-instance-name;
-
secret password;
-
source-address source-address;
-
timeout seconds;
- }
-
traceoptions {
- flag all;
- flag authentication;
- flag chap;
- flag configuration;
- flag kernel;
- flag radius;
- }
This chapter discusses the following topics:
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |