Configuring Local Address Servers

The local address server allocates IP addresses from a pool of addresses stored locally on the router. You can optionally configure shared local address pools to obtain addresses from a DHCP local address pool that is in the same virtual router. Addresses are provided automatically to client sessions requiring an IP address from a virtual router that is configured to use a local address pool.

A local address server is defined in the context of a virtual router. You create a local address server when you configure the first local pool. Local address servers exist as long as the virtual router exists or until you remove them by deleting all configured pools.

Figure 1 illustrates the local address pool hierarchy. Multiple local address server instances, one per virtual router. can exist. Each local address server can have one or more local address pools. Each pool can contain a number of IP addresses that are available for allocation and used by clients, such as PPP sessions.

Figure 1: Local Address Pool Hierarchy

Local Address Pool Ranges

As shown in Figure 1, each local address pool is named and contains ranges of sequentially ordered IP addresses. These addresses are allocated when the AAA server makes a request for an IP address.

If a local address pool range is exhausted, the next range of addresses is used. If all pool ranges are exhausted, you can configure a new range to extend or supplement the existing range of addresses, or you can create a new pool. The newly created pool range is then used for future address allocation. If addresses allocated from the first pool range are released, then subsequent requests for addresses are taken from the first pool range.

Addresses are assigned sequentially from a range within a pool. If a range has no addresses available, the next range within that pool is used. If a pool has no addresses available, the next configured pool is used, unless a specific pool is indicated.

Local Address Pool Aliases

An alias is an alternate name for an existing local address pool. It comprises an alias name and a pool name.

When the AAA server requests an IP address from a specific local address pool, the local address server first verifies whether an alias exists for the requested pool. If an alias exists, the IP address is allocated from the pool specified by the alias. If no alias exists, the IP address is allocated from the pool originally specified in the request.

The use of aliases simplifies management of subscribers. For example, you can use an alias to migrate subscribers from one local address pool to another. Instead of having to modify countless subscriber records on the AAA server, you create an alias to make the configuration change.

Shared Local Address Pools

Typically, the local address server allocates IP addresses from a pool of addresses that is stored locally on the router. However, shared local address pools enable a local address server to hand out addresses that are allocated from DHCP local server address pools within the same virtual router. The addresses are configured and managed within DHCP. Therefore, thresholds are not configured on the shared pool, but are instead managed by the referenced DHCP local server pool.

A shared local address pool references one DHCP address pool. The shared local address pool can then obtain addresses from the referenced DHCP address pool and from any DHCP address pools that are linked to the referenced DHCP address pool.

Figure 2 illustrates a shared local address pool environment that includes four linked DHCP address pools. In the figure, both Shared_LAS_Pool_A and Shared_LAS_Pool_B reference DHCP_Pool_1, and can therefore obtain addresses from all four DHCP address pools. Shared_LAS_Pool_C references DHCP_Pool_3 and can get addresses from DHCP_Pool_3 and DHCP_Pool_4.

Figure 2: Shared Local Address Pools

When the local address server requests an address from a shared address pool, the address is returned from the referenced DHCP pool or a subsequent linked pool. If no address is available, DHCP notifies the local address server and the search is ended.

Keep the following guidelines in mind when using shared local address pools:

The DHCP attributes do not apply to shared local address pools; for example, the lease time for shared local address pools is infinite.
When you delete the referenced DHCP address pool, DHCP notifies the local address server and logs out all subscribers that are using addresses from the deleted pool.
When you delete a shared local address pool, the local address server logs out the subscribers that are using addresses from the deleted pool, then notifies DHCP and releases the addresses.
If the chain of linked DHCP address pools is broken, no action is taken and the existing subscribers retain their address. However, the DHCP local address pools that are no longer part of the chain are now unable to provide any new addresses.

Example

This following commands create the shared address pools in Figure 2:

host1(config)#ip local shared-pool Shared_LAS_Pool_A DHCP_Pool_1 host1(config)#ip local shared-pool Shared_LAS_Pool_B DHCP_Pool_1 host1(config)#ip local shared-pool Shared_LAS_Pool_C DHCP_Pool_3

SNMP Thresholds

An address pool has SNMP thresholds associated with it that enable the local address server to signal SNMP traps when certain conditions exist. These thresholds include high utilization threshold and abated utilization threshold. If a pool’s outstanding addresses exceed the high utilization threshold and the SNMP trap signaling is enabled, SNMP is notified. Likewise, when a pool’s utilization drops below the abated threshold utilization threshold, SNMP is notified.

Configuring a Local Address Server

You can create, modify, and delete address pools. You can display address pool information or status with the show ip local pool command. The following are examples of tasks you can configure:

Specify an addressing scheme.
host1(config)#ip address-pool local
Map an address pool name to a range of local addresses. You can also use this command to add additional ranges to a pool.
host1(config)#ip local pool addrpool_10 192.168.56.10 192.168.56.15
Map a primary local address pool name to a domain name.
host1(config)#aaa domain-map westford.com host1(config-domain-map)#address-pool-name poolA
(Optional) Map a backup address pool to a domain name, which is used for address allocation if the primary local address pool is fully allocated.
host1(config)#aaa domain-map westford.com host1(config-domain-map)#backup-address-pool-name backup_poolB
(Optional) Map the domain name to the IPv6 local address pool, which is used for prefix delegation. If the authentication server returns the prefix pool name in the Framed-Ipv6-Pool attribute of the RADIUS-Accept-Request message, this value overrides the IPv6 local pool configured using the ipv6-prefix-pool-name command.
host1(config)#aaa domain-map westford.com host1(config-domain-map)#ipv6-prefix-pool-name local_addr_pool
Delete an address pool.
host1(config)#no ip local pool addrpool_10
Note: If a pool or range is deleted and addresses are outstanding, the AAA server logs out the clients using the addresses.
Create a shared local address pool.
host1(config)#ip local shared-pool Shared_LAS_Pool_A DHCP_Pool_1
Delete a shared local address pool.
host1(config)#no ip local shared-pool Shared_LAS_Pool_C
Set SNMP variables by specifying an existing pool name and values.
host1(config)#ip local pool addrpool_10 warning 90 80

address-pool-name

Use to specify the name of the primary local address pool from which the router allocates addresses for the domain that you are configuring.
If the authentication server does not return an address, the router allocates an address from this pool. The authentication server may override this pool name using RADIUS attributes such as Framed-Pool.
The primary pool name is a character string up to 16 characters long.
Example
host1(config)#aaa domain-map westford.com host1(config-domain-map)#address-pool-name poolA
Use the no version to remove the primary local address pool name.
See address-pool-name

backup-address-pool-name

Use to specify the name of the backup local address pool from which the router allocates addresses for the domain that you are configuring, if the primary local address pool is fully allocated.
The backup local address pool takes effect only if you configured a valid primary local address pool.
If the primary local address pool has been fully allocated, and if you did not configure a backup local address pool, the request is denied. This behavior is the same as what existed in previous JunosE releases.
If the authentication server returns the backup local address pool name in the RADIUS-Access-Accept message, this value overrides the backup address pool configured using the backup-address-pool-name command.
You can specify a local address pool to be the backup address pool for some users and the primary pool for other users.
You can also use the same local address pool as the backup address pool for subscribers using different primary address pools.
The backup pool name is a character string up to 16 characters long.
Example
host1(config)#aaa domain-map westford.com host1(config-domain-map)#backup-address-pool-name backup_poolB
Use the no version to remove the backup address pool name.
See backup-address-pool-name.

ip address-pool

Use to specify the addressing scheme: dhcp, local, or none.
The addressing scheme none returns a special indicator to AAA that enables the remote PPP client to assign its own address.
Example
host1(config)#ip address-pool dhcp
Use the no version to specify the default, local.
See ip address-pool

ip local alias

Use to create an alias for an existing local address pool. The IP address is allocated from the pool specified by the alias rather than from the pool specified in the IP address request.
An alias name may contain up to 16 characters.
You can configure a maximum of 32 aliases per virtual router.
A local address pool can have multiple aliases.
You can set the name of the alias to match the name of a local address pool; however, the two names used in the alias cannot be the same.
You can modify an existing alias with a different local address pool name.
When a local address pool is deleted, all aliases with the matching pool name are also deleted.
Example
host1(config)#ip local alias groupB pool-name addrpool_10
Use the no version to remove the alias name.
See ip local alias

ip local pool

Use to map an address pool name to a range of local addresses.
You can create a pool with no address ranges configured for it.
A name may contain up to 16 characters.
Example
host1(config)#ip local pool addrpool_10 192.168.56.10 192.168.56.15
Use the no version to remove the local pool (all ranges), or the specified range.
See ip local pool

ip local pool snmpTrap

Use to enable SNMP pool utilization traps.
Example
host 1(config)#ip local pool addr_test snmpTrap
Use the no version to disable SNMP pool utilization traps.
See ip local pool snmpTrap

ip local pool warning

Use to set SNMP utilization warning threshold values.
Example
host1(config)#ip local pool addr_test warning 90 80
Use the no version to reset the attributes to their default values; high threshold 85, abated threshold 75.
See ip local pool warning

ip local shared-pool

Use to create a local shared address pool and to specify the DHCP address pool that provides the addresses.
You can reference a DHCP address pool that has not yet been configured.
Example
host1(config)#ip local shared-pool sharedPool11 dhcpPool6
Use the no version to delete a specific local shared address pool.
See ip local shared-pool

ipv6-prefix-pool-name

Use to specify the name of the IPv6 local address pool from which the delegating router allocates prefixes to the requesting routers for the domain that you are configuring.
When a user is authenticated using a RADIUS server, the RADIUS server might return one or more of the following attributes in the Access-Accept message in response to the client authentication request:
- Ipv6-NdRa-Prefix (VSA 26-129)
- Framed-IPv6-Prefix (RADIUS IETF attribute 97)
- Delegated-IPv6-Prefix (RADIUS IETF attribute 123)
- Framed-IPv6-Pool (RADIUS IETF attribute 100)
The prefix or pool name that the authentication server returns in any of these attributes of the RADIUS-Access-Accept message takes priority over the local prefix pool name configured for the domain map.
If the pool name or prefix is not present in the RADIUS-Access-Accept message, the IPv6 local address pool name configured using the ipv6-prefix-pool-name command is used to delegate prefixes to requesting DHCPv6 clients.
The IPv6 local pool name is a character string up to 16 characters long.
Example
host1(config)#aaa domain-map sunnyvale.com host1(config-domain-map)#ipv6-prefix-pool-name local_addr_pool
Use the no version to remove the IPv6 local address pool name from the domain map.
See ipv6-prefix-pool-name.