Technical Documentation

Configuring Dynamic Authentication for VLAN Interfaces

You can use dynamic profiles, in conjunction with RADIUS, to dynamically create logical VLAN interfaces in the default logical system and in a specified routing instance. As DHCP clients in the same VLAN become active, corresponding interfaces are assigned to any specified routing instances. You can also dynamically create an underlying VLAN interface for incoming subscribers, associate interfaces created on this VLAN with the default logical system and a specified routing instance, and define RADIUS authentication values for the dynamically created interfaces.

Before you configure dynamic VLAN authentication, configure DHCP Local Server or DHCP Relay over which you want the dynamic VLAN interfaces to function.

For information about DHCP Local Server or DHCP Relay, see:

Note: You can also configure dynamically created VLAN interfaces over PPP or PPPoE interfaces. For information about how to configure PPP or PPPoE, see the JUNOS Network Interfaces Configuration Guide.

To configure dynamic authentication for dynamically created VLAN interfaces:

  1. Configure an access profile that contains the appropriate accounting order, authentication order, and server access values.

    For information about how to configure an access profile, RADIUS accounting, RADIUS statistics, and how to define RADIUS server access, see:

  2. Configure a dynamic profile that uses the default logical system and creates specific routing instances to contain dynamically created VLAN interfaces.

    See Configuring a VLAN Dynamic Profile That Associates VLAN Interfaces with Separate Routing Instances.

  3. Define the VLAN physical interface for automatic configuration.

    See the following topics:

  4. Associate an access profile to the VLAN interface.

    See Attaching Access Profiles.

  5. Associate a dynamic profile to the VLAN interface.

    See Configuring VLAN Interfaces to Use Dynamic Profiles.

Published: 2010-04-15