Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper BNG CUPS CLI Configuration Statements

This topic provides an overview of configuration commands, including syntax and option descriptions, that you use with Juniper BNG CUPS.

address-pool-manager

Syntax

Hierarchy Level

Description

Configures Juniper Address Pool Manager's (APM) connection to Juniper BNG CUPS. This configuration is done on the Juniper BNG Controller.

Options

system-id unique-identifier

Give the BNG CUPS Controller a unique network string identifier for its interactions with APM.

  • Range: Up to 45 characters

inet ip-address

APM's IPv4 address.

port port-number

The port that APM is listening on for incoming address pool manager connections.

secrets

If the gRPC Network Management Interface (gMI) connection is secured, configure any Transport Layer Security (TLS) keys, as follows:

  • certificate certificate-file

  • key private-key-file

  • ca-cert ca-certificate-file

captive-portal-content-delivery-profile (Services)

Syntax

Hierarchy Level

Description

Configure converged HTTP redirect services on the Routing Engine. This command runs on the BNG CUPS Controller.

Options

captive-portal-content-delivery-profile profile-name—Name of the CPCD profile.

Required Privilege Level

services—To view this statement in the configuration.

services–control—To add this statement to the configuration.

Release Information

Statement introduced before Juniper BNG CUPS Release 23.1.

control-plane

Syntax

Hierarchy Level

Description

Sets the system to take on the role of the Juniper BNG CUPS Controller.

Options

control-plane-name bng-cups-controller-name

The control-plane-name is a mandatory reference to the local system and can be 1 to 12 characters long. You can combine uppercase letters and lowercase letters, numbers, hyphens, and periods in this reference but cannot start or end it with a hyphen.

transport

The transport stanza is a mandatory stanza that defines the transport address on which the control plane manager listens for incoming association requests. The control plane manager can listen on an IPv4 address or an IPv6 address. On Juniper BNG CUPS Controller, only the control-plane mode is configurable.

  • inet ip-address—Specify the IPv4 address of the BNG CUPS Controller.
  • inet6 ip-address—Specify the IPv6 address of the BNG CUPS Controller.
user-plane bng-user-plane-name

Defines the BNG User Planes that are authorized to associate with the BNG CUPS Controller. You must list each BNG User Plane.

  • inet ip-address—The attribute denotes the inet address that the BNG CUPS Controller will accept an association request from. You can configure an inet address for a BNG User Plane only if the BNG CUPS Controller has an inet address.

  • inet6 ip-address—The attribute denotes the IPv6 address that the BNG CUPS Controller will accept an association request from. You can configure an inet6 address for a BNG User Plane only if the BNG CUPS Controller has an inet6 address.

  • netconf—Configure the Network Configuration Protocol (NETCONF) connection so that BNG CUPS Controller can send configurations and retrieve command outputs from BNG User Planes.

    • —Name of the BNG User Plane.
    • —Password for the BNG User Plane.
    • —The port on which the NETCONF server listens. The default is port 830.
  • statistics-reporting-interval— The interval at which statistics are reported from a BNG User Plane to the BNG CUPS Controller. The statistics reporting interval is reported in minutes.

    • Default: 1 minute

    • Range: 1 through 1440 minutes

pfcp

Specify the Packet Forwarding Control Protocol protocol attributes for the control plane manager and any other daemons using Packet Forwarding Control Protocol to communicate with their peers.

Note:

We recommend that you configure the BNG CUPS Controller and the BNG User Planes with the same Packet Forwarding Control Protocol attributes.

  • retransmission-timer—Defines the retransmission interval in seconds.

    • Default: 5 seconds

    • Range: 3 through 30

      seconds
  • retries—Defines the number of retransmission attempts.

    • Default: 5

    • Range: 5 through 10

  • heartbeat-interval—Defines the interval in seconds between keep-alive messages.
    • Default: 60

      seconds
    • Range: 60 through 600

      seconds

domain-profile

Syntax

Hierarchy Level

Description

Configures the domain profile. The domain profile defines the BNG attributes for creating domains. The domain is created based on the framed pool received from RADIUS.

Options

domain-profile domain-profile-name

Set the name of the domain profile.

preferred-prefix-length number

Define the preferred prefix length.

  • Range: 8 through 30

source-partition-qualifier string

(Optional) A string that is applied as a suffix to the domain’s location, to create a partition name that is passed to Juniper Address Pool Manager.

excluded-address last-octet number

(Optional) When you configure the preceding code phrase, the domain profile excludes all addresses with a domain pool prefix that matches the specified last-octet value.

  • Range: 0 through 255

install-discard-routes

(Optional) Indicates that you must configure a discard route (with the associated route tag supplied with the pool prefix) separately on the BNG User Planes to import these routes into the exported route set.

igmp

Syntax

Hierarchy Level

Description

Enable IGMP on the router or switch. IGMP must be enabled for the router or switch to receive multicast packets. This command runs on the BNG CUPS Controller.

The remaining statements are explained separately. See CLI Explorer.

Default

IGMP is disabled on the router or switch. IGMP is automatically enabled on all broadcast interfaces when you configure Protocol Independent Multicast (PIM) or Distance Vector Multicast Routing Protocol (DVMRP).

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

interface (Protocols IGMP)

Syntax

Hierarchy Level

Description

Enable IGMP on an interface and configure interface-specific properties. This command runs on the BNG CUPS Controller.

Options

interface-name—Name of the interface. Specify the full interface name, including the physical and logical address components. To configure all interfaces, you can specify all.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

interface (Protocols MLD)

Syntax

Hierarchy Level

Description

Enable MLD on an interface and configure interface-specific properties. This command runs on the BNG CUPS Controller.

Options

interface-name—Name of the interface. Specify the full interface name, including the physical and logical address components. To configure all interfaces, you can specify all.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

load-balancing

Syntax

Hierarchy Level

Description

Enables load balancing on Juniper BNG CUPS. This command runs on the BNG CUPS Controller.

Options

group group-name

Specify the load-balancing group.

user-plane bng-user-plane-name

Specify the BNG User Plane that is associated with the BNG CUPS Controller for load balancing.

port port-identifier

Specify the logical port that is associated with the BNG CUPS Controller load balancing.

max-weight max-weight-number

Specify the maximum weight value (1 through 255) for the logical port.

mld

Syntax

Hierarchy Level

Description

Enable MLD on the router. MLD must be enabled for the router to receive multicast packets. This command runs on the BNG CUPS Controller.

Default

MLD is disabled on the router. MLD is automatically enabled on all broadcast interfaces when you configure Protocol Independent Multicast (PIM) or Distance Vector Multicast Routing Protocol (DVMRP).

Options

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

multicast

Syntax

Hierarchy Level

Description

Configure multicast routing options properties. Note that you cannot apply a scope policy to a specific routing instance. That is, all scoping policies are applied to all routing instances. However, the scope statement does apply individually to a specific routing instance.

Note:

The multicast command runs on the BNG CUPS Controller.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

no-usage-report

Syntax

Hierarchy Level

Description

Disable subscriber physical interface usage reporting to the BNG CUPS Controller. This command runs on the BNG User Planes.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

partition

Syntax

Hierarchy Level

Description

Defines the BNG User Plane partition attribute. The partition attribute defines the geographical region or area to which the BNG User Plane belongs.

Note:

For Juniper BNG CUPS to operate with Juniper Address Pool Manager, you must configure the partition attribute.

Options

partition partition-name

Name of the partition.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

policy-options

Syntax

Hierarchy Level

Description

Configure options such as application maps for DCBX application protocol exchange and policy statements. This command runs on the BNG User Planes.

Required Privilege Level

storage—To view this statement in the configuration.storage-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

policy-statement

Syntax

Hierarchy Level

Description

Define a routing policy, including subroutine policies. This command runs on the BNG User Planes.

A term is a named structure in which match conditions and actions are defined. Routing policies are made up of one or more terms. Each routing policy term is identified by a term name. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks.

Each term contains a set of match conditions and a set of actions:

  • Match conditions are criteria that a route must match before the actions can be applied. If a route matches all criteria, one or more actions are applied to the route.

  • Actions specify whether to accept or reject the route, control how a series of policies are evaluated, and manipulate the characteristics associated with a route.

Generally, a router compares a route against the match conditions of each term in a routing policy, starting with the first and moving through the terms in the order in which they are defined, until a match is made and an explicitly configured or default action of accept or reject is taken. If none of the terms in the policy match the route, the router compares the route against the next policy, and so on, until either an action is taken or the default policy is evaluated.

If none of the match conditions of each term evaluates to true, the final action is executed. The final action is defined in an unnamed term. Additionally, you can define a default action (either accept or reject) that overrides any action intrinsic to the protocol.

The order of match conditions in a term is not relevant, because a route must match all match conditions in a term for an action to be taken.

To list the routing policies under the [edit policy-options] hierarchy level by policy-statement policy-name in alphabetical order, enter the show policy-options configuration command.

The statements are explained separately.

Options

actions—(Optional) One or more actions to take if the conditions match.

family family-name—(Optional) Specify an address family protocol. Specify inet for IPv4. Specify inet6 for 128-bit IPv6, and to enable interpretation of IPv6 router filter addresses. For IS-IS traffic, specify iso. For IPv4 multicast VPN traffic, specify inet-mvpn. For IPv6 multicast VPN traffic, specify inet6-mvpn. For multicast-distribution-tree (MDT) IPv4 traffic, specify inet-mdt. For BGP route target VPN traffic, specify route-target. For traffic engineering, specify traffic-engineering.

Note:

When family is not specified, the routing device or routing instance uses the address family or families carried by BGP. If multiprotocol BGP (MP-BGP) is enabled, the policy defaults to the protocol family or families carried in the network layer reachability information (NLRI) as configured in the family statement for BGP. If MP-BGP is not enabled, the policy uses the default BGP address family unicast IPv4.

from—(Optional) Match a route based on its source address.

as-path-neighbors (as-list | as-list-group)—Compares the AS that originated the route. Evaluates if the right most AS number on the AS path belongs to the as-list or as-list-group specified in the as-path-origins configuration statement. In the case where the route has been aggregated, and the location of the originating AS contains an AS-set, the as-path-origins operator evaluates to true if any AS contained in the AS-set belongs to the as-list or as-list-group specified in the as-path-origins configuration statement.

as-path-origins (as-list | as-list-group)—Compares the neighbor AS in the AS path. Evaluates if the first AS number on the AS path matches the as-list or as-list-group specified in the as-path-neighbors configuration statement. If the neighboring AS location happens to be an AS-set, the as-path-neighbors operator evaluates to true if any AS contained in the AS-set belongs to the as-list or as-list-group specified in the as-path-neighbors configuration statement.

as-path-transits (as-list | as-list-group)—Compares any AS in the AS-Path. Evaluates when any AS belongs to the as-list or as-list-group specified in the as-path-transit configuration statement. In the case of AS-set, the as-path-transit operator compares all the ASes in the AS-set.

as-path-calc-length count (equal | orhigher | orlower)—(Optional) Specify a number from 0 through 1024 to filter routes based on the number of calculated autonomous systems (ASs) in the AS path.

Note:
  • ASs in a sequence count as 1.

  • AS sets count as 1.

  • BGP confederation segments count as 0.

as-path-unique-count count (equal | orhigher | orlower)—(Optional) Specify a number from 0 through 1024 to filter routes based on the total number of unique non-BGP confederation autonomous systems (ASs) in the AS path.

Note:

Duplicate AS numbers are ignored for the count.

advertise-locator—(Optional) Enable IS-IS to summarize and advertise locator prefixes.

Range: 0-255

aggregate-bandwidth—(Optional) Enable BGP to advertise aggregate outbound link bandwidth for load balancing.

dynamic-tunnel-attributes dynamic-tunnel-attributes—(Optional) Choose a set of defined dynamic tunnel attributes for forwarding traffic over V4oV6 tunnels.

match-conditions—(Optional in from statement; required in to statement) One or more conditions to use to make a match. The qualifiers are described in Routing Policy Match Conditions.

multipath-resolve multipath-resolve–(Optional) Enable the use of all paths for resolution over the specified prefix.

limit-bandwidth limit-bandwidth—(Optional) Specify the limit for advertised aggregate outbound link bandwidth for load balancing.

  • Range: 0 through 4,294,967,295 bytes

no-entropy-label-capability—(Optional) Disable the entropy label capability advertisement at egress or transit routes specified in the policy.

priority (high | medium | low)—(Optional) Configure the priority for an IS-IS route to change the default order in which the routes are installed in the routing table, in the event of a network topology change.

policy subroutine-policy-name—Use another policy as a match condition within this policy. The name identifying the subroutine policy can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose it in quotation marks (“ ”). Policy names cannot take the form __.*-internal__, as this form is reserved. For information about how to configure subroutines, see Understanding Policy Subroutines in Routing Policy Match Conditions.

policy-name—Name that identifies the policy. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose it in quotation marks (“ ”).

prefix-list prefix-list-name—Name of a list of IPv4 or IPv6 prefixes.

prefix-list-filter prefix-list-name—Name of a prefix list to evaluate using qualifiers; match-type is the type of match, and actions is the action to take if the prefixes match.

programmed—(Optional) Allow policy matches for routes injected by JET APIs.

protocol protocol-name—Name of the protocol used to control traffic engineering database import at the originating point.

You can specify options to match label IS-IS and label OSPF routes using the l-isis and l-ospf options, respectively. The isis options matches all IS-IS routes, excluding labelled IS-IS routes. The ospf option matches all OSPF routes, including OSPFv2, OSPFv3 and labelled OSPF routes.

resolution-map—(Optional) Set resolution map modes. A given resolution-map can be shared across multiple policy-statements.

route-filter destination-prefix match-type <actions>—(Optional) List of routes on which to perform an immediate match; destination-prefix is the IPv4 or IPv6 route prefix to match, match-type is the type of match (see Configuring Route Lists), and actions is the action to take if the destination-prefix matches.

source-address-filter source-prefix match-type <actions>—(Optional) Unicast source addresses in multiprotocol BGP (MBGP) and Multicast Source Discovery Protocol (MSDP) environments on which to perform an immediate match. source-prefix is the IPv4 or IPv6 route prefix to match, match-type is the type of match (see Configuring Route Lists), and actions is the action to take if the source-prefix matches.

tag value—(Optional) A numeric value that identifies a route. You can tag certain routes to prioritize them over other routes. In the event of a network topology change, Junos OS updates these routes in the routing table before updating other routes with lower priority. You can also tag some routes to identify and reject them based on your requirement.

term term-name—Name that identifies the term. The term name must be unique in the policy. It can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the entire name in quotation marks (“ ”). A policy statement can include multiple terms. We recommend that you name all terms. However, you do have the option to include an unnamed term which must be the final term in the policy. To configure an unnamed term, omit the term statement when defining match conditions and actions.

to—(Optional) Match a route based on its destination address or the protocols into which the route is being advertised.

then—(Optional) Actions to take on matching routes. The actions are described in Configuring Flow Control Actions and Configuring Actions That Manipulate Route Characteristics.

set-down-bit—(Optional) Configure this option to aggregate leaked locator routes using routing policies.

validation-database-instance—(Optional) Name to identify a validation-state with database name.database-name <database-name>—(Optional) Route Validation Database name to be looked at. state (valid|invalid|unknown)—(Optional) Name to identify a validation-state

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

query-interval (Protocols IGMP)

Syntax

Hierarchy Level

Description

Specify how often the querier routing device sends general host-query messages. This command runs on the BNG User Planes.

Options

seconds—Time interval.

  • Range: 1 through 1024

  • Default: 125 seconds

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

query-interval (Protocols MLD)

Syntax

Hierarchy Level

Description

Specify how often the querier router sends general host-query messages. This command runs on the BNG User Planes.

Options

seconds—Time interval.

  • Range: 1 through 1024

  • Default: 125 seconds

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

query-last-member-interval

Syntax

Hierarchy Level

Description

Specify how often the querier routing device sends group-specific query messages. This command runs on the BNG User Planes.

Options

seconds—Time interval, in fractions of a second or seconds.

  • Range: 0.1 through 0.9, then in 1-second intervals 1 through 1024

  • Default: 1 second

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

query-response-interval

Syntax

Hierarchy Level

Description

Specify how long the querier routing device waits to receive a response to a host-query message from a host. This command runs on the BNG User Planes.

Options

seconds—The query response interval must be less than the query interval.

  • Range: 1 through 1024

  • Default: 10 seconds

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

robust-count

Syntax

Hierarchy Level

Description

Tune the expected packet loss on a subnet. This factor is used to calculate the group member interval, other querier present interval, and last-member query count. This command runs on the BNG User Planes.

Options

number—Robustness variable.

  • Range: 2 through 10

  • Default: 2

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 22.4R1.

routing-engine-services

Syntax

Hierarchy Level

Description

When configuring a Routing Engine-based captive portal service, specify the service set options to apply to a service set. The services interfaces on the Routing Engine are identified with an si- prefix (for example, si-1/1/0). The si- interface contains all redirect and rewrite traffic and services for the Routing Engine. This command runs on the BNG CUPS Controller.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 23.1.

security-profile

Syntax

Hierarchy Level

Description

Defines the security requirements needed for Data Transport Layer Security and Transport Layer Security secure connections. If the security-profile is not configured, the related BNG CUPS Controller or BNG CUPS User Plane assumes that the transport interfaces are not secure.

Options

security-profile profile-name

Give the security profile a name.

ca-cert-file-name ca-certificate-name

Name of the CA profile.

cert-file-name certificate-name

Name of the public certificate.

key-file-name key-name

Name of the private key pair.

service-interface (Services Interfaces)

Syntax

Hierarchy Level

Description

Specify the name for the services interface associated with an interface-wide service set. This command runs on the BNG CUPS Controller.

Options

interface-name

Identifier of the service interface.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Juniper BNG CUPS Release 23.1.

selection-function

Syntax

Hierarchy Level

Description

Sets the clusters in which the BNG User Plane is a member. Also, you can set the service class that the BNG User Plane supports within each cluster.

Options

cluster cluster-name

The name or names of the cluster to which the BNG User Plane belongs. You can enter one or more names.

service-group service-group-names

The names of the service classes that the BNG User Plane supports within each cluster. You can enter one or more names.

transport

Syntax

Hierarchy Level

Description

Defines the transport security for all BNG CUPS Controller and BNG User Plane inter-communication. You use the transport command to configure either the BNG CUPS Controller or the BNG User Planes, depending on which option you choose at the mode level of the hierarchy.

Options

inet ip-address

The IP address of either the BNG CUPS Controller or the BNG User Plane that you are configuring.

security-profile security-profile-name

Specify the configured security profile that lists the CA profile, public certificate, and private key pair (see security-profile).

user-plane

Syntax

Hierarchy Level

Description

Sets the system to take on the role of a BNG User Plane.

Options

user-plane-name bng-user-plane-name

The user-plane-name attribute is described in the following:

  • Is mandatory and identifies the BNG User Plane

  • Must be unique within the domain of the BNG CUPS Controller

  • Is a reference to the local system and can be 1 to 12 characters long, containing upper- and lowercase letters, numerals, hyphens, and periods

  • Must not start or end with a hyphen

transport (user-plane-name)

The transport stanza is a mandatory stanza that defines the source address from which the BNG User Plane initiates associations.

  • inet ip-address—Specify the IPv4 address of the BNG User Plane.

  • inet6 ip-address—Specify the IPv6 address of the BNG User Plane.

control-plane-name bng-cups-controller-name

Defines the BNG CUPS Controller to which this BNG User Plane will associate. The control-plane-name can be 1 to 12 characters long containing upper and lower case letters, numbers, hyphens and period. The name must not start or end with a hyphen.

transport (control-plane-name)

Defines the IPv4 or IPv6 address and port number of the BNG CUPS Controller with which the BNG User Plane attempts to make an association. The address family that you choose must match the family in the BNG User Plane's transport stanza.

  • inet ip-address—Specify the IPv4 address of the BNG CUPS Controller.

  • inet6 ip-address—Specify the IPv6 address of the BNG CUPS Controller.

pfcp

Specify the Packet Forwarding Control Protocol protocol attributes for the control plane manager and any other daemons using Packet Forwarding Control Protocol to communicate with their peer.

  • retransmission-timer—Defines the retransmission interval, in seconds.

    • Default: 3 seconds

    • Range: 3 through 30 seconds

  • retries—Defines the number of retransmission attempts.

    • Default: 3

    • Range: 3 through 10

  • heartbeat-interval—Defines the interval in seconds between keep-alive messages.
    • Default: 60

    • Range: 60 through 600

selection-function Sets the clusters in which the BNG User Plane is a member. Also, you can set the service class that the BNG User Plane supports within each cluster.
  • cluster cluster-name—The names of the cluster o which the BNG User Plane belongs. You can enter one or more names.

  • service-group service-group-name—The names of the service group or groups that the BNG User Plane supports within each cluster. You can enter one or more names.

weight

Syntax

Hierarchy Level

Description

Set the load-balancing weight for either subscribers or the logical interface set.

You can define weight based on your needs: you can define it by using subscriber bandwidth, logical interface set bandwidth, or an even number of subscribers per logical interface set. This command runs on the BNG CUPS Controller.

Options

weight weight-number

Defines the load-balancing weight value (1 through 255).