Configure DHCP Support for AGF
This example describes how to configure the Access Gateway Function (AGF) to support the use of Dynamic Host Configuration Protocol (DHCP) for subscriber authentication. In this example, we configure DHCP relay to forward the DHCP request and reply packets between the subscriber (DHCP client) and the DHCP server on the 5G core (5GC).
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the
[edit]
hierarchy level.
set group AGF_SUBSCRIBER_GROUP authentication password $abc123 set group AGF_SUBSCRIBER_GROUP authentication username-include user-prefix USER set group AGF_SUBSCRIBER_GROUP access-profile NAS-5G-AGF set group AGF_SUBSCRIBER_GROUP overrides trust-option-82 set group AGF_SUBSCRIBER_GROUP interface xe-1/0/0.0 set access profile NAS-5G-AGF authentication-order nas-5g set access domain map DOMAIN1.COM aaa-routing-instance default set access domain map DOMAIN1.COM access-profile NAS-5G-AGF set access domain map DOMAIN1.COM target-routing-instance UE-RI-1 set access nas-5g max-outstanding-requests 1000 set access nas-5g request-retry 3 set access nas-5g timeout 30 set routing-instances UE-RI-1 instance-type virtual-router set routing-instances UE-RI-1 interface xe-2/0/1.3 set routing-instances UE-RI-1 interface lo0.1
Step-by-Step Procedure
-
Create a subscriber group with the authentication fields that will be passed to the access interface.
[edit forwarding-options dhcp-relay] user@host# set group AGF_SUBSCRIBER_GROUP authentication password $abc123 user@host# set group AGF_SUBSCRIBER_GROUP authentication username-include user-prefix USER
-
Create an access profile (
access-profile
) for the group subscribers that will be authenticating in the 5GC and attach the profile to the DHCP relay agent.[edit forwarding-options dhcp-relay] user@host# set group AGF_SUBSCRIBER_GROUP access-profile NAS-5G-AGF
-
Configure the router to always accept the DHCP client packets that contain option 82 information.
[edit forwarding-options dhcp-relay] user@host# set group AGF_SUBSCRIBER_GROUP overrides trust-option-82
- Specify the interface to which that the DHCP subscribers will connect.
[edit forwarding-options dhcp-relay] user@host# set group AGF_SUBSCRIBER_GROUP interface xe-1/0/0.0
-
Set the access profile that the AGF will use to authenticate for the subscriber group to authenticate using Non-Access Stratum (NAS) signaling.
[edit] user@host# set access profile NAS-5G-AGF authentication-order nas-5g
-
Create the domain map and apply the domain map to the access profile.
edit] user@host# set access domain map DOMAIN1.COM aaa-routing-instance default user@host# set access domain map DOMAIN1.COM access-profile NAS-5G-AGF user@host# set access domain map DOMAIN1.COM target-routing-instance UE-RI-1
-
Configure the following options for NAS signaling between the AGF and the Access and Mobility Management Function (AMF).
-
Maximum number of outstanding request—The number of unanswered request messages from the AMF.
-
Number of retries—The number of attempts for a registration or deregistration request .
-
Timeout—The duration that the AGF waits for a response from the AMF.
[edit] user@host# set access nas-5g max-outstanding-requests 1000 user@host# set access nas-5g request-retry 3 user@host# set access nas-5g timeout 30
-
-
Configure the routing instance.
[edit] user@host# set routing-instances UE-RI-1 instance-type virtual-router user@host# set routing-instances UE-RI-1 interface xe-2/0/1.3 user@host# set routing-instances UE-RI-1 interface lo0.1
For more information on DHCP subscribers, see DHCP Subscriber Access Networks Overview