Configure PPP Support for AGF
This example describes how to configure the Access Gateway Function (AGF) to support a subscriber using Point-to-Point Protocol over Ethernet (PPPoE) for authentication.
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the
[edit] hierarchy level.
set dynamic-profiles autoconf-vlan-demux routing-instances "$junos-routing-instance" interface "$junos-interface-name" any set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options chap set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options pap set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options aaa-options nas-5g-access-options set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options server set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" no-keepalives set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface" set access profile NAS-5G-AGF authentication-order nas-5g set access nas-5g max-outstanding-requests 1000 set access nas-5g request-retry 3 set access nas-5g timeout 30 set access aaa-options NAS-5G-ACCESS-OPTIONS access-profile NAS-5G-AGF set access aaa-options NAS-5G-ACCESS-OPTIONS aaa-context AMF-RI set access aaa-options NAS-5G-ACCESS-OPTIONS subscriber-context UE-RI-1 set access domain map DOMAIN1.COM aaa-routing-instance AMF-RI set access domain map DOMAIN1.COM access-profile nas-5g-agf set access domain map DOMAIN1.COM target-routing-instance UE-RI-1 set routing-instances UE-RI-1 instance-type virtual-router set routing-instances UE-RI-1 interface xe-2/0/1.3 set routing-instances UE-RI-1 interface lo0.1
Step-by-Step Procedure
-
Configure the dynamic profile for the Point-to-Point Protocol (PPP) subscriber.
[edit] user@host# set dynamic-profiles autoconf-vlan-demux routing-instances "$junos-routing-instance" interface "$junos-interface-name" any user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options chap user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options pap user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options aaa-options nas-5g-access-options user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options server user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" no-keepalives user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
-
Set the access authentication method for the subscriber group to use Non-Access Stratum (NAS) signaling.
[edit] user@host# set access profile NAS-5G-AGF authentication-order nas-5g
-
Configure the following options for NAS signaling between the AGF and the AMF.
-
Maximum number of outstanding request—The number of unanswered request messages from the AMF.
-
Number of retries—The number of attempts for a registration or deregistration request .
-
Timeout—The duration that the AGF waits for a response from the AMF.
[edit] user@host# set access nas-5g max-outstanding-requests 1000 user@host# set access nas-5g request-retry 3 user@host# set access nas-5g timeout 30
-
-
Define the profile with a set of AAA options for the PPP subscriber by performing the following steps:
-
Create the access profile (
access-profile) for the subscriber group. - Specify the logical-system:routing-instance (LS:RI) that the subscriber session uses for AAA (RADIUS) interactions.
- Specify the LS:RI where the subscriber interface is placed. In this case, we are using the default routing instance.
[edit] user@host# set access aaa-options NAS-5G-ACCESS-OPTIONS access-profile NAS-5G-AGF user@host# set access aaa-options NAS-5G-ACCESS-OPTIONS aaa-context AMF-RI user@host# set access aaa-options NAS-5G-ACCESS-OPTIONS subscriber-context UE-RI-1
Alternatively, you can create a domain map and apply the domain map to the access profile.
[edit] user@host# set access domain map DOMAIN1.COM aaa-routing-instance AMF-RI user@host# set access domain map DOMAIN1.COM access-profile NAS-5G-AGF user@host# set access domain map DOMAIN1.COM target-routing-instance UE-RI-1
-
-
Configure the routing instance.
[edit] user@host# set routing-instances UE-RI-1 instance-type virtual-router user@host# set routing-instances UE-RI-1 interface xe-2/0/1.3 user@host# set routing-instances UE-RI-1 interface lo0.1
For more information on PPP Subscribers, see PPP Subscriber Access Networks Overview