profile (Subscriber Access)
Syntax
profile profile-name {
accounting {
address-change-immediate-update
accounting-stop-on-access-deny;
accounting-stop-on-failure;
ancp-speed-change-immediate-update;
coa-immediate-update;
coa-no-override service-class-attribute;
duplication;
duplication-filter;
duplication-vrf {
access-profile-name profile-name;
vrf-name vrf-name;
}
immediate-update;
order [ accounting-method ];
send-acct-status-on-config-change;
statistics (time | volume-time);
update-interval minutes;
wait-for-acct-on-ack;
}
accounting-order (radius | [accounting-order-data-list]);
authentication-order [ authentication-methods ];
client client-name {
chap-secret chap-secret;
group-profile profile-name;
ike {
allowed-proxy-pair {
remote remote-proxy-address local local-proxy-address;
}
pre-shared-key (ascii-text character-string | hexadecimal hexadecimal-digits);
ike-policy policy-name;
interface-id string-value;
}
l2tp {
aaa-access-profile profile-name;
interface-id interface-id;
lcp-renegotiation;
local-chap;
maximum-sessions number;
maximum-sessions-per-tunnel number;
multilink {
drop-timeout milliseconds;
fragment-threshold bytes;
}
override-result-code session-out-of-resource;
ppp-authentication (chap | pap);
ppp-profile profile-name;
service-profile profile-name(parameter)&profile-name;
sessions-limit-group limit-group-name;
shared-secret shared-secret;
}
pap-password pap-password;
ppp {
cell-overhead;
encapsulation-overhead bytes;
framed-ip-address ip-address;
framed-pool framed-pool;
idle-timeout seconds;
interface-id interface-id;
keepalive seconds;
primary-dns primary-dns;
primary-wins primary-wins;
secondary-dns secondary-dns;
secondary-wins secondary-wins;
}
user-group-profile profile-name;
}
domain-name-server;
domain-name-server-inet;
domain-name-server-inet6;
local {
flat-file-profile profile-name;
}
preauthentication-order preauthentication-method;
provisioning-order (gx-plus | jsrc | pcrf);
radius {
accounting-server [ ip-address ];
attributes {
exclude {
attribute-name packet-type;
standard-attribute number {
packet-type [ access-request | accounting-off | accounting-on | accounting-start | accounting-stop ];
}
vendor-id id-number {
vendor-attribute vsa-number {
packet-type [ access-request | accounting-off | accounting-on | accounting-start | accounting-stop ];
}
}
}
ignore {
dynamic-iflset-name;
framed-ip-netmask;
idle-timeout;
input-filter;
logical-system:routing-instance;
output-filter;
session-timeout;
standard-attribute number;
vendor-id id-number {
vendor-attribute vsa-number;
}
}
}
authentication-server [ ip-address ];
options {
accounting-session-id-format (decimal | description);
calling-station-id-delimiter delimiter-character;
calling-station-id-format {
agent-circuit-id;
agent-remote-id;
interface-description;
interface-text-description;
mac-address;
nas-identifier;
stacked-vlan;
vlan;
}
chap-challenge-in-request-authenticator;
client-accounting-algorithm (direct | round-robin);
client-authentication-algorithm (direct | round-robin);
coa-dynamic-variable-validation;
ethernet-port-type-virtual;
interface-description-format {
exclude-adapter;
exclude-channel;
exclude-sub-interface;
}
juniper-access-line-attributes;
nas-identifier identifier-value;
nas-port-extended-format {
adapter-width width;
ae-width width;
port-width width;
pw-width width;
slot-width width;
stacked-vlan-width width;
vlan-width width;
atm {
adapter-width width;
port-width width:
slot-width width;
vci-width width:
vpi-width width;
}
}
nas-port-id-delimiter delimiter-character;
nas-port-id-format {
agent-circuit-id;
agent-remote-id;
interface-description;
interface-text-description;
nas-identifier;
order {
agent-circuit-id;
agent-remote-id;
interface-description;
interface-text-description;
nas-identifier;
postpend-vlan-tags;
}
postpend-vlan-tags;
}
nas-port-type {
ethernet {
port-type;
}
}
override {
calling-station-id remote-circuit-id;
nas-ip-address tunnel-client-gateway-address;
nas-port tunnel-client-nas-port;
nas-port-type tunnel-client-nas-port-type;
}
remote-circuit-id-delimiter;
remote-circuit-id-fallback {
remote-circuit-id-format;
agent-circuit-id;
agent-remote-id;
}
revert-interval interval;
service-activation {
dynamic-profile (optional-at-login | required-at-login);
extensible-service (optional-at-login | required-at-login);
}
vlan-nas-port-stacked-format;
}
preauthentication-server ip-address;
}
radius-server server-address {
accounting-port port-number;
accounting-retry number;
accounting-timeout seconds;
dynamic-request-port
port port-number;
preauthentication-port port-number;
preauthentication-secret password;
retry attempts;
routing-instance routing-instance-name;
secret password;
max-outstanding-requests value;
source-address source-address;
timeout seconds;
}
service {
accounting {
statistics (time | volume-time);
update-interval minutes;
}
accounting-order (activation-protocol | local | radius);
}
session-limit-per-username number;
session-options {
client-idle-timeout minutes;
client-idle-timeout-ingress-only;
client-session-timeoutminutes;
pcc-context {
input-service-filter-name filter-name;
input-service-set-name service-set-name;
ipv6-input-service-filter-name filter-name;
ipv6-input-service-set-name service-set-name;
ipv6-output-service-filter-name filter-name;
ipv6-output-service-set-name service-set-name;
output-service-filter-name filter-name;
output-service-set-name service-set-name;
profile-name pcef-profile-name;
}
strip-user-name {
delimiter [ delimiter ];
parse-direction (left-to-right | right-to-left);
}
}
subscriber username {
delegated-pool delegated-pool-name;
framed-ip-address ipv4-address;
framed-ipv6-pool ipv6-pool-name;
framed-pool ipv4-pool-name;
password password;
target-logical-system logical-system-name <target-routing-instance (default | routing-instance-name>;
target-routing-instance (default | routing-instance-name);
}
}
Hierarchy Level
[edit access]
Description
Configure a subscriber access profile that includes subscriber access, L2TP, or PPP properties.
Options
profile-name—Name of the profile.
For CHAP, the name serves as the mapping between peer identifiers and CHAP secret keys. This entity is queried for the secret key whenever a CHAP challenge or response is received.
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.