Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring Static LNS MLPPP Subscribers

This example shows how to configure static L2TP network server (LNS) multilink (MLPPP) subscribers.

Requirements

This example uses the following hardware and software components:

  • MX Series with MPC2s installed

  • Junos OS Release 13.3 or later

Before you configure static L2TP network server (LNS) multilink (MLPPP) subscribers, be sure you have:

Overview

An MLPPP subscriber consists of two IFLs (logical interfaces), a member link, and a bundle. For static MLPPP subscribers, you configure the member link and bundle statically. For static LNS MLPPP subscribers, you configure both member link and bundle IFLs manually. After you configure the subscriber’s interface using the family mlppp setting, before the member link IFL can start LCP (link control protocol) negotiation for an LNS, you must also fully configure the member link’s bundle IFL. Figure 1 shows how the different types of traffic traverse through a network where the MX Series device is acting as the LNS to terminate MLPPP bundles.

Topology

Figure 1: MLPPP Bundles Terminated at MX Series as the LNS NetworkMLPPP Bundles Terminated at MX Series as the LNS Network

The following three domains are shown passing traffic through the LNS network:

  • PPP domain—Contains data and voice traffic

  • MLPPP domain—Contains data traffic only

  • L2TP domain—Contains all types of traffic

Configuration

To configure static L2TP network server (LNS) multilink (MLPPP) subscribers, perform these tasks:

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Configuring a Tunnel Group with Inline Service Interface and L2TP Access Profile Attributes

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

To configure a tunnel group with inline service interface (si) and L2TP access profile attributes for static LNS MLPPP subscribers:

  1. Create the access profile.

    [edit access]

    user@host# set profile ce-l2tp-profile1

  2. Configure an L2TP (LAC) access client.

    [edit access profile ce-l2tp-profile1]

    user@host# set client ce-lac-1

  3. Associate a group profile containing PPP attributes to apply for the PPP sessions being tunneled from this LAC client.

    [edit access profile ce-l2tp-profile1 client ce-lac1ce-lac1]

    user@host# set user-group-profile ce-lac-1-gp

  4. Configure the following L2TP access profile attributes for this example:

    • Link control protocol (LCP) with the PPP client.

    • Maximum number of sessions allowed in a tunnel from the client (LAC).

    • Tunnel password used to authenticate the client (LAC).

    • L2TP client is MLPPP-capable for static subscribers. The multilink statement determines whether MLPPP is supported for subscribers coming in from the LAC peer.

    [edit access profile ce-l2tp-profile1 client ce-lac1ce-lac1]

    user@host# set l2tp lcp-renegotiation

    user@host# set l2tp maximum-sessions-per-tunnel 2000

    user@host# set l2tp shared-secret password

    user@host# set l2tp multilink

    Note:

    Do not specify a dynamic profile name in the L2TP access client profile for static LNS MLPPP subscribers.

  5. Create the tunnel group.

    [edit services l2tp]

    user@host# set tunnel-group lns1

  6. Set the tunnel access profile equal to the setting you defined for the access profile.

    [edit services l2tp tunnel-group lns1]

    user@host# set l2tp-access-profile ce-l2tp-profile1

  7. Set the L2TP AAA access profile.

    Note:

    You can specify the L2TP AAA access profile at either the [edit access] or [edit services] hierarchy levels, using the LNS access client profile or tunnel-group statements, respectively. An L2TP AAA access profile defined using the [edit access] hierarchy level overrides the L2TP AAA access profile defined for the tunnel-group using the [edit services] hierarchy level.

    [edit services l2tp tunnel-group lns1]

    user@host# set aaa-access-profile ce-authenticator

  8. Set the local gateway address for the L2TP tunnel.

    [edit services l2tp tunnel-group lns1]

    user@host# set local-gateway address 10.1.1.2

  9. Specify the inline services interface (si) for the static LNS MLPPP subscribers.

    [edit services l2tp tunnel-group lns1]

    user@host# set service-interface si-1/0/0

  10. If you are done configuring the device, commit the configuration.

Configuring a Static LNS Member Link IFL

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

To configure the static LNS member link IFL, you specify the static bundle using the family mlppp statement.

You must also configure the family inet statement in the subscriber (si) interface. The family inet setting enables the L2TP long route to be installed and supported for the lookup engine to steer control packets to the Routing Engine; and also enables mixed mode support, if required.

The following example shows that both PPP and MLPPP subscribers can log in successfully using the si-1/0/0.1 interface, whereas only MLPPP subscribers can log in successfully using the si-1/0/0.2 interface.

  1. Create the si-1/0/0.1 and si-1/0/0.2 interfaces.

    [edit interfaces]

    user@host# set si-1/0/0.1

    user@host# set si-1/0/0.2

  2. For the si-1/0/0.1 interface, set the L2TP dial options to specify that the logical interface can host one session at a time (dedicated).

    [edit interfaces si-1/0/0.1]

    user@host# set dial-options l2tp-interface-id not used dedicated

  3. Enable MLPPP support and configure the static bundle inline interface (IFL).

    [edit interfaces si-1/0/0.1]

    user@host# set family mlppp bundle si-5/1/0.100

  4. Enable LNS support and mixed mode support.

    [edit interfaces si-1/0/0.1]

    user@host# set family inet unnumbered-address lo0.0

  5. For the si-1/0/0.2 interface, set the L2TP dial options to specify that the logical interface can host one session at a time (dedicated).

    [edit interfaces si-1/0/0.2]

    user@host# set dial-options l2tp-interface-id not used dedicated

  6. Enable MLPPP support and configure the static bundle inline interface (IFL).

    [edit interfaces si-1/0/0.2]

    user@host# set family mlppp bundle si-5/1/0.101

  7. Enable LNS long route support.

    [edit interfaces si-1/0/0.2]

    user@host# set family inet

  8. If you are done configuring the device, commit the configuration.

Configuring a Static Inline Services MLPPP Bundle IFL

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

To configure the static inline services (si) interface MLPPP bundle IFL, you specify the encapsulation multilink-ppp statement within the si interface. The si interface anchors the bundle interface.

You can also set these optional MLPPP parameters: MRRU, short sequence, and fragment-threshold. The following example shows how to configure the static (si) interface MLPPP bundle IFL.

  1. Create the static (si) interface MLPPP bundle IFL si-5/0/0 with a unit of 100.

    [edit interfaces]

    user@host# set si-5/0/0 unit 100

  2. Configure the encapsulation multilink-ppp statement to enable MLPPP bundling for the si-5/0/0.100 interface.

    [edit interfaces si-5/0/0.100]

    user@host# set encapsulation multilink-ppp

  3. Configure the following MLPPP options for this example:

    • mrru—Specifies the maximum received reconstructed unit value ranging from 1500 through 4500 bytes.

    • fragment-threshold—Applies to all packets and forwarding classes, ranging from 128 through 16,320 bytes.

    • short-sequence—Determines the header format for the MLPPP. Default is long-sequence.

    [edit interfaces si-5/0/0.100]

    user@host# set mrru 1500

    user@host# set fragment-threshold 640

    user@host# set short-sequence

  4. Enable support for static (si) interface IFL dynamic services by configuring the ppp-options dynamic profile setting.

    [edit interfaces si-5/0/0.100]

    user@host# set ppp-options dynamic-profile l2l3-service-prof

  5. If you are done configuring the device, commit the configuration.

Results

From configuration mode, confirm your configuration by entering the show access, show services, and show interfaces commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Confirm that the configuration is working properly.

Verifying the Inline Services Interface Information

Purpose

Verify that the inline services (si) interface is configured.

Action

Meaning

The (si) interface is enabled with its physical link up and running with Point-to-Point interface flags set. It is shared between LNS subscribers, LNS MLPPP member links, and MX Series MLPPP bundles.

Verifying the Bundle IFL Information

Purpose

Verify that the bundle IFL information is correct for MLPPP over LNS subscribers.

Action

Meaning

Due to the particulars of implementation, the following error counts associated with a bundle always display 0: packet drops (bytes), fragment drops (bytes), fragment timeout, missing sequence number, out-of-order sequence number, out-of-range sequence number, packet data buffer overflow and fragment data buffer overflow, and MRRU exceeded.

Verifying the Member Link IFL Information

Purpose

Verify that the member link IFL information is correct for subscribers.

Action

Meaning

Multilink bundle si-5/1/0.1073756926 has been configured using the family mlppp protocol.

Verifying the Subscriber Information

Purpose

Verify that the subscriber information for static MLPPP over LNS is correct.

Action

Meaning

Subscriber information for interface si-5/1/0.100 has been configured for MLPPP with interface type of static.