Example: Configuring the Broadband Edge as a Service Node Within Seamless MPLS Network Designs
This example details the steps required to configure broadband edge seamless MPLS with head-end termination for residential subscriber management deployment. Step-by-step instructions are provided for each device in the example configuration.
This section includes the following information:
Requirements
Table 1 lists the role of each device in the configuration example topology and includes the hardware used for each device. All MX Series devices in this example were tested with Juniper Networks Junos OS Release 13.3R3, which is considered the minimum software revision required.
Device |
Hardware |
---|---|
R0 (primary BNG) serves as the primary MPLS pseudowire termination head-end provider edge and subscriber management platform for DHCP and PPPoE, and for the L2TP access concentrator (LAC). |
Chassis: MX960 |
Routing Engine (RE) 0 - RE1: RE-S-1800x4 |
|
Flexible PIC Concentrator 0 (FPC0)-FPC7: Modular Port Concentrator (MPC) Type 2 3D EQ |
|
R3 (backup BNG) becomes the primary BNG if the current primary BNG (R0) fails. |
Chassis: MX960 |
RE0-RE1: RE-S-1800x4 |
|
FPC0-FPC7: MPC Type 2 3D EQ |
|
R1 and R2 (access and aggregation routers) serve as Access Node (AN) and Metro pre-aggregation provider edge platforms for the MPLS pseudowire tunnel-based backhaul entry point. |
Chassis: MX80/MX104 |
TFEB 0: Packet Forwarding Engine Processor |
|
FPC 0-FPC 1: MPC BUILTIN |
|
R4 serves as the core router. |
Chassis: T640 |
RE0-RE1: RE-A-2000 |
|
FPC 0: E-FPC Type 3 |
|
FPC 1: E-FPC Type 1 |
|
FPC 2: E-FPC Type 2 |
|
SIB 0-SIB 4: SIB-I8-F16 |
|
R5 (L2TP Network Server [LNS]) serves as the L2TP tunnel and session termination point for broadband wholesale service. |
Chassis: MX480 |
RE0: RE-S-2000 |
|
FR1: RE-S-2000 |
|
FPC 0-FPC 1: MPC Type 2 3D EQ |
|
RADIUS server provides subscriber authentication and accounting. |
FreeRADIUS version 2.1.5 on an Intel/Linux server |
Overview
In this example, a specific traffic model is utilized, characterized as follows:
Pseudowire tunnels are LDP-signaled MPLS L2 circuits from access PE to BNG.
On the BNG core side, forwarding is based on MPLS transport within a single autonomous system using OSPF and OSPFv3 as the interior gateway protocols. Alternatively, ISIS could also be used.
Subscriber traffic is backhauled over MPLS pseudowires to the MX Series BNG configured for pseudowire head-end termination.
Each home has five subscriber sessions total: four subscribers (IP sessions) and one VLAN session.
DHCPv4 for VoIP service with 128,000 committed information rate (CIR) (strict priority)
DHCPv6 prefix delegation (PD) for VOD service with 20 million CIR (medium priority)
PPPoEv4 for Internet service (low priority)
PPPoEv6 Neighbor Discovery Router Advertisement (NDRA) for game service (low priority)
There are four priority queues per home.
GRE tunnels are used for Subscriber Secure Policy traffic forwarding.
The upstream and downstream traffic rates are each 50 Mbps per home.
The dedicated customer VLAN (C-VLAN) model is applied (each home has a unique VLAN). The VLANs are provisioned dynamically based on incoming subscriber traffic.
The following scaling parameters apply to this example configuration:
A total of 50,000 homes are configured; 10 percent of those (5000) have L2TP sessions.
There are 2048 pseudoservice (PS) interfaces (pseudowire tunnel anchor interfaces) on the BNG.
There are 25 homes assigned to each pseudowire tunnel.
There are 256 pseudowires per MPC (128 per Packet Forwarding Engine [PFE]).
There are 256 pseudowires per MPC for eight MPCs in a fully loaded MX960 chassis, equaling 2048 Layer 2 (L2) circuits per chassis (to support the 50,000 homes).
There is one BFD session for each L2 circuit.
One percent of the homes (500 homes) have Subscriber Secure Policy to forward mirrored subscriber traffic to a GRE tunnel.
The seamless MPLS with pseudowire head-end termination use case is valuable for both business and residential subscribers. In this tested example, only residential subscribers are included.
Network resiliency for this configuration example includes:
Graceful Routing Engine switchover (GRES) for Routing Engine failover
ISSU
Path protection (node down, interchassis failover)
Local protection (link down, intrachasses failover)
Flexible PIC Concentrator (FPC) failure
Routing down
L2 circuits down
MPLS fast reroute and Bidirectional Forwarding Detection (BFD) recovery methods are used.
Topology
Figure 1 illustrates the topology of this example configuration, including the MPLS and dual stack scope.
In this example, the access and aggregation provider edge (access PE) systems (R1 and R2) are directly connected and multihomed to the active and backup BNG systems. The purpose of the PE devices in this example is to emulate 1000 active MPLS pseudowires and another group of 1000 backup MPLS pseudowires toward the active and backup BNG systems.
The BNG device acts as the MPLS service node, terminating MPLS pseudowires and performing subscriber management functions. For PPP traffic, the BNG device supports LAC function forwarding to LNS over L2TP tunnels. For DHCP (IPoE) traffic, the BNG device terminates sessions directly.
The core router (R4) aggregates the two BNG systems (R0 and R3). The configuration for the core router in this example is basic, intended only to provide BNG MPLS pseudowire head-end termination, and support broadband subscriber termination.
The RADIUS server performs Point-to-Point (PPP) subscriber authentication, authorization, and accounting (AAA), and triggers the activation of service profile configuration parameters such as filters and class of service (CoS) parameters.
The LNS system (R5) is directly connected to the core routing system. It terminates the L2TP tunnel to provide high-speed interface wholesale service to retailer and ISP customers. The configuration used here is a basic example that demonstrates the BNG system’s ability to relay PPP traffic to the LNS system using the L2TP tunnel.
Configuration
The following sections present configuration
information for the devices included in the example from left to right
in the topology diagram. The sections include CLI quick configuration
(for copy and paste), step-by-step instructions, and show
command output that confirms the configuration.
- Configuring the Access/Aggregation Router, R1
- Configuring the Access/Aggregation Router, R2
- Configuring BNG Router, R0
- Configuring BNG Router, R3
- Configuring the Core Router, R4
- Configuring the LNS Router, R5
- Configuring the User Profile for the RADIUS Server
Configuring the Access/Aggregation Router, R1
CLI Quick Configuration
Figure 2 highlights the access/aggregation routers (R1 and R2) in the context of the reference example topology.
To quickly configure R1 as in this example, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit]
hierarchy
level.
set interfaces lo0 unit 0 family inet address 101.0.0.1/32 primary set interfaces lo0 unit 0 family inet address 101.0.0.1/32 preferred set interfaces lo0 unit 0 family mpls set interfaces ge-1/0/6 description "To R0 - BNG1" set interfaces ge-1/0/6 unit 0 family inet address 21.21.11.2/24 set interfaces ge-1/0/6 unit 0 family mpls set interfaces ge-1/1/6 description "To R0 - BNG1" set interfaces ge-1/1/6 unit 0 family inet address 21.21.10.2/24 set interfaces ge-1/1/6 unit 0 family mpls set interfaces ge-1/1/4 description "To R3 - BNG2" set interfaces ge-1/1/4 unit 0 family inet address 21.21.20.1/24 set interfaces ge-1/1/4 unit 0 family mpls set interfaces ge-1/1/5 description "To R3 - BNG2" set interfaces ge-1/1/5 unit 0 family inet address 21.21.21.1/24 set interfaces ge-1/1/5 unit 0 family mpls set interfaces ge-1/0/2 flexible-vlan-tagging set interfaces ge-1/0/2 encapsulation flexible-ethernet-services set interfaces ge-1/0/2 gigether-options loopback set interfaces ge-1/0/2 unit 1 encapsulation vlan-ccc set interfaces ge-1/0/2 unit 1 vlan-id-range 1-2 set interfaces ge-1/0/2 unit 2 encapsulation vlan-ccc set interfaces ge-1/0/2 unit 2 vlan-id-range 3-4 set interfaces ge-1/0/2 unit 3 encapsulation vlan-ccc set interfaces ge-1/0/2 unit 3 vlan-id-range 5-6 set interfaces ge-1/0/3 flexible-vlan-tagging set interfaces ge-1/0/3 encapsulation flexible-ethernet-services set interfaces ge-1/0/3 gigether-options loopback set interfaces ge-1/0/3 unit 1 encapsulation vlan-ccc set interfaces ge-1/0/3 unit 1 vlan-id-range 1-2 set interfaces ge-1/0/3 unit 2 encapsulation vlan-ccc set interfaces ge-1/0/3 unit 2 vlan-id-range 3-4 set interfaces ge-1/0/3 unit 3 encapsulation vlan-ccc set interfaces ge-1/0/3 unit 3 vlan-id-range 5-6 set interfaces ge-1/0/4 flexible-vlan-tagging set interfaces ge-1/0/4 encapsulation flexible-ethernet-services set interfaces ge-1/0/4 gigether-options loopback set interfaces ge-1/0/4 unit 1 encapsulation vlan-ccc set interfaces ge-1/0/4 unit 1 vlan-id-range 1-2 set interfaces ge-1/0/4 unit 2 encapsulation vlan-ccc set interfaces ge-1/0/4 unit 2 vlan-id-range 3-4 set interfaces ge-1/0/4 unit 3 encapsulation vlan-ccc set interfaces ge-1/0/4 unit 3 vlan-id-range 5-6 set interfaces ge-1/1/2 flexible-vlan-tagging set interfaces ge-1/1/2 encapsulation flexible-ethernet-services set interfaces ge-1/1/2 gigether-options loopback set interfaces ge-1/1/2 unit 1 encapsulation vlan-ccc set interfaces ge-1/1/2 unit 1 vlan-id-range 1-2 set interfaces ge-1/1/2 unit 2 encapsulation vlan-ccc set interfaces ge-1/1/2 unit 2 vlan-id-range 3-4 set interfaces ge-1/1/2 unit 3 encapsulation vlan-ccc set interfaces ge-1/1/2 unit 3 vlan-id-range 5-6 set interfaces ge-1/1/3 flexible-vlan-tagging set interfaces ge-1/1/3 encapsulation flexible-ethernet-services set interfaces ge-1/1/3 gigether-options loopback set interfaces ge-1/1/3 unit 1 encapsulation vlan-ccc set interfaces ge-1/1/3 unit 1 vlan-id-range 1-2 set interfaces ge-1/1/3 unit 2 encapsulation vlan-ccc set interfaces ge-1/1/3 unit 2 vlan-id-range 3-4 set interfaces ge-1/1/3 unit 3 encapsulation vlan-ccc set interfaces ge-1/1/3 unit 3 vlan-id-range 5-6 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 virtual-circuit-id 1 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 encapsulation-type ethernet set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 ignore-mtu-mismatch set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 backup-neighbor 103.0.0.1 virtual-circuit-id 1 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection minimum-interval 1000 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection multiplier 4 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection detection-time threshold 5000 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 virtual-circuit-id 2 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 encapsulation-type ethernet set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 ignore-mtu-mismatch set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 backup-neighbor 103.0.0.1 virtual-circuit-id 2 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection minimum-interval 1000 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection multiplier 4 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection detection-time threshold 5000 set routing-options router-id 101.0.0.1 set protocols mpls interface lo0.0 set protocols mpls interface ge-1/0/6.0 set protocols mpls interface ge-1/1/6.0 set protocols mpls interface ge-1/1/4.0 set protocols mpls interface ge-1/1/5.0 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface ge-1/0/6.0 set protocols ospf area 0.0.0.0 interface ge-1/1/6.0 set protocols ospf area 0.0.0.0 interface ge-1/1/4.0 set protocols ospf area 0.0.0.0 interface ge-1/1/5.0 set protocols ldp interface lo0.0 set protocols ldp interface ge-1/0/6.0 set protocols ldp interface ge-1/1/4.0 set protocols ldp interface ge-1/1/5.0 set protocols ldp interface ge-1/1/6.0
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure R1:
Configure the interfaces.
The loopback and BNG-facing interfaces have inet (IPv4) family addresses to enable OSPF and LDP.
Configure the loopback interface.
The PE system’s primary address is configured under a loopback interface.
[edit interfaces] user@host-R1# set lo0 unit 0 family inet address 101.0.0.1/32 primary user@host-R1# set lo0 unit 0 family inet address 101.0.0.1/32 preferred user@host-R1# set lo0 unit 0 family mpls
Configure the BNG-facing interfaces for both the primary and backup BNG devices.
Two ports are connected to the primary BNG (BNG1), and two are connected to the backup BNG (BNG2). The configuration includes IPv4 (inet) and MPLS family addresses to support IP/MPLS network connectivity.
[edit interfaces] user@host-R1# set ge-1/0/6 description "To R0 - BNG1" user@host-R1# set ge-1/0/6 unit 0 family inet address 21.21.11.2/24 user@host-R1# set ge-1/0/6 unit 0 family mpls user@host-R1# set ge-1/1/6 description "To R0 - BNG1" user@host-R1# set ge-1/1/6 unit 0 family inet address 21.21.10.2/24 user@host-R1# set ge-1/1/6 unit 0 family mpls user@host-R1# set ge-1/1/4 description "To R3 - BNG2" user@host-R1# set ge-1/1/4 unit 0 family inet address 21.21.20.1/24 user@host-R1# set ge-1/1/4 unit 0 family mpls user@host-R1# set ge-1/1/5 description "To R3 - BNG2" user@host-R1# set ge-1/1/5 unit 0 family inet address 21.21.21.1/24 user@host-R1# set ge-1/1/5 unit 0 family mpls
Configure the access ports for MPLS pseudowire circuits.
In this example, one PE device has five access ports emulating access node connections, which are used for MPLS pseudowire circuit interfaces. To configure multiple VLAN values, the
vlan-id-range
command is used. Each VLAN interface is associated with an MPLS pseudowire on a one-to-one mapping basis.[edit interfaces] user@host-R1# set ge-1/0/2 flexible-vlan-tagging user@host-R1# set ge-1/0/2 encapsulation flexible-ethernet-services user@host-R1# set ge-1/0/2 gigether-options loopback user@host-R1# set ge-1/0/2 unit 1 encapsulation vlan-ccc user@host-R1# set ge-1/0/2 unit 1 vlan-id-range 1-2 user@host-R1# set ge-1/0/2 unit 2 encapsulation vlan-ccc user@host-R1# set ge-1/0/2 unit 2 vlan-id-range 3-4 user@host-R1# set ge-1/0/2 unit 3 encapsulation vlan-ccc user@host-R1# set ge-1/0/2 unit 3 vlan-id-range 5-6 user@host-R1# set ge-1/0/3 flexible-vlan-tagging user@host-R1# set ge-1/0/3 encapsulation flexible-ethernet-services user@host-R1# set ge-1/0/3 gigether-options loopback user@host-R1# set ge-1/0/3 unit 1 encapsulation vlan-ccc user@host-R1# set ge-1/0/3 unit 1 vlan-id-range 1-2 user@host-R1# set ge-1/0/3 unit 2 encapsulation vlan-ccc user@host-R1# set ge-1/0/3 unit 2 vlan-id-range 3-4 user@host-R1# set ge-1/0/3 unit 3 encapsulation vlan-ccc user@host-R1# set ge-1/0/3 unit 3 vlan-id-range 5-6 user@host-R1# set ge-1/0/4 flexible-vlan-tagging user@host-R1# set ge-1/0/4 encapsulation flexible-ethernet-services user@host-R1# set ge-1/0/4 gigether-options loopback user@host-R1# set ge-1/0/4 unit 1 encapsulation vlan-ccc user@host-R1# set ge-1/0/4 unit 1 vlan-id-range 1-2 user@host-R1# set ge-1/0/4 unit 2 encapsulation vlan-ccc user@host-R1# set ge-1/0/4 unit 2 vlan-id-range 3-4 user@host-R1# set ge-1/0/4 unit 3 encapsulation vlan-ccc user@host-R1# set ge-1/0/4 unit 3 vlan-id-range 5-6 user@host-R1# set ge-1/1/2 flexible-vlan-tagging user@host-R1# set ge-1/1/2 encapsulation flexible-ethernet-services user@host-R1# set ge-1/1/2 gigether-options loopback user@host-R1# set ge-1/1/2 unit 1 encapsulation vlan-ccc user@host-R1# set ge-1/1/2 unit 1 vlan-id-range 1-2 user@host-R1# set ge-1/1/2 unit 2 encapsulation vlan-ccc user@host-R1# set ge-1/1/2 unit 2 vlan-id-range 3-4 user@host-R1# set ge-1/1/2 unit 3 encapsulation vlan-ccc user@host-R1# set ge-1/1/2 unit 3 vlan-id-range 5-6 user@host-R1# set ge-1/1/3 flexible-vlan-tagging user@host-R1# set ge-1/1/3 encapsulation flexible-ethernet-services user@host-R1# set ge-1/1/3 gigether-options loopback user@host-R1# set ge-1/1/3 unit 1 encapsulation vlan-ccc user@host-R1# set ge-1/1/3 unit 1 vlan-id-range 1-2 user@host-R1# set ge-1/1/3 unit 2 encapsulation vlan-ccc user@host-R1# set ge-1/1/3 unit 2 vlan-id-range 3-4 user@host-R1# set ge-1/1/3 unit 3 encapsulation vlan-ccc user@host-R1# set ge-1/1/3 unit 3 vlan-id-range 5-6
Configure the MPLS pseudowire L2 circuit connections, including:
Ethernet encapsulation type and the ignore MTU mismatch option. These are required because the MPLS pseudowire service (PS) interface supports MPLS pseudowire type 5 mode (Ethernet encapsulation) at the BNG head-end.
The backup MPLS pseudowire, which is the backup neighbor and virtual circuit ID for failover to the backup BNG system in the event of MPLS pseudowire failure detection.
BFD for MPLS pseudowire reachability. MPLS pseudowire data plane failure detection uses the BFD protocol.
The configuration for two ports is shown here. Repeat this step for all access-facing ports.
[edit protocols] user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 virtual-circuit-id 1 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 encapsulation-type ethernet user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 ignore-mtu-mismatch user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 backup-neighbor 103.0.0.1 virtual-circuit-id 1 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection minimum-interval 1000 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection multiplier 4 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection detection-time threshold 5000 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 virtual-circuit-id 2 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 encapsulation-type ethernet user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 ignore-mtu-mismatch user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 backup-neighbor 103.0.0.1 virtual-circuit-id 2 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection minimum-interval 1000 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection multiplier 4 user@host-R1# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection detection-time threshold 5000
Configure the routing protocols.
OSPF is enabled for IPv4 routing; LDP is enabled for MPLS label exchange.
Configure the router ID.
[edit] user@host-R1# set routing-options router-id 101.0.0.1
Enable MPLS.
Configure MPLS for all interfaces connected to the BNG-facing ports.
[edit protocols] user@host-R1# set mpls interface lo0.0 user@host-R1# set mpls interface ge-1/0/6.0 user@host-R1# set mpls interface ge-1/1/6.0 user@host-R1# set mpls interface ge-1/1/4.0 user@host-R1# set mpls interface ge-1/1/5.0
Configure OSPF to support IPv4 routing.
To simplify OSPF area configuration, you can often use the
interface all
option. In this example, however, the use of specific interface names ensures that only the relevant interfaces are included in OSPF.[edit protocols] user@host-R1# set ospf area 0.0.0.0 interface lo0.0 user@host-R1# set ospf area 0.0.0.0 interface ge-1/0/6.0 user@host-R1# set ospf area 0.0.0.0 interface ge-1/1/6.0 user@host-R1# set ospf area 0.0.0.0 interface ge-1/1/4.0 user@host-R1# set ospf area 0.0.0.0 interface ge-1/1/5.0
Enable LDP for MPLS label exchange.
To support targeted LDP, configure LDP for the BNG-facing ports and loopback interface.
[edit protocols] user@host-R1# set ldp interface lo0.0 user@host-R1# set ldp interface ge-1/0/6.0 user@host-R1# set ldp interface ge-1/1/4.0 user@host-R1# set ldp interface ge-1/1/5.0 user@host-R1# set ldp interface ge-1/1/6.0
Results
From configuration mode, confirm your configuration
by entering the following show
commands:
Confirm the loopback interface configuration.
user@host-R1# show interfaces lo0 unit 0 { family inet { address 101.0.0.1/32 { primary; preferred; } } family mpls; }
Confirm the BNG-facing interface configuration.
user@host-R1# show interfaces ge-1/0/6 description "To R0 - BNG1"; vlan-tagging; unit 0 { vlan-id 1; family inet { address 21.21.11.2/24; } family mpls; }
user@host-R1# show interfaces ge-1/1/6 description "To R0 - BNG1"; vlan-tagging; unit 0 { vlan-id 1; family inet { address 21.21.10.2/24; } family mpls; }
user@host-R1# show interfaces ge-1/1/4 description "To R3 - BNG2"; vlan-tagging; unit 0 { vlan-id 1; family inet { address 21.21.20.1/24; } family mpls; }
user@host-R1# show interfaces ge-1/1/5 description "To R3 - BNG2"; vlan-tagging; unit 0 { vlan-id 1; family inet { address 21.21.21.1/24; } family mpls; }
Confirm the access port configuration for the MPLS pseudowire circuits.
user@host-R1# show interfaces ge-1/0/2 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R1# show interfaces ge-1/0/3 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R1# show interfaces ge-1/0/4 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R1# show interfaces ge-1/1/2 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R1# show interfaces ge-1/1/3 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
Confirm the backup MPLS pseudowire configuration.
user@host-R1# show protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 virtual-circuit-id 1; encapsulation-type ethernet; ignore-mtu-mismatch; backup-neighbor 103.0.0.1 { virtual-circuit-id 1; } oam { bfd-liveness-detection { minimum-interval 1000; multiplier 4; detection-time { threshold 5000; } } }
user@host-R1# show protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 virtual-circuit-id 2; encapsulation-type ethernet; ignore-mtu-mismatch; backup-neighbor 103.0.0.1 { virtual-circuit-id 2; } oam { bfd-liveness-detection { minimum-interval 1000; multiplier 4; detection-time { threshold 5000; } } }
Confirm that MPLS is enabled on the interfaces.
user@host-R1# show protocols mpls interface lo0.0; interface ge-1/0/6.0; interface ge-1/1/6.0; interface ge-1/1/4.0; interface ge-1/1/5.0;
Confirm the OSPF configuration.
user@host-R1# show protocols ospf area 0.0.0.0 { interface lo0.0; interface ge-1/0/6.0; interface ge-1/1/6.0; interface ge-1/1/4.0; interface ge-1/1/5.0; }
Confirm the LDP configuration.
user@host-R1# show protocols ldp interface lo0.0; interface ge-1/0/6.0; interface ge-1/1/4.0; interface ge-1/1/5.0; interface ge-1/1/6.0;
Configuring the Access/Aggregation Router, R2
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit]
hierarchy level.
set interfaces lo0 unit 0 family inet address 102.0.0.1/32 primary set interfaces lo0 unit 0 family inet address 102.0.0.1/32 preferred set interfaces lo0 unit 0 family mpls set interfaces ge-1/0/6 description "To R0 - BNG1" set interfaces ge-1/0/6 unit 0 family inet address 21.21.13.2/24 set interfaces ge-1/0/6 unit 0 family mpls set interfaces ge-1/1/6 description "To R0 - BNG1" set interfaces ge-1/1/6 unit 0 family inet address 21.21.12.2/24 set interfaces ge-1/1/6 unit 0 family mpls set interfaces ge-1/1/4 description "To R3 - BNG2" set interfaces ge-1/1/4 unit 0 family inet address 21.21.30.1/24 set interfaces ge-1/1/4 unit 0 family mpls set interfaces ge-1/1/5 description "To R3 - BNG2" set interfaces ge-1/1/5 unit 0 family inet address 21.21.31.1/24 set interfaces ge-1/1/5 unit 0 family mpls set interfaces ge-1/0/2 flexible-vlan-tagging set interfaces ge-1/0/2 encapsulation flexible-ethernet-services set interfaces ge-1/0/2 gigether-options loopback set interfaces ge-1/0/2 unit 1 encapsulation vlan-ccc set interfaces ge-1/0/2 unit 1 vlan-id-range 1-2 set interfaces ge-1/0/2 unit 2 encapsulation vlan-ccc set interfaces ge-1/0/2 unit 2 vlan-id-range 3-4 set interfaces ge-1/0/2 unit 3 encapsulation vlan-ccc set interfaces ge-1/0/2 unit 3 vlan-id-range 5-6 set interfaces ge-1/0/3 flexible-vlan-tagging set interfaces ge-1/0/3 encapsulation flexible-ethernet-services set interfaces ge-1/0/3 gigether-options loopback set interfaces ge-1/0/3 unit 1 encapsulation vlan-ccc set interfaces ge-1/0/3 unit 1 vlan-id-range 1-2 set interfaces ge-1/0/3 unit 2 encapsulation vlan-ccc set interfaces ge-1/0/3 unit 2 vlan-id-range 3-4 set interfaces ge-1/0/3 unit 3 encapsulation vlan-ccc set interfaces ge-1/0/3 unit 3 vlan-id-range 5-6 set interfaces ge-1/0/4 flexible-vlan-tagging set interfaces ge-1/0/4 encapsulation flexible-ethernet-services set interfaces ge-1/0/4 gigether-options loopback set interfaces ge-1/0/4 unit 1 encapsulation vlan-ccc set interfaces ge-1/0/4 unit 1 vlan-id-range 1-2 set interfaces ge-1/0/4 unit 2 encapsulation vlan-ccc set interfaces ge-1/0/4 unit 2 vlan-id-range 3-4 set interfaces ge-1/0/4 unit 3 encapsulation vlan-ccc set interfaces ge-1/0/4 unit 3 vlan-id-range 5-6 set interfaces ge-1/1/2 flexible-vlan-tagging set interfaces ge-1/1/2 encapsulation flexible-ethernet-services set interfaces ge-1/1/2 gigether-options loopback set interfaces ge-1/1/2 unit 1 encapsulation vlan-ccc set interfaces ge-1/1/2 unit 1 vlan-id-range 1-2 set interfaces ge-1/1/2 unit 2 encapsulation vlan-ccc set interfaces ge-1/1/2 unit 2 vlan-id-range 3-4 set interfaces ge-1/1/2 unit 3 encapsulation vlan-ccc set interfaces ge-1/1/2 unit 3 vlan-id-range 5-6 set interfaces ge-1/1/3 flexible-vlan-tagging set interfaces ge-1/1/3 encapsulation flexible-ethernet-services set interfaces ge-1/1/3 gigether-options loopback set interfaces ge-1/1/3 unit 1 encapsulation vlan-ccc set interfaces ge-1/1/3 unit 1 vlan-id-range 1-2 set interfaces ge-1/1/3 unit 2 encapsulation vlan-ccc set interfaces ge-1/1/3 unit 2 vlan-id-range 3-4 set interfaces ge-1/1/3 unit 3 encapsulation vlan-ccc set interfaces ge-1/1/3 unit 3 vlan-id-range 5-6 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 virtual-circuit-id 1001 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 encapsulation-type ethernet set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 ignore-mtu-mismatch set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 backup-neighbor 103.0.0.1 virtual-circuit-id 1001 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection minimum-interval 1000 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection multiplier 4 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection detection-time threshold 5000 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 virtual-circuit-id 1002 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 encapsulation-type ethernet set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 ignore-mtu-mismatch set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 backup-neighbor 103.0.0.1 virtual-circuit-id 1002 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection minimum-interval 1000 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection multiplier 4 set protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection detection-time threshold 5000 set routing-options router-id 102.0.0.1 set protocols mpls interface ge-1/0/6.0 set protocols mpls interface ge-1/1/6.0 set protocols mpls interface ge-1/1/4.0 set protocols mpls interface ge-1/1/5.0 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface ge-1/0/6.0 set protocols ospf area 0.0.0.0 interface ge-1/1/6.0 set protocols ospf area 0.0.0.0 interface ge-1/1/4.0 set protocols ospf area 0.0.0.0 interface ge-1/1/5.0 set protocols ldp interface lo0.0 set protocols ldp interface ge-1/0/6.0 set protocols ldp interface ge-1/1/4.0 set protocols ldp interface ge-1/1/5.0 set protocols ldp interface ge-1/1/6.0
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide for Junos OS.
To configure R2:
Configure the interfaces.
The loopback and BNG-facing interfaces have inet (IPv4) family addresses to enable OSPF and LDP.
Configure the loopback interface.
The PE system’s primary address is configured under a loopback interface.
[edit interfaces] user@host-R2# set lo0 unit 0 family inet address 102.0.0.1/32 primary user@host-R2# set lo0 unit 0 family inet address 102.0.0.1/32 preferred user@host-R2# set lo0 unit 0 family mpls
Configure the BNG-facing interfaces for both the primary and backup BNG devices.
Two ports are connected to the primary BNG (BNG1), and two are connected to the backup BNG (BNG2). The configuration includes IPv4 (inet) and MPLS family addresses to support IP/MPLS network connectivity.
[edit interfaces] user@host-R2# set ge-1/0/6 description "To R0 - BNG1" user@host-R2# set ge-1/0/6 unit 0 family inet address 21.21.13.2/24 user@host-R2# set ge-1/0/6 unit 0 family mpls user@host-R2# set ge-1/1/6 description "To R0 - BNG1" user@host-R2# set ge-1/1/6 unit 0 family inet address 21.21.12.2/24 user@host-R2# set ge-1/1/6 unit 0 family mpls user@host-R2# set ge-1/1/4 description "To R3 - BNG2" user@host-R2# set ge-1/1/4 unit 0 family inet address 21.21.30.1/24 user@host-R2# set ge-1/1/4 unit 0 family mpls user@host-R2# set ge-1/1/5 description "To R3 - BNG2" user@host-R2# set ge-1/1/5 unit 0 family inet address 21.21.31.1/24 user@host-R2# set ge-1/1/5 unit 0 family mpls
Configure the access ports for MPLS pseudowire circuits.
In this example, one PE device has five access ports emulating access node connections, which are used for MPLS pseudowire circuit interfaces. To configure multiple VLAN values, the
vlan-id-range
command is used. Each VLAN interface is associated with an MPLS pseudowire on a one-to-one mapping basis.[edit interfaces] user@host-R2# set ge-1/0/2 flexible-vlan-tagging user@host-R2# set ge-1/0/2 encapsulation flexible-ethernet-services user@host-R2# set ge-1/0/2 gigether-options loopback user@host-R2# set ge-1/0/2 unit 1 encapsulation vlan-ccc user@host-R2# set ge-1/0/2 unit 1 vlan-id-range 1-2 user@host-R2# set ge-1/0/2 unit 2 encapsulation vlan-ccc user@host-R2# set ge-1/0/2 unit 2 vlan-id-range 3-4 user@host-R2# set ge-1/0/2 unit 3 encapsulation vlan-ccc user@host-R2# set ge-1/0/2 unit 3 vlan-id-range 5-6 user@host-R2# set ge-1/0/3 flexible-vlan-tagging user@host-R2# set ge-1/0/3 encapsulation flexible-ethernet-services user@host-R2# set ge-1/0/3 gigether-options loopback user@host-R2# set ge-1/0/3 unit 1 encapsulation vlan-ccc user@host-R2# set ge-1/0/3 unit 1 vlan-id-range 1-2 user@host-R2# set ge-1/0/3 unit 2 encapsulation vlan-ccc user@host-R2# set ge-1/0/3 unit 2 vlan-id-range 3-4 user@host-R2# set ge-1/0/3 unit 3 encapsulation vlan-ccc user@host-R2# set ge-1/0/3 unit 3 vlan-id-range 5-6 user@host-R2# set ge-1/0/4 flexible-vlan-tagging user@host-R2# set ge-1/0/4 encapsulation flexible-ethernet-services user@host-R2# set ge-1/0/4 gigether-options loopback user@host-R2# set ge-1/0/4 unit 1 encapsulation vlan-ccc user@host-R2# set ge-1/0/4 unit 1 vlan-id-range 1-2 user@host-R2# set ge-1/0/4 unit 2 encapsulation vlan-ccc user@host-R2# set ge-1/0/4 unit 2 vlan-id-range 3-4 user@host-R2# set ge-1/0/4 unit 3 encapsulation vlan-ccc user@host-R2# set ge-1/0/4 unit 3 vlan-id-range 5-6 user@host-R2# set ge-1/1/2 flexible-vlan-tagging user@host-R2# set ge-1/1/2 encapsulation flexible-ethernet-services user@host-R2# set ge-1/1/2 gigether-options loopback user@host-R2# set ge-1/1/2 unit 1 encapsulation vlan-ccc user@host-R2# set ge-1/1/2 unit 1 vlan-id-range 1-2 user@host-R2# set ge-1/1/2 unit 2 encapsulation vlan-ccc user@host-R2# set ge-1/1/2 unit 2 vlan-id-range 3-4 user@host-R2# set ge-1/1/2 unit 3 encapsulation vlan-ccc user@host-R2# set ge-1/1/2 unit 3 vlan-id-range 5-6 user@host-R2# set ge-1/1/3 flexible-vlan-tagging user@host-R2# set ge-1/1/3 encapsulation flexible-ethernet-services user@host-R2# set ge-1/1/3 gigether-options loopback user@host-R2# set ge-1/1/3 unit 1 encapsulation vlan-ccc user@host-R2# set ge-1/1/3 unit 1 vlan-id-range 1-2 user@host-R2# set ge-1/1/3 unit 2 encapsulation vlan-ccc user@host-R2# set ge-1/1/3 unit 2 vlan-id-range 3-4 user@host-R2# set ge-1/1/3 unit 3 encapsulation vlan-ccc user@host-R2# set ge-1/1/3 unit 3 vlan-id-range 5-6
Configure the MPLS pseudowire L2 circuit connections, including:
Ethernet encapsulation type and the ignore MTU mismatch option. These are required because the MPLS pseudowire service (PS) interface supports MPLS pseudowire type 5 mode (Ethernet encapsulation) at the BNG head-end.
The backup MPLS pseudowire, which is the backup neighbor and virtual circuit ID for failover to the backup BNG system in the event of MPLS pseudowire failure detection.
BFD for MPLS pseudowire reachability. MPLS pseudowire data plane failure detection uses the BFD protocol.
The configuration for two ports is shown here. Repeat this step for all access-facing ports.
[edit protocols] user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 virtual-circuit-id 1001 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 encapsulation-type ethernet user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 ignore-mtu-mismatch user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 backup-neighbor 103.0.0.1 virtual-circuit-id 1001 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection minimum-interval 1000 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection multiplier 4 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 oam bfd-liveness-detection detection-time threshold 5000 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 virtual-circuit-id 1002 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 encapsulation-type ethernet user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 ignore-mtu-mismatch user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 backup-neighbor 103.0.0.1 virtual-circuit-id 1002 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection minimum-interval 1000 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection multiplier 4 user@host-R2# set l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 oam bfd-liveness-detection detection-time threshold 5000
Configure the routing protocols.
OSPF is enabled for IPv4 routing; LDP is enabled for MPLS label exchange.
Configure the router ID.
[edit] user@host-R2# set routing-options router-id 102.0.0.1
Enable MPLS.
Configure MPLS for all interfaces connected to the BNG-facing ports.
[edit protocols] user@host-R2# set mpls interface ge-1/0/6.0 user@host-R2# set mpls interface ge-1/1/6.0 user@host-R2# set mpls interface ge-1/1/4.0 user@host-R2# set mpls interface ge-1/1/5.0
Configure OSPF to support IPv4 routing.
To simplify OSPF area configuration, you can often use the
interface all
option. In this example, however, the use of specific interface names ensures that only the relevant interfaces are included in OSPF.[edit protocols] user@host-R2# set ospf area 0.0.0.0 interface lo0.0 user@host-R2# set ospf area 0.0.0.0 interface ge-1/0/6.0 user@host-R2# set ospf area 0.0.0.0 interface ge-1/1/6.0 user@host-R2# set ospf area 0.0.0.0 interface ge-1/1/4.0 user@host-R2# set ospf area 0.0.0.0 interface ge-1/1/5.0
Enable LDP for MPLS label exchange.
To support targeted LDP, configure LDP for the BNG-facing ports and loopback interface.
[edit protocols] user@host-R2# set ldp interface lo0.0 user@host-R2# set ldp interface ge-1/0/6.0 user@host-R2# set ldp interface ge-1/1/4.0 user@host-R2# set ldp interface ge-1/1/5.0 user@host-R2# set ldp interface ge-1/1/6.0
Results
From configuration mode, confirm your configuration
by entering the following show
commands:
Confirm the loopback interface configuration.
user@host-R2# show interfaces lo0 unit 0 { family inet { address 102.0.0.1/32 { primary; preferred; } } family mpls; }
Confirm the BNG-facing interface configuration.
user@host-R2# show interfaces ge-1/0/6 description "To R0 - BNG1"; unit 0 { family inet { address 21.21.13.2/24 { } family mpls; }
user@host-R2# show interfaces ge-1/1/6 description "To R0 - BNG1"; unit 0 { family inet { address 21.21.12.2/24; } family mpls; }
user@host-R2# show interfaces ge-1/1/4 description "To R3 - BNG2"; unit 0 { family inet { address 21.21.230.1/24; } family mpls; }
user@host-R2# show interfaces ge-1/1/5 description "To R3 - BNG2"; unit 0 { family inet { address 21.21.31.1/24; } family mpls; }
Confirm the access port configuration for the MPLS pseudowire circuits.
user@host-R2# show interfaces ge-1/0/2 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R2# show interfaces ge-1/0/3 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R2# show interfaces ge-1/0/4 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R2# show interfaces ge-1/1/2 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
user@host-R2# show interfaces ge-1/1/3 flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { loopback; } unit 1 { encapsulation vlan-ccc; vlan-id-range 1-2; } unit 2 { encapsulation vlan-ccc; vlan-id-range 3-4; } unit 3 { encapsulation vlan-ccc; vlan-id-range 5-6; }
Confirm the MPLS pseudowire L2 circuit connections configuration.
user@host-R2# show protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.1 virtual-circuit-id 1001; encapsulation-type ethernet; ignore-mtu-mismatch; backup-neighbor 103.0.0.1 { virtual-circuit-id 1001; } oam { bfd-liveness-detection { minimum-interval 1000; multiplier 4; detection-time { threshold 5000; } } }
user@host-R2# show protocols l2circuit neighbor 100.0.0.1 interface ge-1/0/2.2 virtual-circuit-id 1002; encapsulation-type ethernet; ignore-mtu-mismatch; backup-neighbor 103.0.0.1 { virtual-circuit-id 1002; } oam { bfd-liveness-detection { minimum-interval 1000; multiplier 4; detection-time { threshold 5000; } } }
Confirm the MPLS configuration.
user@host-R2# show protocols mpls interface ge-1/0/6.0; interface ge-1/1/6.0; interface ge-1/1/4.0; interface ge-1/1/5.0;
Confirm the OSPF configuration.
user@host-R2# show protocols ospf area 0.0.0.0 { interface lo0.0; interface ge-1/0/6.0; interface ge-1/1/6.0; interface ge-1/1/4.0; interface ge-1/1/5.0; }
Confirm the LDP configuration.
user@host-R2# show protocols ldp interface lo0.0; interface ge-1/0/6.0; interface ge-1/1/4.0; interface ge-1/1/5.0; interface ge-1/1/6.0;
Configuring BNG Router, R0
CLI Quick Configuration
Figure 3 highlights the BNG routers (R0 and R3) in the context of the reference example topology.
To quickly configure this example, copy the following commands,
paste them into a text file, remove any line breaks, change any details
necessary to match your network configuration, and then copy and paste
the commands into the CLI at the [edit]
hierarchy level.
set system dynamic-profile-options versioning set dynamic-profiles client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet unnumbered-address lo0.0 set dynamic-profiles client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 unnumbered-address lo0.0 set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" no-traps set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" keepalives interval 30 set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0 set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0 set class-of-service forwarding-classes queue 0 FC0 set class-of-service forwarding-classes queue 1 FC1 set class-of-service forwarding-classes queue 2 FC2 set class-of-service forwarding-classes queue 3 FC3 set class-of-service forwarding-classes queue 4 FC4 set class-of-service forwarding-classes queue 5 FC5 set class-of-service forwarding-classes queue 6 FC6 set class-of-service forwarding-classes queue 7 FC7 set dynamic-profiles vlan-prof-0 predefined-variable-defaults cos-scheduler-map SMAP_PS set dynamic-profiles vlan-prof-0 predefined-variable-defaults cos-shaping-rate 60m set dynamic-profiles vlan-prof-0 predefined-variable-defaults cos-guaranteed-rate 50m set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-traps set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id" set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id" set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet rpf-check fail-filter RPF-PASS-DHCP-V4 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address lo0.0 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 rpf-check fail-filter RPF-PASS-DHCP-V6 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-client-profile set dynamic-profiles vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” max-advertisement-interval 1800 set dynamic-profiles vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” min-advertisement-interval 1350 set dynamic-profiles vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” managed-configuration set dynamic-profiles vlan-prof-0 class-of-service traffic-control-profiles TCP_PS scheduler-map "$junos-cos-scheduler-map" set dynamic-profiles vlan-prof-0 class-of-service traffic-control-profiles TCP_PS shaping-rate "$junos-cos-shaping-rate" set dynamic-profiles vlan-prof-0 class-of-service traffic-control-profiles TCP_PS guaranteed-rate "$junos-cos-guaranteed-rate" set dynamic-profiles vlan-prof-0 class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile TCP_PS set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC3 scheduler FC3_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC4 scheduler FC4_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC5 scheduler FC5_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC6 scheduler FC6_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC7 scheduler FC7_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC1 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC3 scheduler FC3_SCH set dynamic-profiles vlan-prof-0 class-of-service schedulers FC0_SCH transmit-rate 128k set dynamic-profiles vlan-prof-0 class-of-service schedulers FC0_SCH priority strict-high set dynamic-profiles vlan-prof-0 class-of-service schedulers FC1_SCH transmit-rate 20m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC1_SCH priority medium-high set dynamic-profiles vlan-prof-0 class-of-service schedulers FC2_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC3_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH drop-profile-map loss-priority low protocol any drop-profile DP_04 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH drop-profile-map loss-priority low protocol any drop-profile DP_05 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH drop-profile-map loss-priority low protocol any drop-profile DP_06 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH drop-profile-map loss-priority low protocol any drop-profile DP_07 set dynamic-profiles DHCP-SERVICE-PROFILE variables I_V4_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE variables O_V4_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE variables I_V6_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE variables O_V6_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter input "$I_V4_FILTER" set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter output "$O_V4_FILTER" set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter input "$I_V6_FILTER" set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter output "$O_V6_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE variables I_V4_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE variables O_V4_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE variables I_V6_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE variables O_V6_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter input "$I_V4_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter output "$O_V4_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter input "$I_V6_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter output "$O_V6_FILTER" set system services dhcp-local-server dhcpv6 group v6-ppp-client-0 interface pp0.0 set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication password <password> set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V4_DEFAULT set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 dynamic-profile client-profile set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps0.0 set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps1.0 set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication password <password> set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V6_DEFAULT set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 dynamic-profile client-profile set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 interface ps0.0 set system services dhcp-local-server dhcpv6 group v6-dhcp-client-1-ACCESS-0-ps1 interface ps1.0 set system redundancy graceful-switchover set chassis pseudowire-service device-count 2048 set system services subscriber-management gres-route-flush-delay set system services resource-monitor high-threshold 80 set system commit synchronize set chassis fpc 0 pic 0 tunnel-services bandwidth 1g set chassis fpc 0 pic 0 traffic-manager egress-shaping-overhead 0 set chassis fpc 0 pic 1 tunnel-services bandwidth 1g set chassis fpc 0 pic 1 traffic-manager egress-shaping-overhead 0 set chassis fpc 0 pic 2 tunnel-services bandwidth 1g set chassis fpc 0 pic 2 traffic-manager egress-shaping-overhead 0 set chassis fpc 0 pic 3 tunnel-services bandwidth 1g set chassis fpc 0 pic 3 traffic-manager egress-shaping-overhead 0 set access-profile Access-Profile-0 set interfaces lo0 unit 0 family inet address 100.0.0.1/32 primary set interfaces lo0 unit 0 family inet address 100.0.0.1/32 preferred set interfaces lo0 unit 0 family inet6 address 1000:0::1/128 primary set interfaces lo0 unit 0 family inet6 address 1000:0::1/128 preferred set interfaces lo0 unit 0 family mpls set interfaces ge-4/0/0 description "To R4 - Core" set interfaces ge-4/0/0 unit 0 family inet address 21.21.14.1/24 set interfaces ge-4/0/0 unit 0 family inet6 set interfaces ge-4/0/0 unit 0 family mpls set interfaces ge-5/0/0 description "To R4 - Core" set interfaces ge-5/0/0 unit 0 family inet address 21.21.15.1/24 set interfaces ge-5/0/0 unit 0 family inet6 set interfaces ge-5/0/0 unit 0 family mpls set interfaces ge-0/0/0 description "To R1 - APE1" set interfaces ge-0/0/0 unit 0 family inet address 21.21.11.1/24 set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-1/0/0 description "To R1 - APE1" set interfaces ge-1/0/0 unit 0 family inet address 21.21.10.1/24 set interfaces ge-1/0/0 unit 0 family mpls set interfaces ge-2/0/0 description "To R2 - APE2" set interfaces ge-2/0/0 unit 0 family inet address 21.21.13.1/24 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-3/0/0 description "To R2 - APE2" set interfaces ge-3/0/0 unit 0 family inet address 21.21.12.1/24 set interfaces ge-3/0/0 unit 0 family mpls set interfaces lt-0/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-0/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-0/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-0/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces ps0 anchor-point lt-0/0/10 set interfaces ps0 flexible-vlan-tagging set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet6 set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept pppoe set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 ranges 1-256,1-4094 set interfaces ps0 auto-configure stacked-vlan-ranges authentication password <password> set interfaces ps0 auto-configure stacked-vlan-ranges authentication username-include user-prefix SST_USER_VLAN_DEFAULT set interfaces ps0 auto-configure remove-when-no-subscribers set interfaces ps0 no-gratuitous-arp-request set interfaces ps0 unit 0 encapsulation ethernet-ccc set routing-options ppm redistribution-timer 1 set routing-options nonstop-routing set routing-options nsr-phantom-holdtime 1 set routing-options router-id 100.0.0.1 set routing-options forwarding-table remnant-holdtime 100 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 virtual-circuit-id 1 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 ignore-mtu-mismatch set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection minimum-interval 1000 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection multiplier 4 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection detection-time threshold 5000 set protocols mpls ipv6-tunneling set protocols mpls interface lo0.0 set protocols mpls interface ge-0/0/0.0 set protocols mpls interface ge-1/0/0.0 set protocols mpls interface ge-2/0/0.0 set protocols mpls interface ge-3/0/0.0 set protocols mpls interface ge-4/0/0.0 set protocols mpls interface ge-5/0/0.0 set protocols ospf export EXPORT_BNG_ACCESS_INTERNAL set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set protocols ospf area 0.0.0.0 interface ge-1/0/0.0 set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 set protocols ospf area 0.0.0.0 interface ge-3/0/0.0 set protocols ospf area 0.0.0.0 interface ge-4/0/0.0 set protocols ospf area 0.0.0.0 interface ge-5/0/0.0 set protocols ospf3 export EXPORT_BNG_ACCESS_INTERNAL set protocols ospf3 area 0.0.0.0 interface lo0.0 set protocols ospf3 area 0.0.0.0 interface ge-4/0/0.0 set protocols ospf3 area 0.0.0.0 interface ge-5/0/0.0 set protocols ldp interface lo0.0 set protocols ldp interface ge-0/0/0.0 set protocols ldp interface ge-1/0/0.0 set protocols ldp interface ge-2/0/0.0 set protocols ldp interface ge-3/0/0.0 set protocols ldp interface ge-4/0/0.0 set protocols ldp interface ge-5/0/0.0 set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from family inet set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from route-filter 100.0.0.0/8 orlonger set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 then accept set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from family inet6 set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from route-filter 1000:0000:0000:0000:0000:0000:0000:0000/64 orlonger set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 then accept set firewall family inet filter INPUT-V4-FILTER-01 interface-specific set firewall family inet filter INPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet filter INPUT-V4-FILTER-01 term TERM1 then count COUNTER11 set firewall family inet filter INPUT-V4-FILTER-01 term TERM1 then next term set firewall family inet filter INPUT-V4-FILTER-01 term TERM2 then service-accounting set firewall family inet filter INPUT-V4-FILTER-01 term TERM2 then accept set firewall family inet filter OUTPUT-V4-FILTER-01 interface-specific set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM1 then count COUNTER12 set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM1 then next term set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM2 then service-accounting set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM2 then accept set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-address 255.255.255.255/32 set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-port dhcp set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then count RPF-DHCP-V4-TRAFFIC set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then accept set firewall family inet filter RPF-PASS-DHCP-V4 term DEFAULT then discard set firewall family inet6 filter INPUT-V6-FILTER-01 interface-specific set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM1 then count COUNTER21 set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM1 then next term set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM2 then service-accounting set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM2 then accept set firewall family inet6 filter OUTPUT-V6-FILTER-01 interface-specific set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then count COUNTER22 set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then next term set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then service-accounting set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then accept set firewall family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP from destination-port dhcp set firewall family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then count RPF-DHCP-V6-TRAFFIC set firewall family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then accept set firewall family inet6 filter RPF-PASS-DHCP-V6 term DEFAULT then discard set access radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA set access radius-server 9.0.0.9 timeout 20 set access radius-server 9.0.0.9 retry 5 set access radius-server 9.0.0.9 max-outstanding-requests 1000 set access radius-server 9.0.0.9 source-address 100.0.0.1 set access domain-name-server-inet 9.0.0.100 set access domain-name-server-inet 9.0.0.101 set access domain-name-server-inet6 2000:abcd::9.0.0.100 set access domain-name-server-inet6 2000:abcd::9.0.0.101 set access profile Access-Profile-0 authentication-order radius set access profile Access-Profile-0 radius authentication-server 9.0.0.9 set access profile Access-Profile-0 radius accounting-server 9.0.0.9 set access profile Access-Profile-0 radius options nas-identifier R0-BNG1 set access profile Access-Profile-0 accounting order radius set access profile Access-Profile-0 accounting accounting-stop-on-failure set access profile Access-Profile-0 accounting accounting-stop-on-access-deny set access profile Access-Profile-0 accounting update-interval 10 set access profile Access-Profile-0 accounting statistics volume-time set access address-assignment pool v4-pool-0 family inet network 100.0.0.0/8 set access address-assignment pool v4-pool-0 family inet range v4-range-0 low 100.16.0.1 set access address-assignment pool v4-pool-0 family inet range v4-range-0 high 100.31.255.255 set access address-assignment pool v4-pool-0 family inet dhcp-attributes maximum-lease-time 25200 set access address-assignment pool v6-pd-pool-0 family inet6 prefix 1000:0000:0000:0000:0000:0000:0000:0000/64 set access address-assignment pool v6-na-pool-0 family inet6 range v6-range-0 prefilx-length 56 set access address-assignment pool v6-na-pool-0 family inet6 dhcp-attributes maximum-lease-time 25200 set access address-protection set access tunnel-profile Tunnel-1 tunnel 1 preference 1 set access tunnel-profile Tunnel-1 tunnel 1 remote-gateway address 105.0.0.1 set access tunnel-profile Tunnel-1 tunnel 1 source-gateway address 100.0.0.1 set access tunnel-profile Tunnel-1 tunnel 1 secret "$ABC123"; ## SECRET-DATA set access tunnel-profile Tunnel-1 tunnel 1 medium ipv4 set access tunnel-profile Tunnel-1 tunnel 1 tunnel-type l2tp set access tunnel-profile Tunnel-1 tunnel 1 identification Tunnel-ID-1 set access domain map ABC1.COM tunnel-profile Tunnel-1
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide for Junos OS.
To configure the R0 BNG router:
Enable dynamic profiles to use multiple versions.
You can create new versions of dynamic profiles that are currently in use by subscribers. Any subscriber that logs in following a dynamic profile modification uses the latest version of the dynamic profile. Subscribers that are already active continue to use the older version of the dynamic profile until they log out or their session terminates.
Note:You must enable or disable dynamic profile version creation before creating or using any dynamic profiles on the router. Enabling or disabling dynamic profile version creation after dynamic profiles are configured is not supported.
[edit system] user@host-R0# set dynamic-profile-options versioning
Create the client profile interfaces.
[edit dynamic-profiles] user@host-R0# set client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet unnumbered-address lo0.0 user@host-R0#set client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 unnumbered-address lo0.0
Configure the dynamic PPPoE client profile.
To enable the router to create a dynamic PPPoE subscriber interface on a PPPoE underlying interface, define the attributes of the PPPoE logical interface in a dynamic profile, and then configure the underlying interface to use the dynamic profile.
[edit dynamic-profiles] user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" no-traps user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" keepalives interval 30 user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0 user@host-R0# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0
Configure the CoS forwarding classes and map them to queues.
[edit class-of-service] user@host-R0# set forwarding-classes queue 0 FC0 user@host-R0# set forwarding-classes queue 1 FC1 user@host-R0# set forwarding-classes queue 2 FC2 user@host-R0# set forwarding-classes queue 3 FC3 user@host-R0# set forwarding-classes queue 4 FC4 user@host-R0# set forwarding-classes queue 5 FC5 user@host-R0# set forwarding-classes queue 6 FC6 user@host-R0# set forwarding-classes queue 7 FC7
Configure the dynamic VLAN profiles.
Create dynamic VLAN profiles, including defaults for predefined variables, dynamic physical interfaces, and CoS parameters.
Configure defaults for the predefined variables.
[edit dynamic-profiles] user@host-R0# set vlan-prof-0 predefined-variable-defaults cos-scheduler-map SMAP_PS user@host-R0# set vlan-prof-0 predefined-variable-defaults cos-shaping-rate 60m user@host-R0# set vlan-prof-0 predefined-variable-defaults cos-guaranteed-rate 50m
Configure the dynamic physical interfaces.
[edit dynamic-profiles] user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-traps user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id" user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id" user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet rpf-check fail-filter RPF-PASS-DHCP-V4 user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address lo0.0 user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 rpf-check fail-filter RPF-PASS-DHCP-V6 user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0 user@host-R0# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-client-profile
Configure the router advertisement.
[edit dynamic-profiles] user@host-R0# set vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” max-advertisement-interval 1800 user@host-R0# set vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” min-advertisement-interval 1350 user@host-R0# set vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” managed-configuration
Configure the CoS traffic control profiles.
[edit dynamic-profiles] user@host-R0# set vlan-prof-0 class-of-service traffic-control-profiles TCP_PS scheduler-map "$junos-cos-scheduler-map" user@host-R0# set vlan-prof-0 class-of-service traffic-control-profiles TCP_PS shaping-rate "$junos-cos-shaping-rate" user@host-R0# set vlan-prof-0 class-of-service traffic-control-profiles TCP_PS guaranteed-rate "$junos-cos-guaranteed-rate" user@host-R0# set vlan-prof-0 class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile TCP_PS
Configure the CoS scheduler maps.
[edit dynamic-profiles] user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC0 scheduler FC0_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC1 scheduler FC1_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC2 scheduler FC2_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC3 scheduler FC3_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC4 scheduler FC4_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC5 scheduler FC5_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC6 scheduler FC6_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC7 scheduler FC7_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0 forwarding-class FC0 scheduler FC0_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC1 forwarding-class FC1 scheduler FC1_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC0 scheduler FC0_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC1 scheduler FC1_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC0 scheduler FC0_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC0 scheduler FC0_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC0 scheduler FC0_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC1 scheduler FC1_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC2 scheduler FC2_SCH user@host-R0# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC3 scheduler FC3_SCH
Configure the CoS schedulers.
[edit dynamic-profiles] user@host-R0# set vlan-prof-0 class-of-service schedulers FC0_SCH transmit-rate 128k user@host-R0# set vlan-prof-0 class-of-service schedulers FC0_SCH priority strict-high user@host-R0# set vlan-prof-0 class-of-service schedulers FC1_SCH transmit-rate 20m user@host-R0# set vlan-prof-0 class-of-service schedulers FC1_SCH priority medium-high user@host-R0# set vlan-prof-0 class-of-service schedulers FC2_SCH priority low user@host-R0# set vlan-prof-0 class-of-service schedulers FC3_SCH priority low user@host-R0# set vlan-prof-0 class-of-service schedulers FC4_SCH transmit-rate 2m user@host-R0# set vlan-prof-0 class-of-service schedulers FC4_SCH buffer-size percent 2 user@host-R0# set vlan-prof-0 class-of-service schedulers FC4_SCH priority low user@host-R0# set vlan-prof-0 class-of-service schedulers FC4_SCH drop-profile-map loss-priority low protocol any drop-profile DP_04 user@host-R0# set vlan-prof-0 class-of-service schedulers FC5_SCH transmit-rate 2m user@host-R0# set vlan-prof-0 class-of-service schedulers FC5_SCH buffer-size percent 2 user@host-R0# set vlan-prof-0 class-of-service schedulers FC5_SCH priority low user@host-R0# set vlan-prof-0 class-of-service schedulers FC5_SCH drop-profile-map loss-priority low protocol any drop-profile DP_05 user@host-R0# set vlan-prof-0 class-of-service schedulers FC6_SCH transmit-rate 2m user@host-R0# set vlan-prof-0 class-of-service schedulers FC6_SCH buffer-size percent 2 user@host-R0# set vlan-prof-0 class-of-service schedulers FC6_SCH priority low user@host-R0# set vlan-prof-0 class-of-service schedulers FC6_SCH drop-profile-map loss-priority low protocol any drop-profile DP_06 user@host-R0# set vlan-prof-0 class-of-service schedulers FC7_SCH transmit-rate 2m user@host-R0# set vlan-prof-0 class-of-service schedulers FC7_SCH buffer-size percent 2 user@host-R0# set vlan-prof-0 class-of-service schedulers FC7_SCH priority low user@host-R0# set vlan-prof-0 class-of-service schedulers FC7_SCH drop-profile-map loss-priority low protocol any drop-profile DP_07
Create DHCP service profiles.
Set the service profile variables.
[edit dynamic-profiles] user@host-R0# set DHCP-SERVICE-PROFILE variables I_V4_FILTER user@host-R0# set DHCP-SERVICE-PROFILE variables O_V4_FILTER user@host-R0# set DHCP-SERVICE-PROFILE variables I_V6_FILTER user@host-R0# set DHCP-SERVICE-PROFILE variables O_V6_FILTER
Create the dynamic interfaces for the DHCP service profiles and associate the filters.
[edit dynamic-profiles] user@host-R0# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter input "$I_V4_FILTER" user@host-R0# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter output "$O_V4_FILTER" user@host-R0# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter input "$I_V6_FILTER" user@host-R0# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter output "$O_V6_FILTER"
Create the PPPoE service profiles.
Set the PPPoE service profile variables.
[edit dynamic-profiles] user@host-R0# set PPPOE-SERVICE-PROFILE variables I_V4_FILTER user@host-R0# set PPPOE-SERVICE-PROFILE variables O_V4_FILTER user@host-R0# set PPPOE-SERVICE-PROFILE variables I_V6_FILTER user@host-R0# set PPPOE-SERVICE-PROFILE variables O_V6_FILTER
Create the dynamic interfaces for the PPPoE service profiles and associate the filters.
[edit dynamic-profiles] user@host-R0# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter input "$I_V4_FILTER" user@host-R0# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter output "$O_V4_FILTER" user@host-R0# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter input "$I_V6_FILTER" user@host-R0# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter output "$O_V6_FILTER"
Configure DHCP.
Unlike traditional broadband service configuration that is tied to physical interfaces such as gigabit Ethernet or aggregated Ethernet, this solution configuration relies on pseudowire interfaces and virtual Ethernet ports for broadband subscriber termination.
All dynamically created VLANs over pseudowire interfaces in this solution configuration are allowed to process DHCP messages coming in through MPLS pseudowire subscriber tunnels and arriving at pseudowire anchor interfaces.
Dual stack PPPoE sessions—enable DHCPv6 for PPPoE sessions.
[edit system] user@host-R0#set services dhcp-local-server dhcpv6 group v6-ppp-client-0 interface pp0.0
DHCPv4 sessions—configure the IPv4 local server group for pseudowire interfaces.
Assign the group a password, a username prefix, and a dynamic profile. Associate pseudowire interfaces with the group. Two pseudowires are shown here. Repeat this step for all pseudowire interfaces.
[edit system] user@host-R0# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication password <password> user@host-R0# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V4_DEFAULT user@host-R0# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 dynamic-profile client-profile user@host-R0# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps0.0 user@host-R0# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps1.0
DHCPv6 sessions—configure the IPv6 local server group for pseudowire interfaces.
Assign the group a password, a username prefix, and a dynamic profile. Associate pseudowire interfaces with the group. This enables DHCPv6 subscriber authentication using VLAN over pseudowire subscriber interfaces. Two pseudowires are shown here. Repeat this step for all pseudowire interfaces.
[edit system] user@host-R0# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication password <password> user@host-R0# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V6_DEFAULT user@host-R0# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 dynamic-profile client-profile user@host-R0# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 interface ps0.0 user@host-R0# set services dhcp-local-server dhcpv6 group v6-dhcp-client-1-ACCESS-0-ps1 interface ps1.0
Configure graceful switchover and device count.
Configure the primary Routing Engine to switch over gracefully to the backup Routing Engine without interruption to packet forwarding.
[edit chassis] user@host-R0# set redundancy graceful-switchover
Configure the number of pseudowire logical devices available to the router.
[edit chassis] user@host-R0# set pseudowire-service device-count 2048
Delay removal of access routes and access-internal routes after graceful Routing Engine switchover, and establish a high threshold for resource monitoring.
[edit system] user@host-R0# set services subscriber-management gres-route-flush-delay user@host-R0# set services resource-monitor high-threshold 80
Enable configuration synchronization between Routing Engines.
[edit system] user@host-R0# set commit synchronize
Configure the pseudowire tunnel services at the chassis level.
Configure the amount of bandwidth for tunnel services and enable CoS queuing, scheduling, and shaping on flexible PIC concentrators 0 through 4 (4 is not used).
One flexible PIC concentrator is shown. Repeat this step for all remaining flexible PIC concentrators.
[edit chassis] user@host-R0# set fpc 0 pic 0 tunnel-services bandwidth 1g user@host-R0# set fpc 0 pic 0 traffic-manager egress-shaping-overhead 0 user@host-R0# set fpc 0 pic 1 tunnel-services bandwidth 1g user@host-R0# set fpc 0 pic 1 traffic-manager egress-shaping-overhead 0 user@host-R0# set fpc 0 pic 2 tunnel-services bandwidth 1g user@host-R0# set fpc 0 pic 2 traffic-manager egress-shaping-overhead 0 user@host-R0# set fpc 0 pic 3 tunnel-services bandwidth 1g user@host-R0# set fpc 0 pic 3 traffic-manager egress-shaping-overhead 0
Attach an access profile to all DHCP and PPPoE subscribers.
When a DHCP or PPPoE subscriber logs in, the specified access profile is instantiated and the services defined in the profile are applied to the subscriber.
[edit] user@host-R0# set access-profile Access-Profile-0
Configure a loopback interface, transit links, and logical tunnel interfaces.
In the context of this solution configuration, transit links are Ethernet ports connecting the BNG device to an access/aggregation device. They are the access-facing interfaces; subscriber sessions (VLAN, PPPoE, DHCP) are not terminated or anchored on them. Logical tunnel (LT) interfaces serve as termination and anchor interfaces for the logical subscriber sessions. The LT interfaces are underlying interfaces for the pseudowire subscriber interface construct, as shown in Figure 4.
Figure 4: Pseudowire Subscriber Interface Protocol StackConfigure a loopack interface.
[edit interfaces] user@host-R0# set lo0 unit 0 family inet address 100.0.0.1/32 primary user@host-R0# set lo0 unit 0 family inet address 100.0.0.1/32 preferred user@host-R0# set lo0 unit 0 family inet6 address 1000:0::1/128 primary user@host-R0# set lo0 unit 0 family inet6 address 1000:0::1/128 preferred user@host-R0# set lo0 unit 0 family mpls
Configure the transit links.
[edit interfaces] user@host-R0# set ge-4/0/0 description "To R4 - Core" user@host-R0# set ge-4/0/0 unit 0 family inet address 21.21.14.1/24 user@host-R0# set ge-4/0/0 unit 0 family inet6 user@host-R0# set ge-4/0/0 unit 0 family mpls user@host-R0# set ge-5/0/0 description "To R4 - Core" user@host-R0# set ge-5/0/0 unit 0 family inet address 21.21.15.1/24 user@host-R0# set ge-5/0/0 unit 0 family inet6 user@host-R0# set ge-5/0/0 unit 0 family mpls user@host-R0# set ge-0/0/0 description "To R1 - APE1" user@host-R0# set ge-0/0/0 unit 0 family inet address 21.21.11.1/24 user@host-R0# set ge-0/0/0 unit 0 family mpls user@host-R0# set ge-1/0/0 description "To R1 - APE1" user@host-R0# set ge-1/0/0 unit 0 family inet address 21.21.10.1/24 user@host-R0# set ge-1/0/0 unit 0 family mpls user@host-R0# set ge-2/0/0 description "To R2 - APE2" user@host-R0# set ge-2/0/0 unit 0 family inet address 21.21.13.1/24 user@host-R0# set ge-2/0/0 unit 0 family mpls user@host-R0# set ge-3/0/0 description "To R2 - APE2" user@host-R0# set ge-3/0/0 unit 0 family inet address 21.21.12.1/24 user@host-R0# set ge-3/0/0 unit 0 family mpls
Configure the LT interfaces that correspond to the transit links.
[edit interfaces] user@host-R0# set lt-0/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-0/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-0/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-0/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-1/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-1/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-1/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-1/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-2/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-2/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-2/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-2/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-3/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-3/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-3/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R0# set lt-3/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy
Configure the pseudoservice interfaces and auto-sensed dynamic VLAN.
Subscriber management supports the creation of subscriber interfaces over point-to-point MPLS pseudowires. The pseudowire subscriber interface capability enables service providers to extend an MPLS domain from the access-aggregation network to the service edge, where subscriber management is performed. Service providers can take advantage of MPLS capabilities such as failover, rerouting, and uniform MPLS label provisioning, while using a single pseudowire to service a large number of DHCP and PPPoE subscribers in the service network.
The pseudowire is a tunnel that is either an MPLS-based L2 VPN or L2 circuit. The pseudowire tunnel transports Ethernet encapsulated traffic from an access node (for example, a DSLAM or other aggregation device) to the MX Series router that hosts the subscriber management services. The termination of the pseudowire tunnel on the MX Series router is similar to a physical Ethernet termination, and is the point at which subscriber management functions are performed. A service provider can configure multiple pseudowires on a per-DSLAM basis and then provision support for a large number of subscribers on a specific pseudowire.
At the access node end of the pseudowire, the subscriber traffic can be groomed into the pseudowire in a variety of ways, limited only by the number and types of interfaces that can be stacked on the pseudowire. Specify an anchor point, which identifies the logical tunnel interface that terminates the pseudowire tunnel at the access node.
Configure the PS interfaces and VLAN authentication.
One pseudowire is shown. Repeat this step for all remaining pseudowires.
[edit interfaces] user@host-R0# set ps0 anchor-point lt-0/0/10 user@host-R0# set ps0 flexible-vlan-tagging user@host-R0# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet user@host-R0# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet6 user@host-R0# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept pppoe user@host-R0# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 ranges 1-256,1-4094 user@host-R0# set ps0 auto-configure stacked-vlan-ranges authentication password <password> user@host-R0# set ps0 auto-configure stacked-vlan-ranges authentication username-include user-prefix SST_USER_VLAN_DEFAULT user@host-R0# set ps0 auto-configure remove-when-no-subscribers user@host-R0# set ps0 no-gratuitous-arp-request user@host-R0# set ps0 unit 0 encapsulation ethernet-ccc
Configure the routing options.
[edit routing-options] user@host-R0# set ppm redistribution-timer 1 user@host-R0# set nonstop-routing user@host-R0# set nsr-phantom-holdtime 1 user@host-R0# set router-id 100.0.0.1 user@host-R0# set forwarding-table remnant-holdtime 100
Configure the L2 circuit connections.
Configuration for one pseudoservices interface (ps0.0) is shown. Repeat this step for ps1.0 through ps2047.0.
[edit protocols] user@host-R0# set l2circuit neighbor 101.0.0.1 interface ps0.0 virtual-circuit-id 1 user@host-R0# set l2circuit neighbor 101.0.0.1 interface ps0.0 ignore-mtu-mismatch user@host-R0# set l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection minimum-interval 1000 user@host-R0# set l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection multiplier 4 user@host-R0# set l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection detection-time threshold 5000
Configure the routing protocols.
This configuration example utilizes MPLS, OSPF, OSPFv3, and LDP on the BNG routers.
Configure MPLS.
[edit protocols] user@host-R0# set mpls ipv6-tunneling user@host-R0# set mpls interface lo0.0 user@host-R0# set mpls interface ge-0/0/0.0 user@host-R0# set mpls interface ge-1/0/0.0 user@host-R0# set mpls interface ge-2/0/0.0 user@host-R0# set mpls interface ge-3/0/0.0 user@host-R0# set mpls interface ge-4/0/0.0 user@host-R0# set mpls interface ge-5/0/0.0
Configure OSPF and OSPFv3.
[edit protocols] user@host-R0# set ospf export EXPORT_BNG_ACCESS_INTERNAL user@host-R0# set ospf area 0.0.0.0 interface lo0.0 user@host-R0# set ospf area 0.0.0.0 interface ge-0/0/0.0 user@host-R0# set ospf area 0.0.0.0 interface ge-1/0/0.0 user@host-R0# set ospf area 0.0.0.0 interface ge-2/0/0.0 user@host-R0# set ospf area 0.0.0.0 interface ge-3/0/0.0 user@host-R0# set ospf area 0.0.0.0 interface ge-4/0/0.0 user@host-R0# set ospf area 0.0.0.0 interface ge-5/0/0.0 user@host-R0# set ospf3 export EXPORT_BNG_ACCESS_INTERNAL user@host-R0# set ospf3 area 0.0.0.0 interface lo0.0 user@host-R0# set ospf3 area 0.0.0.0 interface ge-4/0/0.0 user@host-R0# set ospf3 area 0.0.0.0 interface ge-5/0/0.0
Configure LDP.
[edit protocols] user@host-R0# set ldp interface lo0.0 user@host-R0# set ldp interface ge-0/0/0.0 user@host-R0# set ldp interface ge-1/0/0.0 user@host-R0# set ldp interface ge-2/0/0.0 user@host-R0# set ldp interface ge-3/0/0.0 user@host-R0# set ldp interface ge-4/0/0.0 user@host-R0# set ldp interface ge-5/0/0.0
Configure the routing policy.
[edit policy-options] user@host-R0# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from family inet user@host-R0# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from route-filter 100.0.0.0/8 orlonger user@host-R0# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 then accept user@host-R0# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from family inet6 user@host-R0# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from route-filter 1000:0000:0000:0000:0000:0000:0000:0000/64 orlonger user@host-R0# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 then accept
Configure the firewall filters.
Configure the input, output, and RPF DHCP filters for IPv4.
[edit firewall] user@host-R0# set family inet filter INPUT-V4-FILTER-01 interface-specific user@host-R0# set family inet filter INPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 user@host-R0# set family inet filter INPUT-V4-FILTER-01 term TERM1 then count COUNTER11 user@host-R0# set family inet filter INPUT-V4-FILTER-01 term TERM1 then next term user@host-R0# set family inet filter INPUT-V4-FILTER-01 term TERM2 then service-accounting user@host-R0# set family inet filter INPUT-V4-FILTER-01 term TERM2 then accept user@host-R0# set family inet filter OUTPUT-V4-FILTER-01 interface-specific user@host-R0# set family inet filter OUTPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 user@host-R0# set family inet filter OUTPUT-V4-FILTER-01 term TERM1 then count COUNTER12 user@host-R0# set family inet filter OUTPUT-V4-FILTER-01 term TERM1 then next term user@host-R0# set family inet filter OUTPUT-V4-FILTER-01 term TERM2 then service-accounting user@host-R0# set family inet filter OUTPUT-V4-FILTER-01 term TERM2 then accept user@host-R0# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-address 255.255.255.255/32 user@host-R0# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-port dhcp user@host-R0# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then count RPF-DHCP-V4-TRAFFIC user@host-R0# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then accept user@host-R0# set family inet filter RPF-PASS-DHCP-V4 term DEFAULT then discard
Configure the input, output, and RPF DHCP filters for IPv6.
[edit firewall] user@host-R0# set family inet6 filter INPUT-V6-FILTER-01 interface-specific user@host-R0# set family inet6 filter INPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 user@host-R0# set family inet6 filter INPUT-V6-FILTER-01 term TERM1 then count COUNTER21 user@host-R0# set family inet6 filter INPUT-V6-FILTER-01 term TERM1 then next term user@host-R0# set family inet6 filter INPUT-V6-FILTER-01 term TERM2 then service-accounting user@host-R0# set family inet6 filter INPUT-V6-FILTER-01 term TERM2 then accept user@host-R0# set family inet6 filter OUTPUT-V6-FILTER-01 interface-specific user@host-R0# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 user@host-R0# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then count COUNTER22 user@host-R0# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then next term user@host-R0# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then service-accounting user@host-R0# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then accept user@host-R0# set family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP from destination-port dhcp user@host-R0# set family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then count RPF-DHCP-V6-TRAFFIC user@host-R0# set family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then accept user@host-R0# set family inet6 filter RPF-PASS-DHCP-V6 term DEFAULT then discard
Configure access to the RADIUS server and DNS.
[edit access] user@host-R0# set radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA user@host-R0# set radius-server 9.0.0.9 timeout 20 user@host-R0# set radius-server 9.0.0.9 retry 5 user@host-R0# set radius-server 9.0.0.9 max-outstanding-requests 1000 user@host-R0# set radius-server 9.0.0.9 source-address 100.0.0.1 user@host-R0# set domain-name-server-inet 9.0.0.100 user@host-R0# set domain-name-server-inet 9.0.0.101 user@host-R0# set domain-name-server-inet6 2000:abcd::9.0.0.100 user@host-R0# set domain-name-server-inet6 2000:abcd::9.0.0.101
Configure the access profiles for RADIUS authentication and accounting.
[edit access] user@host-R0# set profile Access-Profile-0 authentication-order radius user@host-R0# set profile Access-Profile-0 radius authentication-server 9.0.0.9 user@host-R0# set profile Access-Profile-0 radius accounting-server 9.0.0.9 user@host-R0# set profile Access-Profile-0 radius options nas-identifier R0-BNG1 user@host-R0# set profile Access-Profile-0 accounting order radius user@host-R0# set profile Access-Profile-0 accounting accounting-stop-on-failure user@host-R0# set profile Access-Profile-0 accounting accounting-stop-on-access-deny user@host-R0# set profile Access-Profile-0 accounting update-interval 10 user@host-R0# set profile Access-Profile-0 accounting statistics volume-time
Configure the IPv4 and IPv6 address assignment pools.
Configure the IPv4 address pools.
[edit access] user@host-R0# set address-assignment pool v4-pool-0 family inet network 100.0.0.0/8 user@host-R0# set address-assignment pool v4-pool-0 family inet range v4-range-0 low 100.16.0.1 user@host-R0# set address-assignment pool v4-pool-0 family inet range v4-range-0 high 100.31.255.255 user@host-R0# set address-assignment pool v4-pool-0 family inet dhcp-attributes maximum-lease-time 25200
Configure the IPv6 address pools.
[edit access] user@host-R0# set address-assignment pool v6-pd-pool-0 family inet6 prefix 1000:0000:0000:0000:0000:0000:0000:0000/64 user@host-R0# set address-assignment pool v6-na-pool-0 family inet6 range v6-range-0 prefilx-length 56 user@host-R0# set address-assignment pool v6-na-pool-0 family inet6 dhcp-attributes maximum-lease-time 25200
Configure address protection.
[edit access] user@host-R0# set address-protection
Configure tunnel profiles.
Configure the attributes of a tunnel profile.
[edit access] user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 preference 1 user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 remote-gateway address 105.0.0.1 user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 source-gateway address 100.0.0.1 user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 secret "$ABC123"; ## SECRET-DATA user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 medium ipv4 user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 tunnel-type l2tp user@host-R0# set tunnel-profile Tunnel-1 tunnel 1 identification Tunnel-ID-1
Configure the domain maps for the tunnel profile.
The BNG LAC component uses domain maps to initiate L2TP sessions without RADIUS interaction. Optionally, RADIUS can be used for PPP authentication and to dynamically provide L2TP tunnel attributes such as tunnel destination.
[edit access] user@host-R0# set domain map ABC1.COM tunnel-profile Tunnel-1
Results
From configuration mode, confirm your configuration
by entering the following show
commands:
Confirm the dynamic profile version creation configuration.
user@host-R0# show system dynamic-profile-options versioning;
Confirm the client profile interface configuration.
user@host-R0# show dynamic-profiles client-profile interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet { unnumbered-address lo0.0; } family inet6 { unnumbered-address lo0.0; } } } }
Confirm the dynamic PPPoE client profile configuration.
user@host-R0# show dynamic-profiles pppoe-client-profile interfaces { pp0 { unit "$junos-interface-unit" { no-traps; ppp-options { chap; pap; } pppoe-options { underlying-interface "$junos-underlying-interface"; server; } keepalives interval 30; family inet { unnumbered-address lo0.0; } family inet6 { unnumbered-address lo0.0; } } } }
Confirm the CoS forwarding class queue configuration.
user@host-R0# show class-of-service forwarding-classes queue 0 FC0; queue 1 FC1; queue 2 FC2; queue 3 FC3; queue 4 FC4; queue 5 FC5; queue 6 FC6; queue 7 FC7;
Confirm the dynamic VLAN profile configuration.
user@host-R0# show dynamic-profiles vlan-prof-0 predefined-variable-defaults { cos-scheduler-map SMAP_PS; cos-shaping-rate 60m; cos-guaranteed-rate 50m; } interfaces { "$junos-interface-ifd-name" { unit "$junos-interface-unit" { no-traps; vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id"; family inet { rpf-check fail-filter RPF-PASS-DHCP-V4; unnumbered-address lo0.0; } family inet6 { rpf-check fail-filter RPF-PASS-DHCP-V6; unnumbered-address lo0.0; } family pppoe { dynamic-profile pppoe-client-profile; } } } } protocols { router-advertisement { interface "$junos-interface-name" { max-advertisement-interval 1800; min-advertisement-interval 1350; managed-configuration; } } } class-of-service { traffic-control-profiles { TCP_PS { scheduler-map "$junos-cos-scheduler-map"; shaping-rate "$junos-cos-shaping-rate"; guaranteed-rate "$junos-cos-guaranteed-rate"; } } interfaces { "$junos-interface-ifd-name" { unit "$junos-interface-unit" { output-traffic-control-profile TCP_PS; } } } scheduler-maps { SMAP_ALL { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; forwarding-class FC3 scheduler FC3_SCH; forwarding-class FC4 scheduler FC4_SCH; forwarding-class FC5 scheduler FC5_SCH; forwarding-class FC6 scheduler FC6_SCH; forwarding-class FC7 scheduler FC7_SCH; } SMAP_FC0 { forwarding-class FC0 scheduler FC0_SCH; } SMAP_FC1 { forwarding-class FC1 scheduler FC1_SCH; } SMAP_FC2 { forwarding-class FC2 scheduler FC2_SCH; } SMAP_FC0_FC1 { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; } SMAP_FC1_FC2 { forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; } SMAP_FC0_FC2 { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC2 scheduler FC2_SCH; } SMAP_FC0_FC1_FC2 { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; } SMAP_PS { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; forwarding-class FC3 scheduler FC3_SCH; } } schedulers { FC0_SCH { transmit-rate 128k; priority strict-high; } FC1_SCH { transmit-rate 20m; priority medium-high; } FC2_SCH { priority low; } FC3_SCH { priority low; } FC4_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_04; } FC5_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_05; } FC6_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_06; } FC7_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_07; } } }
Confirm the DHCP service profile configuration.
user@host-R0# show dynamic-profiles DHCP-SERVICE-PROFILE variables { I_V4_FILTER; O_V4_FILTER; I_V6_FILTER; O_V6_FILTER; } interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet { filter { input "$I_V4_FILTER"; output "$O_V4_FILTER"; } } family inet6 { filter { input "$I_V6_FILTER"; output "$O_V6_FILTER"; } } } } }
Confirm the PPPoE service profile configuration.
user@host-R0# show dynamic-profiles PPPOE-SERVICE-PROFILE variables { I_V4_FILTER; O_V4_FILTER; I_V6_FILTER; O_V6_FILTER; } interfaces { pp0 { unit "$junos-interface-unit" { family inet { filter { input "$I_V4_FILTER"; output "$O_V4_FILTER"; } } family inet6 { filter { input "$I_V6_FILTER"; output "$O_V6_FILTER"; } } } } }
Confirm the DHCP local server configuration.
user@host-R0# show system services dhcp-local-server dhcpv6 { group v6-ppp-client-0 { interface pp0.0; } group v4-rtClient-0-ACCESS-0-ps0 { authentication { password <password>; username-include { user-prefix SST_USER_DHCP_V4_DEFAULT; } } dynamic-profile client-profile; interface ps0.0; interface ps1.0; } group v6-dhcp-client-0-ACCESS-0-ps0 { authentication { password <password>; username-include { user-prefix SST_USER_DHCP_V6_DEFAULT; } } dynamic-profile client-profile; interface ps0.0; interface ps1.0; } }
Confirm the graceful switchover and device count configuration.
user@host-R0# show chassis redundancy graceful-switchover; user@host-R0# show chassis pseudowire-service device-count 2048;
Confirm the pseudowire tunnel service configuration.
user@host-R0# show chassis fpc 0 pic 0 { tunnel-services { bandwidth 1g; } traffic-manager { egress-shaping-overhead 0; } } pic 1 { tunnel-services { bandwidth 1g; } traffic-manager { egress-shaping-overhead 0; } } pic 2 { tunnel-services { bandwidth 1g; } traffic-manager { egress-shaping-overhead 0; } } pic 3 { tunnel-services { bandwidth 1g; } traffic-manager { egress-shaping-overhead 0; } }
Confirm the loopback interface, transit link, and logical tunnel interface configuration.
user@host-R0# show interfaces lo0 { unit 0 { family inet { address 100.0.0.1/32 { primary; preferred; } } family inet6 { address 1000:0::1/128 { primary; preferred; } } family mpls; } } ge-4/0/0 { description "To R4 - Core"; unit 0 { family inet { address 21.21.14.1/24; } family inet6; family mpls; } } ge-5/0/0 { description "To R4 - Core"; unit 0 { family inet { address 21.21.15.1/24; } family inet6; family mpls; } } ge-0/0/0 { description "To R1 - APE1"; unit 0 { family inet { address 21.21.11.1/24; } family mpls; } } ge-1/0/0 { description "To R1 - APE1"; unit 0 { family inet { address 21.21.10.1/24; } family mpls; } } ge-2/0/0 { description "To R2 - APE2"; unit 0 { family inet { address 21.21.13.1/24; } family mpls; } } ge-3/0/0 { description "To R2 - APE2"; unit 0 { family inet { address 21.21.12.1/24; } family mpls; } } lt-0/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-0/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-0/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-0/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; }
Confirm the PS interface and VLAN authentication configuration.
user@host-R0# show interfaces ps0 anchor-point { lt-0/0/10; } flexible-vlan-tagging; auto-configure { stacked-vlan-ranges { dynamic-profile vlan-prof-0 { accept [ inet inet6 pppoe ]; ranges { 1-256,1-4094; } } authentication { password <password>; username-include { user-prefix SST_USER_VLAN_DEFAULT; } } } remove-when-no-subscribers; } no-gratuitous-arp-request; unit 0 { encapsulation ethernet-ccc; } } user@host-R0# show routing-options ppm { redistribution-timer 1; } nonstop-routing; nsr-phantom-holdtime 1; router-id 100.0.0.1; forwarding-table { remnant-holdtime 100; }
Confirm the L2 circuit connections.
user@host-R0# show protocols l2circuit neighbor 101.0.0.1 interface ps0.0 virtual-circuit-id 1; ignore-mtu-mismatch; oam { bfd-liveness-detection { minimum-interval 1000; multiplier 4; detection-time { threshold 5000; } } }
Confirm the routing protocol configuration.
user@host-R0# show protocols mpls { ipv6-tunneling; interface lo0.0; interface ge-0/0/0.0; interface ge-1/0/0.0; interface ge-2/0/0.0; interface ge-3/0/0.0; interface ge-4/0/0.0; interface ge-5/0/0.0; } ospf { export EXPORT_BNG_ACCESS_INTERNAL; area 0.0.0.0 { interface lo0.0; interface ge-0/0/0.0; interface ge-1/0/0.0; interface ge-2/0/0.0; interface ge-3/0/0.0; interface ge-4/0/0.0; interface ge-5/0/0.0; } } ospf3 { export EXPORT_BNG_ACCESS_INTERNAL; area 0.0.0.0 { interface lo0.0; interface ge-4/0/0.0; interface ge-5/0/0.0; } } ldp { interface lo0.0; interface ge-0/0/0.0; interface ge-1/0/0.0; interface ge-2/0/0.0; interface ge-3/0/0.0; interface ge-4/0/0.0; interface ge-5/0/0.0; }
Confirm the policy statement configuration.
user@host-R0# show policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL { term 1 { from { family inet; route-filter 100.0.0.0/8 orlonger; } then accept; } term 2 { from { family inet6; route-filter 1000:0000:0000:0000:0000:0000:0000:0000/64 orlonger; } then accept; } }
Confirm the firewall settings configuration.
user@host-R0# show firewall family inet { filter INPUT-V4-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER11; next term; } } term TERM2 { then { service-accounting; accept; } } } filter OUTPUT-V4-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER12; next term; } } term TERM2 { then { service-accounting; accept; } } } filter RPF-PASS-DHCP-V4 { term ALLOW-DHCP { from { destination-address { 255.255.255.255/32; } destination-port dhcp; } then { count RPF-DHCP-V4-TRAFFIC; accept; } } term DEFAULT { then { discard; } } } } family inet6 { filter INPUT-V6-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER21; next term; } } term TERM2 { then { service-accounting; accept; } } } filter OUTPUT-V6-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER22; next term; } } term TERM2 { then { service-accounting; accept; } } } filter RPF-PASS-DHCP-V6 { term ALLOW-DHCP { from { destination-port dhcp; } then { count RPF-DHCP-V6-TRAFFIC; accept; } } term DEFAULT { then discard; } } }
Confirm the RADIUS server and DNS access configuration.
user@host-R0# show access radius-server 9.0.0.9 { secret "$ABC123"; ## SECRET-DATA timeout 20; retry 5; max-outstanding-requests 1000; source-address 100.0.0.1; } user@host-R0# show access domain-name-server-inet 9.0.0.100; 9.0.0.101; user@host-R0# show access domain-name-server-inet6 2000:abcd::9.0.0.100; 2000:abcd::9.0.0.101;
Confirm the access profile configuration.
user@host-R0# show access profile Access-Profile-0 authentication-order radius; radius { authentication-server 9.0.0.9; accounting-server 9.0.0.9; options { nas-identifier R0-BNG1; } } accounting { order radius; accounting-stop-on-failure; accounting-stop-on-access-deny; update-interval 10; statistics volume-time; }
Confirm the address assignment pool configuration.
user@host-R0# show access address-assignment pool v4-pool-0 { family inet { network 100.0.0.0/8; range v4-range-0 { low 100.16.0.1; high 100.31.255.255; } dhcp-attributes { maximum-lease-time 25200; } } } pool v6-pd-pool-0 { family inet6 { prefix 1000:0000:0000:0000:0000:0000:0000:0000/64; range v6-range-0 prefix-length 56; dhcp-attributes { maximum-lease-time 25200; } } } user@host-R0# show access address-protection address-protection;
Confirm the tunnel profile configuration.
user@host-R0# show access tunnel-profile Tunnel-1 tunnel 1 { preference 1; remote-gateway { address 105.0.0.1; } source-gateway { address 100.0.0.1; } secret "$ABC123"; ## SECRET-DATA medium ipv4; tunnel-type l2tp; identification Tunnel-ID-1; } user@host-R0# show access domain map ABC1.COM { tunnel-profile Tunnel-1; }
Configuring BNG Router, R3
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit]
hierarchy level.
set system dynamic-profile-options versioning set dynamic-profiles client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet unnumbered-address lo0.0 set dynamic-profiles client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 unnumbered-address lo0.0 set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" no-traps set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" keepalives interval 30 set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0 set dynamic-profiles pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0 set class-of-service forwarding-classes queue 0 FC0 set class-of-service forwarding-classes queue 1 FC1 set class-of-service forwarding-classes queue 2 FC2 set class-of-service forwarding-classes queue 3 FC3 set class-of-service forwarding-classes queue 4 FC4 set class-of-service forwarding-classes queue 5 FC5 set class-of-service forwarding-classes queue 6 FC6 set class-of-service forwarding-classes queue 7 FC7 set dynamic-profiles vlan-prof-0 predefined-variable-defaults cos-scheduler-map SMAP_PS set dynamic-profiles vlan-prof-0 predefined-variable-defaults cos-shaping-rate 60m set dynamic-profiles vlan-prof-0 predefined-variable-defaults cos-guaranteed-rate 50m set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-traps set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id" set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id" set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet rpf-check fail-filter RPF-PASS-DHCP-V4 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address lo0.0 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 rpf-check fail-filter RPF-PASS-DHCP-V6 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0 set dynamic-profiles vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-client-profile set dynamic-profiles vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” max-advertisement-interval 1800 set dynamic-profiles vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” min-advertisement-interval 1350 set dynamic-profiles vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” managed-configuration set dynamic-profiles vlan-prof-0 class-of-service traffic-control-profiles TCP_PS scheduler-map "$junos-cos-scheduler-map" set dynamic-profiles vlan-prof-0 class-of-service traffic-control-profiles TCP_PS shaping-rate "$junos-cos-shaping-rate" set dynamic-profiles vlan-prof-0 class-of-service traffic-control-profiles TCP_PS guaranteed-rate "$junos-cos-guaranteed-rate" set dynamic-profiles vlan-prof-0 class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile TCP_PS set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC3 scheduler FC3_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC4 scheduler FC4_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC5 scheduler FC5_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC6 scheduler FC6_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC7 scheduler FC7_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC1 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC0 scheduler FC0_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC1 scheduler FC1_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC2 scheduler FC2_SCH set dynamic-profiles vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC3 scheduler FC3_SCH set dynamic-profiles vlan-prof-0 class-of-service schedulers FC0_SCH transmit-rate 128k set dynamic-profiles vlan-prof-0 class-of-service schedulers FC0_SCH priority strict-high set dynamic-profiles vlan-prof-0 class-of-service schedulers FC1_SCH transmit-rate 20m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC1_SCH priority medium-high set dynamic-profiles vlan-prof-0 class-of-service schedulers FC2_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC3_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC4_SCH drop-profile-map loss-priority low protocol any drop-profile DP_04 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC5_SCH drop-profile-map loss-priority low protocol any drop-profile DP_05 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC6_SCH drop-profile-map loss-priority low protocol any drop-profile DP_06 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH transmit-rate 2m set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH buffer-size percent 2 set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH priority low set dynamic-profiles vlan-prof-0 class-of-service schedulers FC7_SCH drop-profile-map loss-priority low protocol any drop-profile DP_07 set dynamic-profiles DHCP-SERVICE-PROFILE variables I_V4_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE variables O_V4_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE variables I_V6_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE variables O_V6_FILTER set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter input "$I_V4_FILTER" set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter output "$O_V4_FILTER" set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter input "$I_V6_FILTER" set dynamic-profiles DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter output "$O_V6_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE variables I_V4_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE variables O_V4_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE variables I_V6_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE variables O_V6_FILTER set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter input "$I_V4_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter output "$O_V4_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter input "$I_V6_FILTER" set dynamic-profiles PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter output "$O_V6_FILTER" set system ports console log-out-on-disconnect set system services dhcp-local-server dhcpv6 group v6-ppp-client-0 interface pp0.0 set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication password <password> set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V4_DEFAULT set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 dynamic-profile client-profile set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps0.0 set system services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps1.0 set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication password <password> set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V6_DEFAULT set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 dynamic-profile client-profile set system services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 interface ps0.0 set system services dhcp-local-server dhcpv6 group v6-dhcp-client-1-ACCESS-0-ps1 interface ps1.0 set chassis redundancy graceful-switchover set chassis pseudowire-service device-count 2048 set system services subscriber-management gres-route-flush-delay set system services resource-monitor high-threshold 80 set system commit synchronize set chassis fpc 0 pic 0 tunnel-services bandwidth 1g set chassis fpc 0 pic 1 tunnel-services bandwidth 1g set chassis fpc 0 pic 2 tunnel-services bandwidth 1g set chassis fpc 0 pic 3 tunnel-services bandwidth 1g set access-profile Access-Profile-0 set interfaces lo0 unit 0 family inet address 103.0.0.1/32 primary set interfaces lo0 unit 0 family inet address 103.0.0.1/32 preferred set interfaces lo0 unit 0 family inet6 address 1003:0::1/128 primary set interfaces lo0 unit 0 family inet6 address 1003:0::1/128 preferred set interfaces lo0 unit 0 family mpls set interfaces ge-4/0/0 description "To R2 - Core" set interfaces ge-4/0/0 unit 0 family inet address 21.21.40.1/24 set interfaces ge-4/0/0 unit 0 family inet6 set interfaces ge-4/0/0 unit 0 family mpls set interfaces ge-0/0/0 description "To R1 - APE1" set interfaces ge-0/0/0 unit 0 family inet address 21.21.20.2/24 set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-1/0/0 description "To R1 - APE1" set interfaces ge-1/0/0 unit 0 family inet address 21.21.21.2/24 set interfaces ge-1/0/0 unit 0 family mpls set interfaces ge-2/0/0 description "To R2 - APE2" set interfaces ge-2/0/0 unit 0 family inet address 21.21.30.2/24 set interfaces ge-2/0/0 unit 0 family mpls set interfaces ge-3/0/0 description "To R2 - APE2" set interfaces ge-3/0/0 unit 0 family inet address 21.21.31.2/24 set interfaces ge-3/0/0 unit 0 family mpls set interfaces lt-0/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-0/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-0/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-0/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-1/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-2/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces lt-3/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy set interfaces ps0 anchor-point lt-0/0/10 set interfaces ps0 flexible-vlan-tagging set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet6 set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept pppoe set interfaces ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 ranges 1-256,1-4094 set interfaces ps0 auto-configure stacked-vlan-ranges authentication password <password> set interfaces ps0 auto-configure stacked-vlan-ranges authentication username-include user-prefix SST_USER_VLAN_DEFAULT set interfaces ps0 auto-configure remove-when-no-subscribers set interfaces ps0 no-gratuitous-arp-request set interfaces ps0 unit 0 encapsulation ethernet-ccc set routing-options ppm redistribution-timer 1 set routing-options nonstop-routing set routing-options nsr-phantom-holdtime 1 set routing-options router-id 103.0.0.1 set routing-options forwarding-table remnant-holdtime 100 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 virtual-circuit-id 1 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 ignore-mtu-mismatch set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection minimum-interval 1000 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection multiplier 4 set protocols l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection detection-time threshold 5000 set protocols mpls ipv6-tunneling set protocols mpls interface lo0.0 set protocols mpls interface ge-0/0/0.0 set protocols mpls interface ge-1/0/0.0 set protocols mpls interface ge-2/0/0.0 set protocols mpls interface ge-3/0/0.0 set protocols mpls interface ge-4/0/0.0 set protocols ospf export EXPORT_BNG_ACCESS_INTERNAL set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set protocols ospf area 0.0.0.0 interface ge-1/0/0.0 set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 set protocols ospf area 0.0.0.0 interface ge-3/0/0.0 set protocols ospf area 0.0.0.0 interface ge-4/0/0.0 set protocols ospf3 export EXPORT_BNG_ACCESS_INTERNAL set protocols ospf3 area 0.0.0.0 interface lo0.0 set protocols ospf3 area 0.0.0.0 interface ge-4/0/0.0 set protocols ldp interface lo0.0 set protocols ldp interface ge-0/0/0.0 set protocols ldp interface ge-1/0/0.0 set protocols ldp interface ge-2/0/0.0 set protocols ldp interface ge-3/0/0.0 set protocols ldp interface ge-4/0/0.0 set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from family inet set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from route-filter 100.0.0.0/8 orlonger set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from route-filter 103.0.0.0/8 orlonger set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 then accept set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from family inet6 set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from route-filter 1000:0000:0000:0000:0000:0000:0000:0000/64 orlonger set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from route-filter 1003:0000:0000:0000:0000:0000:0000:0000/64 orlonger set policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 then accept set firewall family inet filter INPUT-V4-FILTER-01 interface-specific set firewall family inet filter INPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet filter INPUT-V4-FILTER-01 term TERM1 then count COUNTER11 set firewall family inet filter INPUT-V4-FILTER-01 term TERM1 then next term set firewall family inet filter INPUT-V4-FILTER-01 term TERM2 then service-accounting set firewall family inet filter INPUT-V4-FILTER-01 term TERM2 then accept set firewall family inet filter OUTPUT-V4-FILTER-01 interface-specific set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM1 then count COUNTER12 set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM1 then next term set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM2 then service-accounting set firewall family inet filter OUTPUT-V4-FILTER-01 term TERM2 then accept set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-address 255.255.255.255/32 set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-port dhcp set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then count RPF-DHCP-V4-TRAFFIC set firewall family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then accept set firewall family inet filter RPF-PASS-DHCP-V4 term DEFAULT then discard set firewall family inet6 filter INPUT-V6-FILTER-01 interface-specific set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM1 then count COUNTER21 set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM1 then next term set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM2 then service-accounting set firewall family inet6 filter INPUT-V6-FILTER-01 term TERM2 then accept set firewall family inet6 filter OUTPUT-V6-FILTER-01 interface-specific set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then count COUNTER22 set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then next term set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then service-accounting set firewall family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then accept set firewall family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP from destination-port dhcp set firewall family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then count RPF-DHCP-V6-TRAFFIC set firewall family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then accept set firewall family inet6 filter RPF-PASS-DHCP-V6 term DEFAULT then discard set access radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA set access radius-server 9.0.0.9 timeout 20 set access radius-server 9.0.0.9 retry 5 set access radius-server 9.0.0.9 max-outstanding-requests 1000 set access radius-server 9.0.0.9 source-address 103.0.0.1 set access domain-name-server-inet 9.0.0.100 set access domain-name-server-inet 9.0.0.101 set access domain-name-server-inet6 2000:abcd::9.0.0.100 set access domain-name-server-inet6 2000:abcd::9.0.0.101 set access profile Access-Profile-0 authentication-order radius set access profile Access-Profile-0 radius authentication-server 9.0.0.9 set access profile Access-Profile-0 radius accounting-server 9.0.0.9 set access profile Access-Profile-0 radius options nas-identifier R3-BNG1 set access profile Access-Profile-0 accounting order radius set access profile Access-Profile-0 accounting accounting-stop-on-failure set access profile Access-Profile-0 accounting accounting-stop-on-access-deny set access profile Access-Profile-0 accounting update-interval 10 set access profile Access-Profile-0 accounting statistics volume-time set access address-assignment pool v4-pool-0 family inet network 103.0.0.0/8 set access address-assignment pool v4-pool-0 family inet range v4-range-0 low 103.16.0.1 set access address-assignment pool v4-pool-0 family inet range v4-range-0 high 103.31.255.255 set access address-assignment pool v4-pool-0 family inet dhcp-attributes maximum-lease-time 99999 set access address-assignment pool v6-na-pool-0 family inet6 prefix 1003:0000:0000:0000:0000:0000:0000:0000/64 set access address-assignment pool v6-na-pool-0 family inet6 range v6-range-0 low 1003::2/128 set access address-assignment pool v6-na-pool-0 family inet6 range v6-range-0 low 1003::ffff:ffff/128 set access address-protection
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide for Junos OS.
To configure the R3 BNG router:
Enable dynamic profiles to use multiple versions.
You can create new versions of dynamic profiles that are currently in use by subscribers. Any subscriber that logs in following a dynamic profile modification uses the latest version of the dynamic profile. Subscribers that are already active continue to use the older version of the dynamic profile until they log out or their session terminates.
Note:You must enable or disable dynamic profile version creation before creating or using any dynamic profiles on the router. Enabling or disabling dynamic profile version creation after dynamic profiles are configured is not supported.
[edit system] user@host-R3# set dynamic-profile-options versioning
Create the client profile interfaces.
[edit dynamic-profiles] user@host-R3# set client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet unnumbered-address lo0.0 user@host-R3#set client-profile interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 unnumbered-address lo0.0
Configure the dynamic PPPoE client profile.
To enable the router to create a dynamic PPPoE subscriber interface on a PPPoE underlying interface, define the attributes of the PPPoE logical interface in a dynamic profile, and then configure the underlying interface to use the dynamic profile.
[edit dynamic-profiles] user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" no-traps user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" keepalives interval 30 user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0 user@host-R3# set pppoe-client-profile interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0
Configure the CoS forwarding classes and map them to queues.
[edit class-of-service] user@host-R3# set forwarding-classes queue 0 FC0 user@host-R3# set forwarding-classes queue 1 FC1 user@host-R3# set forwarding-classes queue 2 FC2 user@host-R3# set forwarding-classes queue 3 FC3 user@host-R3# set forwarding-classes queue 4 FC4 user@host-R3# set forwarding-classes queue 5 FC5 user@host-R3# set forwarding-classes queue 6 FC6 user@host-R3# set forwarding-classes queue 7 FC7
Configure the dynamic VLAN profiles.
Create dynamic VLAN profiles, including defaults for predefined variables, dynamic physical interfaces, and CoS parameters.
Configure defaults for the predefined variables.
[edit dynamic-profiles] user@host-R3# set vlan-prof-0 predefined-variable-defaults cos-scheduler-map SMAP_PS user@host-R3# set vlan-prof-0 predefined-variable-defaults cos-shaping-rate 60m user@host-R3# set vlan-prof-0 predefined-variable-defaults cos-guaranteed-rate 50m
Configure the dynamic physical interfaces.
[edit dynamic-profiles] user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-traps user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id" user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id" user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet rpf-check fail-filter RPF-PASS-DHCP-V4 user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address lo0.0 user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 rpf-check fail-filter RPF-PASS-DHCP-V6 user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0 user@host-R3# set vlan-prof-0 interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-client-profile
Configure router advertisement.
[edit dynamic-profiles] user@host-R3# set vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” max-advertisement-interval 1800 user@host-R3# set vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” min-advertisement-interval 1350 user@host-R3# set vlan-prof-0 protocols router-advertisement interface “$junos-interface-name” managed-configuration
Configure the CoS traffic control profiles.
[edit dynamic-profiles] user@host-R3# set vlan-prof-0 class-of-service traffic-control-profiles TCP_PS scheduler-map "$junos-cos-scheduler-map" user@host-R3# set vlan-prof-0 class-of-service traffic-control-profiles TCP_PS shaping-rate "$junos-cos-shaping-rate" user@host-R3# set vlan-prof-0 class-of-service traffic-control-profiles TCP_PS guaranteed-rate "$junos-cos-guaranteed-rate" user@host-R3# set vlan-prof-0 class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile TCP_PS
Configure the CoS scheduler maps.
[edit dynamic-profiles] user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC0 scheduler FC0_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC1 scheduler FC1_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC2 scheduler FC2_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC3 scheduler FC3_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC4 scheduler FC4_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC5 scheduler FC5_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC6 scheduler FC6_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_ALL forwarding-class FC7 scheduler FC7_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0 forwarding-class FC0 scheduler FC0_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC1 forwarding-class FC1 scheduler FC1_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC0 scheduler FC0_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1 forwarding-class FC1 scheduler FC1_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC0 scheduler FC0_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC0 scheduler FC0_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC1 scheduler FC1_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_FC0_FC1_FC2 forwarding-class FC2 scheduler FC2_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC0 scheduler FC0_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC1 scheduler FC1_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC2 scheduler FC2_SCH user@host-R3# set vlan-prof-0 class-of-service scheduler-maps SMAP_PS forwarding-class FC3 scheduler FC3_SCH
Configure the CoS schedulers.
[edit dynamic-profiles] user@host-R3# set vlan-prof-0 class-of-service schedulers FC0_SCH transmit-rate 128k user@host-R3# set vlan-prof-0 class-of-service schedulers FC0_SCH priority strict-high user@host-R3# set vlan-prof-0 class-of-service schedulers FC1_SCH transmit-rate 20m user@host-R3# set vlan-prof-0 class-of-service schedulers FC1_SCH priority medium-high user@host-R3# set vlan-prof-0 class-of-service schedulers FC2_SCH priority low user@host-R3# set vlan-prof-0 class-of-service schedulers FC3_SCH priority low user@host-R3# set vlan-prof-0 class-of-service schedulers FC4_SCH transmit-rate 2m user@host-R3# set vlan-prof-0 class-of-service schedulers FC4_SCH buffer-size percent 2 user@host-R3# set vlan-prof-0 class-of-service schedulers FC4_SCH priority low user@host-R3# set vlan-prof-0 class-of-service schedulers FC4_SCH drop-profile-map loss-priority low protocol any drop-profile DP_04 user@host-R3# set vlan-prof-0 class-of-service schedulers FC5_SCH transmit-rate 2m user@host-R3# set vlan-prof-0 class-of-service schedulers FC5_SCH buffer-size percent 2 user@host-R3# set vlan-prof-0 class-of-service schedulers FC5_SCH priority low user@host-R3# set vlan-prof-0 class-of-service schedulers FC5_SCH drop-profile-map loss-priority low protocol any drop-profile DP_05 user@host-R3# set vlan-prof-0 class-of-service schedulers FC6_SCH transmit-rate 2m user@host-R3# set vlan-prof-0 class-of-service schedulers FC6_SCH buffer-size percent 2 user@host-R3# set vlan-prof-0 class-of-service schedulers FC6_SCH priority low user@host-R3# set vlan-prof-0 class-of-service schedulers FC6_SCH drop-profile-map loss-priority low protocol any drop-profile DP_06 user@host-R3# set vlan-prof-0 class-of-service schedulers FC7_SCH transmit-rate 2m user@host-R3# set vlan-prof-0 class-of-service schedulers FC7_SCH buffer-size percent 2 user@host-R3# set vlan-prof-0 class-of-service schedulers FC7_SCH priority low user@host-R3# set vlan-prof-0 class-of-service schedulers FC7_SCH drop-profile-map loss-priority low protocol any drop-profile DP_07
Create DHCP service profiles.
Set the service profile variables.
[edit dynamic-profiles] user@host-R3# set DHCP-SERVICE-PROFILE variables I_V4_FILTER user@host-R3# set DHCP-SERVICE-PROFILE variables O_V4_FILTER user@host-R3# set DHCP-SERVICE-PROFILE variables I_V6_FILTER user@host-R3# set DHCP-SERVICE-PROFILE variables O_V6_FILTER
Create the dynamic interfaces for the DHCP service profiles and associate the filters.
[edit dynamic-profiles] user@host-R3# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter input "$I_V4_FILTER" user@host-R3# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet filter output "$O_V4_FILTER" user@host-R3# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter input "$I_V6_FILTER" user@host-R3# set DHCP-SERVICE-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-underlying-interface-unit" family inet6 filter output "$O_V6_FILTER"
Create the PPPoE service profiles.
Set the PPPoE service profile variables.
[edit dynamic-profiles] user@host-R3# set PPPOE-SERVICE-PROFILE variables I_V4_FILTER user@host-R3# set PPPOE-SERVICE-PROFILE variables O_V4_FILTER user@host-R3# set PPPOE-SERVICE-PROFILE variables I_V6_FILTER user@host-R3# set PPPOE-SERVICE-PROFILE variables O_V6_FILTER
Create the dynamic interfaces for the PPPoE service profiles and associate the filters.
[edit dynamic-profiles] user@host-R3# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter input "$I_V4_FILTER" user@host-R3# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet filter output "$O_V4_FILTER" user@host-R3# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter input "$I_V6_FILTER" user@host-R3# set PPPOE-SERVICE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 filter output "$O_V6_FILTER"
Configure DHCP.
Unlike traditional broadband service configuration that is tied to physical interfaces such as gigabit Ethernet or aggregated Ethernet, this solution configuration relies on pseudowire interfaces and virtual Ethernet ports for broadband subscriber termination.
All dynamically created VLANs over pseudowire interfaces in this solution configuration are allowed to process DHCP messages coming in through MPLS pseudowire subscriber tunnels and arriving at pseudowire anchor interfaces.
Dual stack PPPoE sessions—enable DHCPv6 for PPPoE sessions.
[edit system] user@host-R3#set services dhcp-local-server dhcpv6 group v6-ppp-client-0 interface pp0.0
DHCPv4 sessions—configure the IPv4 local server group for pseudowire interfaces.
Assign the group a password, a username prefix, and a dynamic profile. Associate pseudowire interfaces with the group. Two pseudowires are shown here. Repeat this step for all pseudowire interfaces.
[edit system] user@host-R3# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication password <password> user@host-R3# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V4_DEFAULT user@host-R3# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 dynamic-profile client-profile user@host-R3# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps0.0 user@host-R3# set services dhcp-local-server group v4-rtClient-0-ACCESS-0-ps0 interface ps1.0
DHCPv6 sessions—configure the IPv6 local server group for pseudowire interfaces.
Assign the group a password, a username prefix, and a dynamic profile. Associate pseudowire interfaces with the group. This enables DHCPv6 subscriber authentication using VLAN over pseudowire subscriber interfaces. Two pseudowires are shown here. Repeat this step for all pseudowire interfaces.
[edit system] user@host-R3# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication password <password> user@host-R3# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 authentication username-include user-prefix SST_USER_DHCP_V6_DEFAULT user@host-R3# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 dynamic-profile client-profile user@host-R3# set services dhcp-local-server dhcpv6 group v6-dhcp-client-0-ACCESS-0-ps0 interface ps0.0 user@host-R3# set services dhcp-local-server dhcpv6 group v6-dhcp-client-1-ACCESS-0-ps1 interface ps1.0
Configure graceful switchover and device count.
Configure the primary Routing Engine to switch over gracefully to the backup Routing Engine without interruption to packet forwarding.
[edit chassis] user@host-R3# set redundancy graceful-switchover
Configure the number of pseudowire logical devices available to the router.
[edit chassis] user@host-R3# set pseudowire-service device-count 2048
Delay removal of access routes and access-internal routes after graceful Routing Engine switchover, and establish a high threshold for resource monitoring.
[edit system] user@host-R3# set services subscriber-management gres-route-flush-delay user@host-R3# set services resource-monitor high-threshold 80
Enable configuration synchronization between Routing Engines.
[edit system] user@host-R3# set commit synchronize
Configure the pseudowire tunnel services at the chassis level.
Configure the amount of bandwidth for tunnel services on flexible PIC concentrators 0 through 3.
One flexible PIC concentrator is shown. Repeat this step for all remaining flexible PIC concentrators.
[edit chassis] user@host-R3# set fpc 0 pic 0 tunnel-services bandwidth 1g user@host-R3# set fpc 0 pic 1 tunnel-services bandwidth 1g user@host-R3# set fpc 0 pic 2 tunnel-services bandwidth 1g user@host-R3# set fpc 0 pic 3 tunnel-services bandwidth 1g
Attach an access profile to all DHCP subscribers.
When a DHCP subscriber logs in, the specified access profile is instantiated and the services defined in the profile are applied to the subscriber.
[edit] user@host-R3# set access-profile Access-Profile-0
Configure the transit links and logical tunnel interfaces.
Configure a loopack interface.
[edit interfaces] user@host-R3# set lo0 unit 0 family inet address 103.0.0.1/32 primary user@host-R3# set lo0 unit 0 family inet address 103.0.0.1/32 preferred user@host-R3# set lo0 unit 0 family inet6 address 1003:0::1/128 primary user@host-R3# set lo0 unit 0 family inet6 address 1003:0::1/128 preferred user@host-R3# set lo0 unit 0 family mpls
Configure the transit links.
[edit interfaces] user@host-R3# set ge-4/0/0 description "To R2 - Core" user@host-R3# set ge-4/0/0 unit 0 family inet address 21.21.40.1/24 user@host-R3# set ge-4/0/0 unit 0 family inet6 user@host-R3# set ge-4/0/0 unit 0 family mpls user@host-R3# set ge-0/0/0 description "To R1 - APE1" user@host-R3# set ge-0/0/0 unit 0 family inet address 21.21.20.2/24 user@host-R3# set ge-0/0/0 unit 0 family mpls user@host-R3# set ge-1/0/0 description "To R1 - APE1" user@host-R3# set ge-1/0/0 unit 0 family inet address 21.21.21.2/24 user@host-R3# set ge-1/0/0 unit 0 family mpls user@host-R3# set ge-2/0/0 description "To R2 - APE2" user@host-R3# set ge-2/0/0 unit 0 family inet address 21.21.30.2/24 user@host-R3# set ge-2/0/0 unit 0 family mpls user@host-R3# set ge-3/0/0 description "To R2 - APE2" user@host-R3# set ge-3/0/0 unit 0 family inet address 21.21.31.2/24 user@host-R3# set ge-3/0/0 unit 0 family mpls
Configure the LT interfaces that correspond to the transit links.
[edit interfaces] user@host-R3# set lt-0/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-0/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-0/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-0/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-1/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-1/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-1/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-1/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-2/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-2/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-2/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-2/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-3/0/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-3/1/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-3/2/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy user@host-R3# set lt-3/3/10 hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy
Configure the PS interfaces and VLAN authentication.
Subscriber management supports the creation of subscriber interfaces over point-to-point MPLS pseudowires. The pseudowire subscriber interface capability enables service providers to extend an MPLS domain from the access-aggregation network to the service edge, where subscriber management is performed. Service providers can take advantage of MPLS capabilities such as failover, rerouting, and uniform MPLS label provisioning, while using a single pseudowire to service a large number of DHCP and PPPoE subscribers in the service network.
The pseudowire is a tunnel that is either an MPLS-based L2 VPN or L2 circuit. The pseudowire tunnel transports Ethernet encapsulated traffic from an access node (for example, a DSLAM or other aggregation device) to the MX Series router that hosts the subscriber management services. The termination of the pseudowire tunnel on the MX Series router is similar to a physical Ethernet termination, and is the point at which subscriber management functions are performed. A service provider can configure multiple pseudowires on a per-DSLAM basis and then provision support for a large number of subscribers on a specific pseudowire.
At the access node end of the pseudowire, the subscriber traffic can be groomed into the pseudowire in a variety of ways, limited only by the number and types of interfaces that can be stacked on the pseudowire. Specify an anchor point, which identifies the logical tunnel interface that terminates the pseudowire tunnel at the access node.
Configure the PS interfaces and VLAN authentication.
One pseudowire is shown. Repeat this step for all remaining pseudowires.
[edit interfaces] user@host-R3# set ps0 anchor-point lt-0/0/10 user@host-R3# set ps0 flexible-vlan-tagging user@host-R3# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet user@host-R3# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept inet6 user@host-R3# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 accept pppoe user@host-R3# set ps0 auto-configure stacked-vlan-ranges dynamic-profile vlan-prof-0 ranges 1-256,1-4094 user@host-R3# set ps0 auto-configure stacked-vlan-ranges authentication password <password> user@host-R3# set ps0 auto-configure stacked-vlan-ranges authentication username-include user-prefix SST_USER_VLAN_DEFAULT user@host-R3# set ps0 auto-configure remove-when-no-subscribers user@host-R3# set ps0 no-gratuitous-arp-request user@host-R3# set ps0 unit 0 encapsulation ethernet-ccc
Configure the routing options.
[edit routing-options] user@host-R3# set ppm redistribution-timer 1 user@host-R3# set nonstop-routing user@host-R3# set nsr-phantom-holdtime 1 user@host-R3# set router-id 103.0.0.1 user@host-R3# set forwarding-table remnant-holdtime 100
Configure the L2 circuit connections.
Configuration for one pseudoservices interface (ps0.0) is shown. Repeat this step for ps1.0 through ps2047.0.
[edit protocols] user@host-R3# set l2circuit neighbor 101.0.0.1 interface ps0.0 virtual-circuit-id 1 user@host-R3# set l2circuit neighbor 101.0.0.1 interface ps0.0 ignore-mtu-mismatch user@host-R3# set l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection minimum-interval 1000 user@host-R3# set l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection multiplier 4 user@host-R3# set l2circuit neighbor 101.0.0.1 interface ps0.0 oam bfd-liveness-detection detection-time threshold 5000
Configure the routing protocols.
This configuration example utilizes MPLS, OSPF, OSPFv3, and LDP on the BNG routers.
Configure MPLS.
[edit protocols] user@host-R3# set mpls ipv6-tunneling user@host-R3# set mpls interface lo0.0 user@host-R3# set mpls interface ge-0/0/0.0 user@host-R3# set mpls interface ge-1/0/0.0 user@host-R3# set mpls interface ge-2/0/0.0 user@host-R3# set mpls interface ge-3/0/0.0 user@host-R3# set mpls interface ge-4/0/0.0
Configure OSPF and OSPFv3.
[edit protocols] user@host-R3# set ospf export EXPORT_BNG_ACCESS_INTERNAL user@host-R3# set ospf area 0.0.0.0 interface lo0.0 user@host-R3# set ospf area 0.0.0.0 interface ge-0/0/0.0 user@host-R3# set ospf area 0.0.0.0 interface ge-1/0/0.0 user@host-R3# set ospf area 0.0.0.0 interface ge-2/0/0.0 user@host-R3# set ospf area 0.0.0.0 interface ge-3/0/0.0 user@host-R3# set ospf area 0.0.0.0 interface ge-4/0/0.0 user@host-R3# set ospf3 export EXPORT_BNG_ACCESS_INTERNAL user@host-R3# set ospf3 area 0.0.0.0 interface lo0.0 user@host-R3# set ospf3 area 0.0.0.0 interface ge-4/0/0.0
Configure LDP.
[edit protocols] user@host-R3# set ldp interface lo0.0 user@host-R3# set ldp interface ge-0/0/0.0 user@host-R3# set ldp interface ge-1/0/0.0 user@host-R3# set ldp interface ge-2/0/0.0 user@host-R3# set ldp interface ge-3/0/0.0 user@host-R3# set ldp interface ge-4/0/0.0
Configure the routing policy.
[edit policy-options] user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from family inet user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from route-filter 100.0.0.0/8 orlonger user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 from route-filter 103.0.0.0/8 orlonger user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 1 then accept user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from family inet6 user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from route-filter 1000:0000:0000:0000:0000:0000:0000:0000/64 orlonger user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 from route-filter 1003:0000:0000:0000:0000:0000:0000:0000/64 orlonger user@host-R3# set policy-statement EXPORT_BNG_ACCESS_INTERNAL term 2 then accept
Configure the firewall filters.
Configure the input, output, and RPF DHCP filters for IPv4.
[edit firewall] user@host-R3# set family inet filter INPUT-V4-FILTER-01 interface-specific user@host-R3# set family inet filter INPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 user@host-R3# set family inet filter INPUT-V4-FILTER-01 term TERM1 then count COUNTER11 user@host-R3# set family inet filter INPUT-V4-FILTER-01 term TERM1 then next term user@host-R3# set family inet filter INPUT-V4-FILTER-01 term TERM2 then service-accounting user@host-R3# set family inet filter INPUT-V4-FILTER-01 term TERM2 then accept user@host-R3# set family inet filter OUTPUT-V4-FILTER-01 interface-specific user@host-R3# set family inet filter OUTPUT-V4-FILTER-01 term TERM1 from packet-length-except 64 user@host-R3# set family inet filter OUTPUT-V4-FILTER-01 term TERM1 then count COUNTER12 user@host-R3# set family inet filter OUTPUT-V4-FILTER-01 term TERM1 then next term user@host-R3# set family inet filter OUTPUT-V4-FILTER-01 term TERM2 then service-accounting user@host-R3# set family inet filter OUTPUT-V4-FILTER-01 term TERM2 then accept user@host-R3# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-address 255.255.255.255/32 user@host-R3# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP from destination-port dhcp user@host-R3# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then count RPF-DHCP-V4-TRAFFIC user@host-R3# set family inet filter RPF-PASS-DHCP-V4 term ALLOW-DHCP then accept user@host-R3# set family inet filter RPF-PASS-DHCP-V4 term DEFAULT then discard
Configure the input, output, and RPF DHCP filters for IPv6.
[edit firewall] user@host-R3# set family inet6 filter INPUT-V6-FILTER-01 interface-specific user@host-R3# set family inet6 filter INPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 user@host-R3# set family inet6 filter INPUT-V6-FILTER-01 term TERM1 then count COUNTER21 user@host-R3# set family inet6 filter INPUT-V6-FILTER-01 term TERM1 then next term user@host-R3# set family inet6 filter INPUT-V6-FILTER-01 term TERM2 then service-accounting user@host-R3# set family inet6 filter INPUT-V6-FILTER-01 term TERM2 then accept user@host-R3# set family inet6 filter OUTPUT-V6-FILTER-01 interface-specific user@host-R3# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 from packet-length-except 64 user@host-R3# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then count COUNTER22 user@host-R3# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM1 then next term user@host-R3# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then service-accounting user@host-R3# set family inet6 filter OUTPUT-V6-FILTER-01 term TERM2 then accept user@host-R3# set family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP from destination-port dhcp user@host-R3# set family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then count RPF-DHCP-V6-TRAFFIC user@host-R3# set family inet6 filter RPF-PASS-DHCP-V6 term ALLOW-DHCP then accept user@host-R3# set family inet6 filter RPF-PASS-DHCP-V6 term DEFAULT then discard
Configure the RADIUS server and DNS access.
[edit access] user@host-R3# set radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA user@host-R3# set radius-server 9.0.0.9 timeout 20 user@host-R3# set radius-server 9.0.0.9 retry 5 user@host-R3# set radius-server 9.0.0.9 max-outstanding-requests 1000 user@host-R3# set radius-server 9.0.0.9 source-address 103.0.0.1 user@host-R3# set domain-name-server-inet 9.0.0.100 user@host-R3# set domain-name-server-inet 9.0.0.101 user@host-R3# set domain-name-server-inet6 2000:abcd::9.0.0.100 user@host-R3# set domain-name-server-inet6 2000:abcd::9.0.0.101
Configure the access profiles for RADIUS authentication and accounting.
[edit access] user@host-R3# set profile Access-Profile-0 authentication-order radius user@host-R3# set profile Access-Profile-0 radius authentication-server 9.0.0.9 user@host-R3# set profile Access-Profile-0 radius accounting-server 9.0.0.9 user@host-R3# set profile Access-Profile-0 radius options nas-identifier R3-BNG1 user@host-R3# set profile Access-Profile-0 accounting order radius user@host-R3# set profile Access-Profile-0 accounting accounting-stop-on-failure user@host-R3# set profile Access-Profile-0 accounting accounting-stop-on-access-deny user@host-R3# set profile Access-Profile-0 accounting update-interval 10 user@host-R3# set profile Access-Profile-0 accounting statistics volume-time
Configure the IPv4 and IPv6 address assignment pools.
Configure the IPv4 address pools.
[edit access] user@host-R3# set address-assignment pool v4-pool-0 family inet network 103.0.0.0/8 user@host-R3# set address-assignment pool v4-pool-0 family inet range v4-range-0 low 103.16.0.1 user@host-R3# set address-assignment pool v4-pool-0 family inet range v4-range-0 high 103.31.255.255 user@host-R3# set address-assignment pool v4-pool-0 family inet dhcp-attributes maximum-lease-time 99999
Configure the IPv6 address pools.
[edit access] user@host-R3# set address-assignment pool v6-na-pool-0 family inet6 prefix 1003:0000:0000:0000:0000:0000:0000:0000/64 user@host-R3# set address-assignment pool v6-na-pool-0 family inet6 range v6-range-0 low 1003::2/128 user@host-R3# set address-assignment pool v6-na-pool-0 family inet6 range v6-range-0 low 1003::ffff:ffff/128
Configure address protection.
[edit access] user@host-R3# set address-protection
Results
From configuration mode, confirm your configuration
by entering the following show
commands:
Confirm the dynamic profile version creation configuration.
user@host-R3# show system dynamic-profile-options versioning;
Confirm the client profile interface configuration.
user@host-R3# show dynamic-profiles client-profile interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet { unnumbered-address lo0.0; } family inet6 { unnumbered-address lo0.0; } } } }
Confirm the dynamic PPPoE client profile configuration.
user@host-R3# show dynamic-profiles pppoe-client-profile interfaces { pp0 { unit "$junos-interface-unit" { no-traps; ppp-options { chap; pap; } pppoe-options { underlying-interface "$junos-underlying-interface"; server; } keepalives interval 30; family inet { unnumbered-address lo0.0; } family inet6 { unnumbered-address lo0.0; } } } }
Confirm the CoS forwarding class queue configuration.
user@host-R3# show class-of-service forwarding-classes queue 0 FC0; queue 1 FC1; queue 2 FC2; queue 3 FC3; queue 4 FC4; queue 5 FC5; queue 6 FC6; queue 7 FC7;
Confirm the dynamic VLAN profile configuration.
user@host-R3# show dynamic-profiles vlan-prof-0 predefined-variable-defaults { cos-scheduler-map SMAP_PS; cos-shaping-rate 60m; cos-guaranteed-rate 50m; } interfaces { "$junos-interface-ifd-name" { unit "$junos-interface-unit" { no-traps; vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id"; family inet { rpf-check fail-filter RPF-PASS-DHCP-V4; unnumbered-address lo0.0; } family inet6 { rpf-check fail-filter RPF-PASS-DHCP-V6; unnumbered-address lo0.0; } family pppoe { dynamic-profile pppoe-client-profile; } } } } protocols { router-advertisement { interface "$junos-interface-name" { max-advertisement-interval 1800; min-advertisement-interval 1350; managed-configuration; } } } class-of-service { traffic-control-profiles { TCP_PS { scheduler-map "$junos-cos-scheduler-map"; shaping-rate "$junos-cos-shaping-rate"; guaranteed-rate "$junos-cos-guaranteed-rate"; } } interfaces { "$junos-interface-ifd-name" { unit "$junos-interface-unit" { output-traffic-control-profile TCP_PS; } } } scheduler-maps { SMAP_ALL { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; forwarding-class FC3 scheduler FC3_SCH; forwarding-class FC4 scheduler FC4_SCH; forwarding-class FC5 scheduler FC5_SCH; forwarding-class FC6 scheduler FC6_SCH; forwarding-class FC7 scheduler FC7_SCH; } SMAP_FC0 { forwarding-class FC0 scheduler FC0_SCH; } SMAP_FC1 { forwarding-class FC1 scheduler FC1_SCH; } SMAP_FC2 { forwarding-class FC2 scheduler FC2_SCH; } SMAP_FC0_FC1 { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; } SMAP_FC1_FC2 { forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; } SMAP_FC0_FC2 { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC2 scheduler FC2_SCH; } SMAP_FC0_FC1_FC2 { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; } SMAP_PS { forwarding-class FC0 scheduler FC0_SCH; forwarding-class FC1 scheduler FC1_SCH; forwarding-class FC2 scheduler FC2_SCH; forwarding-class FC3 scheduler FC3_SCH; } } schedulers { FC0_SCH { transmit-rate 128k; priority strict-high; } FC1_SCH { transmit-rate 20m; priority medium-high; } FC2_SCH { priority low; } FC3_SCH { priority low; } FC4_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_04; } FC5_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_05; } FC6_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_06; } FC7_SCH { transmit-rate 2m; buffer-size percent 2; priority low; drop-profile-map loss-priority low protocol any drop-profile DP_07; } } }
Confirm the DHCP service profile configuration.
user@host-R3# show dynamic-profiles DHCP-SERVICE-PROFILE variables { I_V4_FILTER; O_V4_FILTER; I_V6_FILTER; O_V6_FILTER; } interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet { filter { input "$I_V4_FILTER"; output "$O_V4_FILTER"; } } family inet6 { filter { input "$I_V6_FILTER"; output "$O_V6_FILTER"; } } } } }
Confirm the PPPoE service profile configuration.
user@host-R3# show dynamic-profiles PPPOE-SERVICE-PROFILE variables { I_V4_FILTER; O_V4_FILTER; I_V6_FILTER; O_V6_FILTER; } interfaces { pp0 { unit "$junos-interface-unit" { family inet { filter { input "$I_V4_FILTER"; output "$O_V4_FILTER"; } } family inet6 { filter { input "$I_V6_FILTER"; output "$O_V6_FILTER"; } } } } }
Confirm the DHCP local server configuration.
user@host-R3# show system services dhcp-local-server dhcpv6 { group v6-ppp-client-0 { interface pp0.0; } group v4-rtClient-0-ACCESS-0-ps0 { authentication { password <password>; username-include { user-prefix SST_USER_DHCP_V4_DEFAULT; } } dynamic-profile client-profile; interface ps0.0; interface ps1.0; } group v6-dhcp-client-0-ACCESS-0-ps0 { authentication { password <password>; username-include { user-prefix SST_USER_DHCP_V6_DEFAULT; } } dynamic-profile client-profile; interface ps0.0; interface ps1.0; } }
Confirm the graceful switchover and device count configuration.
user@host-R3# show chassis redundancy graceful-switchover; user@host-R3# show chassis pseudowire-service device-count 2048 {
Confirm the pseudowire tunnel service configuration.
user@host-R3# show chassis fpc 0 pic 0 { tunnel-services { bandwidth 1g; } } pic 1 { tunnel-services { bandwidth 1g; } } pic 2 { tunnel-services { bandwidth 1g; } } pic 3 { tunnel-services { bandwidth 1g; } }
Confirm the transit link and logical tunnel interface configuration.
user@host-R3# show interfaces lo0 { unit 0 { family inet { address 103.0.0.1/32 { primary; preferred; } } family inet6 { address 1003:0::1/128 { primary; preferred; } } family mpls; } } ge-4/0/0 { description "To R2 - Core"; unit 0 { family inet { address 21.21.40.1/24; } family inet6; family mpls; } } ge-0/0/0 { description "To R1 - APE1"; unit 0 { family inet { address 21.21.20.2/24; } family mpls; } } ge-1/0/0 { description "To R1 - APE1"; unit 0 { family inet { address 21.21.21.2/24; } family mpls; } } ge-2/0/0 { description "To R2 - APE2"; unit 0 { family inet { address 21.21.30.2/24; } family mpls; } } ge-3/0/0 { description "To R2 - APE2"; unit 0 { family inet { address 21.21.31.2/24; } family mpls; } } lt-0/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-0/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-0/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-0/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-1/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-2/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/0/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/1/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/2/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; } lt-3/3/10 { hierarchical-scheduler maximum-hierarchy-levels 2 implicit-hierarchy; }
Confirm the PS interface and VLAN authentication configuration.
user@host-R3# show interfaces ps0 anchor-point { lt-0/0/10; } flexible-vlan-tagging; auto-configure { stacked-vlan-ranges { dynamic-profile vlan-prof-0 { accept [ inet inet6 pppoe ]; ranges { 1-256,1-4094; } } authentication { password <password>; username-include { user-prefix SST_USER_VLAN_DEFAULT; } } } remove-when-no-subscribers; } no-gratuitous-arp-request; unit 0 { encapsulation ethernet-ccc; } user@host-R3# show routing-options ppm { redistribution-timer 1; } nonstop-routing; nsr-phantom-holdtime 1; router-id 103.0.0.1; forwarding-table { remnant-holdtime 100; }
Confirm the L2 circuit connections.
user@host-R3# show protocols l2circuit neighbor 101.0.0.1 interface ps0.0 virtual-circuit-id 1; ignore-mtu-mismatch; oam { bfd-liveness-detection { minimum-interval 1000; multiplier 4; detection-time { threshold 5000; } } }
Confirm the routing protocol configuration.
user@host-R3# show protocols mpls { ipv6-tunneling; interface lo0.0; interface ge-0/0/0.0; interface ge-1/0/0.0; interface ge-2/0/0.0; interface ge-3/0/0.0; interface ge-4/0/0.0; } ospf { export EXPORT_BNG_ACCESS_INTERNAL; area 0.0.0.0 { interface lo0.0; interface ge-0/0/0.0; interface ge-1/0/0.0; interface ge-2/0/0.0; interface ge-3/0/0.0; interface ge-4/0/0.0; } } ospf3 { export EXPORT_BNG_ACCESS_INTERNAL; area 0.0.0.0 { interface lo0.0; interface ge-4/0/0.0; } } ldp { interface lo0.0; interface ge-0/0/0.0; interface ge-1/0/0.0; interface ge-2/0/0.0; interface ge-3/0/0.0; interface ge-4/0/0.0; }
Confirm the policy statement configuration.
user@host-R3# show policy-options policy-statement EXPORT_BNG_ACCESS_INTERNAL { term 1 { from { family inet; route-filter 100.0.0.0/8 orlonger; route-filter 103.0.0.0/8 orlonger; } then accept; } term 2 { from { family inet6; route-filter 1000:0000:0000:0000:0000:0000:0000:0000/64 orlonger; route-filter 1003:0000:0000:0000:0000:0000:0000:0000/64 orlonger; } then accept; } }
Confirm the firewall settings configuration.
user@host-R3# show firewall family inet { filter INPUT-V4-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER11; next term; } } term TERM2 { then { service-accounting; accept; } } } filter OUTPUT-V4-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER12; next term; } } term TERM2 { then { service-accounting; accept; } } } filter RPF-PASS-DHCP-V4 { term ALLOW-DHCP { from { destination-address { 255.255.255.255/32; } destination-port dhcp; } then { count RPF-DHCP-V4-TRAFFIC; accept; } } term DEFAULT { then { discard; } } } } family inet6 { filter INPUT-V6-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER21; next term; } } term TERM2 { then { service-accounting; accept; } } } filter OUTPUT-V6-FILTER-01 { interface-specific; term TERM1 { from { packet-length-except 64; } then { count COUNTER22; next term; } } term TERM2 { then { service-accounting; accept; } } } filter RPF-PASS-DHCP-V6 { term ALLOW-DHCP { from { destination-port dhcp; } then { count RPF-DHCP-V6-TRAFFIC; accept; } } term DEFAULT { then discard; } } }
Confirm the RADIUS server and DNS access configuration.
user@host-R3# show access radius-server 9.0.0.9 { secret "$ABC123"; ## SECRET-DATA timeout 20; retry 5; max-outstanding-requests 1000; source-address 103.0.0.1; } user@host-R3# show access domain-name-server-inet 9.0.0.100; 9.0.0.101; user@host-R3# show access domain-name-server-inet6 2000:abcd::9.0.0.100; 2000:abcd::9.0.0.101;
Confirm the access profile configuration.
user@host-R3# show access profile Access-Profile-0 authentication-order radius; radius { authentication-server 9.0.0.9; accounting-server 9.0.0.9; options { nas-identifier R3-BNG1; } } accounting { order radius; accounting-stop-on-failure; accounting-stop-on-access-deny; update-interval 10; statistics volume-time; }
Confirm the address assignment pool configuration.
user@host-R3# show access address-assignment pool v4-pool-0 { family inet { network 103.0.0.0/8; range v4-range-0 { low 103.16.0.1; high 103.31.255.255; } dhcp-attributes { maximum-lease-time 99999; } } } pool v6-na-pool-0 { family inet6 { prefix 1003:0000:0000:0000:0000:0000:0000:0000/64; range v6-range-0 { low 1003::2/128; high 1003::ffff:ffff/128; } } } user@host-R3# show access address-protection address-protection;
Configuring the Core Router, R4
CLI Quick Configuration
Figure 5 highlights the core router (R4) in the context of the reference example topology.
To quickly configure this example, copy the following commands,
paste them into a text file, remove any line breaks, change any details
necessary to match your network configuration, and then copy and paste
the commands into the CLI at the [edit]
hierarchy level.
set interfaces lo0 unit 0 family inet address 104.0.0.1/32 primary set interfaces lo0 unit 0 family inet address 104.0.0.1/32 preferred set interfaces lo0 unit 0 family inet6 address 1004:0::1/128 primary set interfaces lo0 unit 0 family inet6 address 1004:0::1/128 preferred set interfaces ge-0/0/2 unit 0 family inet address 21.21.14.2/24 set interfaces ge-0/0/2 unit 0 family inet6 set interfaces ge-0/0/2 unit 0 family mpls set interfaces ge-0/0/3 unit 0 family inet address 21.21.15.2/24 set interfaces ge-0/0/3 unit 0 family inet6 set interfaces ge-0/0/3 unit 0 family mpls set interfaces ge-0/0/4 unit 0 family inet address 21.21.40.2/24 set interfaces ge-0/0/4 unit 0 family inet6 set interfaces ge-0/0/4 unit 0 family mpls set interfaces ge-0/1/3 unit 0 family inet address 21.21.50.1/24 set interfaces ge-0/1/3 unit 0 family inet6 set interfaces ge-0/1/3 unit 0 family mpls set interfaces ge-0/1/4 unit 0 family inet address 21.21.51.1/24 set interfaces ge-0/1/4 unit 0 family inet6 set interfaces ge-0/1/4 unit 0 family mpls set interfaces ge-0/1/7 unit 0 family inet address 9.0.0.1/24 set interfaces ge-0/1/7 unit 0 family inet6 set interfaces ge-0/1/7 unit 0 family mpls set routing-options router-id 104.0.0.1 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 set protocols ospf area 0.0.0.0 interface ge-0/0/4.0 set protocols ospf area 0.0.0.0 interface ge-0/1/3.0 set protocols ospf area 0.0.0.0 interface ge-0/1/4.0 set protocols ospf area 0.0.0.0 interface ge-0/1/7.0 passive set protocols ospf3 area 0.0.0.0 interface lo0.0 set protocols ospf3 area 0.0.0.0 interface ge-0/0/2.0 set protocols ospf3 area 0.0.0.0 interface ge-0/0/3.0 set protocols ospf3 area 0.0.0.0 interface ge-0/0/4.0 set protocols ospf3 area 0.0.0.0 interface ge-0/1/3.0 set protocols ospf3 area 0.0.0.0 interface ge-0/1/4.0 set protocols mpls ipv6-tunneling set protocols mpls interface lo0.0 set protocols mpls interface ge-0/0/2.0 set protocols mpls interface ge-0/0/3.0 set protocols mpls interface ge-0/0/4.0 set protocols mpls interface ge-0/1/3.0 set protocols mpls interface ge-0/1/4.0 set protocols ldp interface lo0.0 set protocols ldp interface ge-0/0/2.0 set protocols ldp interface ge-0/0/3.0 set protocols ldp interface ge-0/0/4.0 set protocols ldp interface ge-0/1/3.0 set protocols ldp interface ge-0/1/4.0
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide for Junos OS.
To configure Device R4:
Configure the interfaces.
The loopback and BNG-facing interfaces support both IPv4 (inet) and IPv6 (inet6) address families for a dual stack routing environment. The LNS-facing interfaces do not include IPv6 family addressing because IPv6 traffic is overlaid over the L2TP tunnel that has only IPv4 source and destination.
Configure the loopback interface.
[edit interfaces] user@host-R4# set lo0 unit 0 family inet address 104.0.0.1/32 primary user@host-R4# set lo0 unit 0 family inet address 104.0.0.1/32 preferred user@host-R4# set lo0 unit 0 family inet6 address 1004:0::1/128 primary user@host-R4# set lo0 unit 0 family inet6 address 1004:0::1/128 preferred
Configure BNG-facing interfaces for both the active and backup BNG devices.
The configured ports for each BNG device pass traffic between the core network and the active BNG device.
[edit interfaces] user@host-R4# set ge-0/0/2 unit 0 family inet address 21.21.14.2/24 user@host-R4# set ge-0/0/2 unit 0 family inet6 user@host-R4# set ge-0/0/2 unit 0 family mpls user@host-R4# set ge-0/0/3 unit 0 family inet address 21.21.15.2/24 user@host-R4# set ge-0/0/3 unit 0 family inet6 user@host-R4# set ge-0/0/3 unit 0 family mpls user@host-R4# set ge-0/0/4 unit 0 family inet address 21.21.40.2/24 user@host-R4# set ge-0/0/4 unit 0 family inet6 user@host-R4# set ge-0/0/4 unit 0 family mpls user@host-R4# set ge-0/1/3 unit 0 family inet address 21.21.50.1/24 user@host-R4# set ge-0/1/3 unit 0 family inet6 user@host-R4# set ge-0/1/3 unit 0 family mpls user@host-R4# set ge-0/1/4 unit 0 family inet address 21.21.51.1/24 user@host-R4# set ge-0/1/4 unit 0 family inet6 user@host-R4# set ge-0/1/4 unit 0 family mpls user@host-R4# set ge-0/1/7 unit 0 family inet address 9.0.0.1/24 user@host-R4# set ge-0/1/7 unit 0 family inet6 user@host-R4# set ge-0/1/7 unit 0 family mpls
Configure the routing protocols.
OSPF is enabled to support IPv4 routing; OSPFv3 is enabled to support IPv6 routing.
Configure the router ID.
[edit] user@host-R4# set routing-options router-id 104.0.0.1
Configure OSPF for IPv4 routing.
[edit protocols] user@host-R4# set ospf area 0.0.0.0 interface lo0.0 user@host-R4# set ospf area 0.0.0.0 interface ge-0/0/2.0 user@host-R4# set ospf area 0.0.0.0 interface ge-0/0/3.0 user@host-R4# set ospf area 0.0.0.0 interface ge-0/0/4.0 user@host-R4# set ospf area 0.0.0.0 interface ge-0/1/3.0 user@host-R4# set ospf area 0.0.0.0 interface ge-0/1/4.0 user@host-R4# set ospf area 0.0.0.0 interface ge-0/1/7.0 passive
Configure OSPFv6 for IPv6 routing.
[edit protocols] user@host-R4# set ospf3 area 0.0.0.0 interface lo0.0 user@host-R4# set ospf3 area 0.0.0.0 interface ge-0/0/2.0 user@host-R4# set ospf3 area 0.0.0.0 interface ge-0/0/3.0 user@host-R4# set ospf3 area 0.0.0.0 interface ge-0/0/4.0 user@host-R4# set ospf3 area 0.0.0.0 interface ge-0/1/3.0 user@host-R4# set ospf3 area 0.0.0.0 interface ge-0/1/4.0
Configure MPLS for all interfaces connected to BNG-facing and LNS-facing ports.
IPv6 MPLS tunneling allows IPv6 routes to be resolved over an MPLS network by converting LDP and RSVP routes stored in the inet.3 routing table to IPv4-mapped IPv6 addresses, and then copying them into the inet6.3 routing table. The inet6.3 routing table can be used to resolve next hops for both inet6 and inet6-vpn routes.
[edit protocols] user@host-R4# set mpls ipv6-tunneling user@host-R4# set mpls interface lo0.0 user@host-R4# set mpls interface ge-0/0/2.0 user@host-R4# set mpls interface ge-0/0/3.0 user@host-R4# set mpls interface ge-0/0/4.0 user@host-R4# set mpls interface ge-0/1/3.0 user@host-R4# set mpls interface ge-0/1/4.0
Enable MPLS LDP signaling.
Configure LDP for BNG-facing and access PE-facing ports. Enabling LDP on the loopback interface is necessary for end-to-end MPLS L2 circuit service.
[edit protocols] user@host-R4# set ldp interface lo0.0 user@host-R4# set ldp interface ge-0/0/2.0 user@host-R4# set ldp interface ge-0/0/3.0 user@host-R4# set ldp interface ge-0/0/4.0 user@host-R4# set ldp interface ge-0/1/3.0 user@host-R4# set ldp interface ge-0/1/4.0
Results
From configuration mode, confirm your configuration
by entering the following show
commands:
Confirm the interface configuration.
user@host-R4# show interfaces lo0 unit 0 { family inet { address 104.0.0.1/32 { primary; preferred; } } family inet6 { address 1004:0::1/128 { primary; preferred; } } }
user@host-R4# show interfaces ge-0/0/2 unit 0 { family inet { address 21.21.14.2/24; } family inet6; family mpls; }
user@host-R4# show interfaces ge-0/0/3 unit 0 { family inet { address 21.21.15.2/24; } family inet6; family mpls; }
user@host-R4# show interfaces ge-0/0/4 unit 0 { family inet { address 21.21.40.2/24; } family inet6; family mpls; }
user@host-R4# show interfaces ge-0/1/3 unit 0 { family inet { address 21.21.50.1/24; } family inet6; family mpls; }
user@host-R4# show interfaces ge-0/1/4 unit 0 { family inet { address 21.21.51.1/24; } family inet6; family mpls; }
user@host-R4# show interfaces ge-0/1/7 unit 0 { family inet { address 9.0.0.1/24; } family inet6; family mpls; }
Confirm the routing protocol configuration.
user@host-R4# show protocols ospf area 0.0.0.0 { interface ge-0/0/2.0; interface lo0.0; interface ge-0/0/3.0; interface ge-0/0/4.0; interface ge-0/1/3.0; interface ge-0/1/4.0; interface ge-0/1/7.0 { passive; } }
user@host-R4# show protocols ospf3 area 0.0.0.0 { interface ge-0/0/2.0; interface lo0.0; interface ge-0/0/3.0; interface ge-0/0/4.0; interface ge-0/1/3.0; interface ge-0/1/4.0; }
user@host-R4# show protocols mpls interface ge-0/0/2.0; interface lo0.0; interface ge-0/0/3.0; interface ge-0/0/4.0; interface ge-0/1/3.0; interface ge-0/1/4.0;
user@host-R4# show protocols ldp interface ge-0/0/2.0; interface ge-0/0/3.0; interface ge-0/0/4.0; interface ge-0/1/3.0; interface ge-0/1/4.0; interface lo0.0;
Configuring the LNS Router, R5
CLI Quick Configuration
Figure 6 highlights the LNS device (R5) in the context of the reference example topology.
To quickly configure this example, copy the following commands,
paste them into a text file, remove any line breaks, change any details
necessary to match your network configuration, and then copy and paste
the commands into the CLI at the [edit]
hierarchy level.
set interfaces lo0 unit 0 family inet address 105.0.0.1/32 primary preferred set interfaces lo0 unit 0 family inet6 address 1005:0::1/128 primary preferred set interfaces ge-0/0/3 description "To R4 - Core" set interfaces ge-0/0/3 unit 0 family inet address 21.21.50.2/24 set interfaces ge-0/0/3 unit 0 family inet6 set interfaces ge-0/0/3 unit 0 family mpls set interfaces ge-0/0/5 description "To R4 - Core" set interfaces ge-0/0/5 unit 0 family inet address 21.21.51.2/24 set interfaces ge-0/0/5 unit 0 family inet6 set interfaces ge-0/0/5 unit 0 family mpls set interfaces ge-0/1/4 description “Retailer/ISP facing link1” set interfaces ge-0/1/4 unit 0 family inet address 200.0.0.1/24 set interfaces ge-0/1/4 unit 0 family inet6 address 3000:db8:ffff:4::1/64 set interfaces ge-1/0/4 description “Retailer/ISP facing link2” set interfaces ge-1/0/4 unit 0 family inet address 199.99.9.1/24 set interfaces ge-1/0/4 unit 0 family inet6 address 3000:db8:ffff:5::1/64 set routing-options router-id 105.0.0.1 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 set protocols ospf area 0.0.0.0 interface ge-0/0/5.0 set protocols ospf area 0.0.0.0 interface ge-0/1/4.0 set protocols ospf area 0.0.0.0 interface ge-1/0/4.0 set protocols ospf3 area 0.0.0.0 interface lo0.0 set protocols ospf3 area 0.0.0.0 interface ge-0/0/3.0 set protocols ospf3 area 0.0.0.0 interface ge-0/0/5.0 set protocols ospf3 area 0.0.0.0 interface ge-0/1/4.0 set protocols ospf3 area 0.0.0.0 interface ge-1/0/4.0 set protocols mpls interface ge-0/0/3.0 set protocols mpls interface ge-0/0/5.0 set protocols ldp interface lo0.0 set protocols ldp interface ge-0/0/3.0 set protocols ldp interface ge-0/0/5.0 set chassis fpc 1 pic 0 inline-services bandwidth 1g set dynamic-profiles lns-profile routing-instances "$junos-routing-instance" interface "$junos-interface-name" set dynamic-profiles dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options l2tp-interface-id dedicated set dynamic-profiles dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-keepalives set dynamic-profiles dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" set dynamic-profiles dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface" set access group-profile lns-group-profile ppp ppp-options pap set access group-profile lns-group-profile ppp ppp-options chap set access group-profile lns-group-profile ppp keepalive 0 set access profile lns-profile client default l2tp lcp-renegotiation set access profile lns-profile client default l2tp shared-secret "$ABC123"; ## SECRET-DATA set access profile lns-profile client default user-group-profile lns-group-profile set access radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA set access radius-server 9.0.0.9 source-address 105.0.0.1 set access profile AccProf-LNS authentication-order none set services l2tp tunnel-group lns-tunnel-group l2tp-access-profile lns-profile set services l2tp tunnel-group lns-tunnel-group local-gateway address 105.0.0.1 set services l2tp tunnel-group lns-tunnel-group local-gateway gateway-name R5 set services l2tp tunnel-group lns-tunnel-group service-device-pool lns_service_device_pool set services l2tp tunnel-group lns-tunnel-group dynamic-profile lns-profile set services service-device-pools pool lns_service_device_pool interface si-1/0/0 set access address-assignment pool v4-l2tp-pool-0 family inet network 100.0.0.0/8 set access address-assignment pool v4-l2tp-pool-0 family inet range l2tpv4 low 100.48.0.1 set access address-assignment pool v4-l2tp-pool-0 family inet range l2tpv4 high 100.63.255.255 set access address-assignment pool v6-l2tp-pool-0 family inet6 prefix 1000:0000::/32 set access address-assignment pool v6-l2tp-pool-0 family inet6 range v6-range low 1000:0000:0000:0001::/64 set access address-assignment pool v6-l2tp-pool-0 family inet6 range v6-range high 1000:0000:0000:ffff::/64 set access address-assignment pool v6-ndra-pool-0 family inet6 prefix 3000:0000:0000:0000:0000:0000:0000:0000/32 set access address-assignment pool v6-ndra-pool-0 family inet6 range v6-range-0 prefix-length 64 set access system services dhcp-local-server dhcpv6 overrides delegated-pool v6-l2tp-pool-0 set access system services dhcp-local-server dhcpv6 group v6-ppp-client-0 interface si-1/0/0.0 set chassis fpc 1 pic 1 tunnel-services bandwidth 10g set access vt-1/1/0 unit 0 family inet set access vt-1/1/0 unit 0 family inet6 set access services radius-flow-tap source-ipv4-address 199.99.9.1 set access services radius-flow-tap interfaces vt-1/1/0.0
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the ../../../../../../.
To configure Device R5:
Configure the interfaces.
The loopback and retailer and ISP-facing interfaces support both IPv4 (inet) and IPv6 (inet6) address families for a dual stack routing environment. The core-facing interfaces do not include IPv6 family addressing because IPv6 traffic is overlaid over the L2TP tunnel that has only IPv4 source and destination.
Configure the LNS system’s primary address under a loopback interface.
[edit interfaces] user@host-R5# set lo0 unit 0 family inet address 105.0.0.1/32 primary preferred user@host-R5# set lo0 unit 0 family inet6 address 1005:0::1/128 primary preferred
Configure the core-facing interfaces.
The two configured ports pass traffic between the LNS device and the core networks.
[edit interfaces] user@host-R5# set ge-0/0/3 description "To R4 - Core" user@host-R5# set ge-0/0/3 unit 0 family inet address 21.21.50.2/24 user@host-R5# set ge-0/0/3 unit 0 family inet6 user@host-R5# set ge-0/0/3 unit 0 family mpls user@host-R5# set ge-0/0/5 description "To R4 - Core" user@host-R5# set ge-0/0/5 unit 0 family inet address 21.21.51.2/24 user@host-R5# set ge-0/0/5 unit 0 family inet6 user@host-R5# set ge-0/0/5 unit 0 family mpls
Configure the retailer and ISP-facing interfaces.
The two configured ports pass traffic between the LNS, and retailer and ISP networks.
[edit interfaces] user@host-R5# set ge-0/1/4 description “Retailer/ISP facing link1” user@host-R5# set ge-0/1/4 unit 0 family inet address 200.0.0.1/24 user@host-R5# set ge-0/1/4 unit 0 family inet6 address 3000:db8:ffff:4::1/64 user@host-R5# set ge-1/0/4 description “Retailer/ISP facing link2” user@host-R5# set ge-1/0/4 unit 0 family inet address 199.99.9.1/24 user@host-R5# set ge-1/0/4 unit 0 family inet6 address 3000:db8:ffff:5::1/64
Configure the routing protocols.
OSPF is enabled to support IPv4 routing; OSPFv3 is enabled to support IPv6 routing.
Configure the router ID.
[edit] user@host-R5# set routing-options router-id 105.0.0.1
Configure OSPF for IPv4 routing.
[edit protocols] user@host-R5# set ospf area 0.0.0.0 interface lo0.0 user@host-R5# set ospf area 0.0.0.0 interface ge-0/0/3.0 user@host-R5# set ospf area 0.0.0.0 interface ge-0/0/5.0 user@host-R5# set ospf area 0.0.0.0 interface ge-0/1/4.0 user@host-R5# set ospf area 0.0.0.0 interface ge-1/0/4.0
Configure OSPFv3 for IPv6 routing.
[edit protocols] user@host-R5# set ospf3 area 0.0.0.0 interface lo0.0 user@host-R5# set ospf3 area 0.0.0.0 interface ge-0/0/3.0 user@host-R5# set ospf3 area 0.0.0.0 interface ge-0/0/5.0 user@host-R5# set ospf3 area 0.0.0.0 interface ge-0/1/4.0 user@host-R5# set ospf3 area 0.0.0.0 interface ge-1/0/4.0
Enable MPLS .
Configure MPLS for all core-facing interfaces.
[edit protocols] user@host-R5# set mpls interface ge-0/0/3.0 user@host-R5# set mpls interface ge-0/0/5.0
Enable LDP.
[edit protocols] user@host-R5# set ldp interface lo0.0 user@host-R5# set ldp interface ge-0/0/3.0 user@host-R5# set ldp interface ge-0/0/5.0
Configure the LNS components.
L2TP traffic is processed using the inline service capability of the general network interface module rather than a dedicated service module. Line modules, therefore, process both L2TP and non-L2TP traffic.
Enable inline services.
Configure the bandwidth assigned for the inline service of the module.
[edit chassis] user@host-R5# set fpc 1 pic 0 inline-services bandwidth 1g
Configure the dynamic profile.
Configure the dynamic profile required for dynamic configuration of L2TP session interface characteristics.
[edit dynamic-profiles] user@host-R5# set lns-profile routing-instances "$junos-routing-instance" interface "$junos-interface-name" user@host-R5# set dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options l2tp-interface-id dedicated user@host-R5# set dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-keepalives user@host-R5# set dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" user@host-R5# set dynamic-profiles lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
Configure the access group profile.
Configure the characteristics of the PPP protocol running over the L2TP tunnel.
[edit access] user@host-R5# set group-profile lns-group-profile ppp ppp-options pap user@host-R5# set group-profile lns-group-profile ppp ppp-options chap user@host-R5# set group-profile lns-group-profile ppp keepalive 0
Configure the L2TP client profile.
Configure the L2TP client (LAC) characteristics, which are used to configure PPP link layer characteristics.
[edit access] user@host-R5# set profile lns-profile client default l2tp lcp-renegotiation user@host-R5# set profile lns-profile client default l2tp shared-secret "$ABC123"; ## SECRET-DATA user@host-R5# set profile lns-profile client default user-group-profile lns-group-profile
Configure the RADIUS server access.
[edit access] user@host-R5# set radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA user@host-R5# set radius-server 9.0.0.9 source-address 105.0.0.1
Configure the authorization, authentication, and accounting (AAA) profile.
Configure an access profile for incoming L2TP AAA calls.
[edit access] user@host-R5# set profile AccProf-LNS authentication-order none
Configure global L2TP services.
Configure an L2TP tunnel group profile that contains the L2TP gateway’s local address configuration and refers to other previously configured profiles for L2 and L3 network characteristics.
[edit services] user@host-R5# set l2tp tunnel-group lns-tunnel-group l2tp-access-profile lns-profile user@host-R5# set l2tp tunnel-group lns-tunnel-group local-gateway address 105.0.0.1 user@host-R5# set l2tp tunnel-group lns-tunnel-group local-gateway gateway-name R5 user@host-R5# set l2tp tunnel-group lns-tunnel-group service-device-pool lns_service_device_pool user@host-R5# set l2tp tunnel-group lns-tunnel-group dynamic-profile lns-profile user@host-R5# set service-device-pools pool lns_service_device_pool interface si-1/0/0
Configure the address pools.
The local inet address pool is used for subscriber end devices (CPE, desktop, and so on) to obtain IPv4 addresses using PPP IPCP negotiation. The local inet6 address pool is used for subscriber end devices to obtain IPv6 prefixes using DHCPv6.
[edit access] user@host-R5# set address-assignment pool v4-l2tp-pool-0 family inet network 100.0.0.0/8 user@host-R5# set address-assignment pool v4-l2tp-pool-0 family inet range l2tpv4 low 100.48.0.1 user@host-R5# set address-assignment pool v4-l2tp-pool-0 family inet range l2tpv4 high 100.63.255.255 user@host-R5# set address-assignment pool v6-l2tp-pool-0 family inet6 prefix 1000:0000::/32 user@host-R5# set address-assignment pool v6-l2tp-pool-0 family inet6 range v6-range low 1000:0000:0000:0001::/64 user@host-R5# set address-assignment pool v6-l2tp-pool-0 family inet6 range v6-range high 1000:0000:0000:ffff::/64 user@host-R5# set address-assignment pool v6-ndra-pool-0 family inet6 prefix 3000:0000:0000:0000:0000:0000:0000:0000/32 user@host-R5# set address-assignment pool v6-ndra-pool-0 family inet6 range v6-range-0 prefix-length 64
Configure DHCPv6.
Enable DHCPv6 message processing on the L2TP session interface (si-0/0/0 interface). PPP provides interface ID (link local address) exchange for IPv6 support, but it does not provide global routable IPv6 prefixes. DHCPv6 protocol is employed for IPv6 prefix allocation.
[edit access] user@host-R5# set system services dhcp-local-server dhcpv6 overrides delegated-pool v6-l2tp-pool-0 user@host-R5# set system services dhcp-local-server dhcpv6 group v6-ppp-client-0 interface si-1/0/0.0
Secure a policy for traffic mirroring.
Configure a RADIUS protocol-based per-subscriber traffic mirror so that an external authority can enable traffic mirroring on a specific subscriber session.
Enable inline tunnel services.
[edit chassis] user@host-R5# set fpc 1 pic 1 tunnel-services bandwidth 10g
Enable inet (IPv4) and inet6 (IPv6) address families.
[edit access] user@host-R5# set vt-1/1/0 unit 0 family inet user@host-R5# set vt-1/1/0 unit 0 family inet6
Enable the RADIUS flow-tap service.
For information about flow-tap, see Flow-Tap Architecture.
[edit access] user@host-R5# set services radius-flow-tap source-ipv4-address 199.99.9.1 user@host-R5# set services radius-flow-tap interfaces vt-1/1/0.0
Results
Confirm the interface configuration.
user@host-R5# show interfaces lo0 unit 0 { family inet { address 105.0.0.1/32 { primary; preferred; } } family inet6 { address 1005:0::1/128 { primary; preferred; } } }
user@host-R5# show interfaces ge-0/0/3 description "To R4 - Core"; unit 0 { family inet { address 21.21.50.2/24; } family inet6 { } family mpls { } } user@host-R5# show interfaces ge-0/0/5 description "To R4 - Core"; unit 0 { family inet { address 21.21.51.2/24; } } family inet6 { } family mpls { } }
user@host-R5# show interfaces ge-0/1/4 description "Retailer/ISP facing link1“; unit 0 { family inet { address 200.0.0.1/24; } family inet6 { address 3000:db8:ffff:4::1/64; } } user@host-R5# show interfaces ge-1/0/4 description "Retailer/ISP facing link2“; unit 0 { family inet { address 199.99.9.1/24; } family inet6 { address 3000:db8:ffff:5::1/64; } }
Confirm the routing protocol configuration.
user@host-R5# show protocols ospf area 0.0.0.0 { interface lo0.0; interface ge-0/0/3.0; interface ge-0/0/5.0; interface ge-0/1/4.0; interface ge-1/0/4.0; }
user@host-R5# show protocols ospf3 area 0.0.0.0 { interface lo0.0; interface ge-0/0/3.0; interface ge-0/0/5.0; interface ge-0/1/4.0; interface ge-1/0/4.0; }
user@host-R5# show protocols mpls interface ge-0/0/3.0; interface ge-0/0/5.0;
user@host-R5# show protocols ldp interface lo0.0; interface ge-0/0/3.0; interface ge-0/0/5.0;
Confirm the inline service configuration.
user@host-R5# show chassis fpc1 pic 0 { inline-services { bandwidth 1g; } }
Confirm the dynamic profile configuration.
user@host-R5# show dynamic-profiles lns-profile routing-instances { "$junos-routing-instance" { interface "$junos-interface-name"; } } interfaces { "$junos-interface-ifd-name" { unit "$junos-interface-unit" { dial-options { l2tp-interface-id dedicated; } no-keepalives; family inet { unnumbered-address "$junos-loopback-interface"; } family inet6 { unnumbered-address "$junos-loopback-interface"; } } } }
Confirm the access group profile configuration.
user@host-R5# show access group-profile lns-group-profile ppp { ppp-options { pap; chap; } keepalive 0; }
Confirm the L2TP client profile configuration.
user@host-R5# show access profile lns-profile client default { l2tp { shared-secret "$ABC123"; ## SECRET-DATA } user-group-profile lns-group-profile; }
Confirm the RADIUS server configuration.
user@host-R5# show access radius-server 9.0.0.9 secret "$ABC123"; ## SECRET-DATA; source-address 105.0.0.1;
Confirm the AAA profile configuration.
user@host-R5# show access profile AccProf-LNS authentication-order none;
Confirm the global L2TP services configuration.
user@host-R5# show services l2tp { tunnel-group lns-tunnel-group { l2tp-access-profile lns-profile; local-gateway { address 105.0.0.1; gateway-name R5; } } service-device-pool lns_service_device_pool; dynamic-profile lns-profile; } } service-device-pools { pool lns_service_device_pool { interface si-0/0/0; } }
Confirm the IPv4 and IPv6 address pool configuration.
user@host-R5# show access address-assignment pool v4-l2tp-pool-0 family inet { network 100.0.0.0/8; range l2tpv4 { low 100.48.0.1; high 100.63.255.255; } } user@host-R5# show access address-assignment pool v6-l2tp-pool-0 family inet6 { prefix 1000:0000::/32; range v6-range-0 { low 1000:0000:0000:0001::/64; high 1000:0000:0000:ffff::/64; } } user@host-R5# show access address-assignment pool v6-ndra-pool-0 family inet6 { prefix 3000:0000:0000:0000:0000:0000:0000:0000:/32; range v6-range-0 { prefix-length 64; } }
Confirm the DHCPv6 configuration.
user@host-R5# show system services dhcp-local-server dhcpv6 { overrides { delegated-pool v6-l2tp-pool-0; } group v6-ppp-client-0 { interface si-0/0/0.0; } }
Confirm the inline tunnel services configuration for traffic mirroring.
user@host-R5# show chassis fpc 1 pic 1 { tunnel-services { bandwidth 10g; } }
Confirm that inet and inet6 address families are enabled.
user@host-R5# show interfaces vt-1/1/0 unit 0 { family inet; family inet6; }
Confirm that the RADIUS flow-tap service is enabled.
user@host-R5# show services radius-flow-tap source-ipv4-address 199.99.9.1; interfaces { vt-1/1/0.0; }
Configuring the User Profile for the RADIUS Server
Step-by-Step Procedure
Figure 7 highlights the RADIUS server in the context of the reference example topology.
To configure the user profile for the RADIUS server:
Include the following service activation RADIUS attributes in the user profile configuration:
SST_USER_DHCP_V4_DEFAULT Auth-Type := Accept, User-Password := "<password>" ERX-Service-Activate:1 += "DHCP-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)", SST_USER_DHCP_V6_DEFAULT Auth-Type := Accept, User-Password := "<password>" ERX-Service-Activate:1 += "DHCP-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)", SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM Auth-Type := Accept, User-Password := "<password>" ERX-Service-Activate:1 += "PPPOE-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)", SST_USER_PPPOE_LT_DEFAULT Auth-Type := Accept, User-Password := "<password>" ERX-Service-Activate:1 += "PPPOE-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)", SST_USER_VLAN_DEFAULT Auth-Type := Accept, User-Password := "<password>"
Verification
The following sections show how to verify that the configuration is working properly. Within each group, verification steps are listed for the devices from left to right in the example topology.
- Verify Route Summary Information
- Verify the Loopback and Physical Ports
- Verify OSPF and OSPF3 Functionality
- Verify LDP Functionality
- Verify MPLS Interfaces
- Verify Circuit Cross-Connect (CCC) Interfaces and L2 Circuits on R1, R2, and R0
- Verify Logical Tunnel (LT) Interfaces on R0 and R3
- Verify Pseudoservice (PS) Interfaces on R0 and R3
- Verify DHCPv4 Over Dynamic VLAN Interfaces on R0
- Verify DHCPv6-PD Over Dynamic VLAN Interfaces on R0
- Verify PPPoE Over Dynamic VLAN Interfaces on R0
- Verify DHCP-PD Over PPPoE Over Dynamic VLAN Interfaces on R0
- Verify LAC PPP over Dynamic Interfaces on R0
- Verify the AAA Access and RADIUS Server Configuration and Statistics on R0
- Verify That on R3, No L2 Circuits Are Up and No BFD Sessions Are Running
- Verify L2TP Functionality on R5
- Verify Dynamic VLAN Authentication and Accounting on the RADIUS Server
Verify Route Summary Information
Purpose
Confirm that destinations and routes are functional:
On R1, confirm inet, MPLS, and L2 circuit destinations and routes on router ID 101.0.0.1.
On R2, confirm inet, inet6, MPLS, and L2 circuit destinations and routes on router ID 102.0.0.1.
On R0, confirm inet, inet6, MPLS, and L2 circuit destinations and routes on router ID 100.0.0.1.
On R4, confirm inet, inet6, and MPLS destinations and routes on router ID 104.0.0.1.
On R5, confirm inet, inet6, and MPLS destinations and routes on router ID 105.0.0.1.
Action
On each device, run the show route summary
command from operational mode.
user@host-R1>show route summary Router ID: 101.0.0.1 inet.0: 31 destinations, 32 routes (31 active, 0 holddown, 0 hidden) Direct: 6 routes, 6 active Local: 5 routes, 5 active OSPF: 19 routes, 18 active Static: 2 routes, 2 active inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active mpls.0: 2013 destinations, 2013 routes (2013 active, 0 holddown, 0 hidden) MPLS: 6 routes, 6 active LDP: 7 routes, 7 active L2CKT: 2000 routes, 2000 active __mpls-oam__.mpls.0: 1000 destinations, 1000 routes (1000 active, 0 holddown, 0 hidden) L2CKT: 1000 routes, 1000 active l2circuit.0: 3000 destinations, 3000 routes (3000 active, 0 holddown, 0 hidden) LDP: 2000 routes, 2000 active L2CKT: 1000 routes, 1000 active
user@host-R2>show route summary Router ID: 102.0.0.1 inet.0: 31 destinations, 32 routes (31 active, 0 holddown, 0 hidden) Direct: 6 routes, 6 active Local: 5 routes, 5 active OSPF: 19 routes, 18 active Static: 2 routes, 2 active inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active mpls.0: 2106 destinations, 2106 routes (2106 active, 0 holddown, 0 hidden) MPLS: 3 routes, 3 active LDP: 7 routes, 7 active L2CKT: 2096 routes, 2096 active inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) Direct: 2 routes, 2 active Local: 2 routes, 2 active l2circuit.0: 3144 destinations, 3144 routes (3144 active, 0 holddown, 0 hidden) LDP: 2096 routes, 2096 active L2CKT: 1048 routes, 1048 active
user@host-R0>show route summary Router ID: 100.0.0.1 inet.0: 33 destinations, 34 routes (33 active, 0 holddown, 0 hidden) Direct: 8 routes, 8 active Local: 7 routes, 7 active OSPF: 17 routes, 16 active Static: 2 routes, 2 active inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active mpls.0: 4110 destinations, 4110 routes (4110 active, 0 holddown, 0 hidden) MPLS: 6 routes, 6 active LDP: 8 routes, 8 active L2CKT: 4096 routes, 4096 active __mpls-oam__.mpls.0: 2048 destinations, 2048 routes (2048 active, 0 holddown, 0 hidden) L2CKT: 2048 routes, 2048 active inet6.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) Direct: 4 routes, 3 active Local: 3 routes, 3 active OSPF3: 6 routes, 6 active inet6.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active l2circuit.0: 4096 destinations, 4096 routes (4096 active, 0 holddown, 0 hidden) LDP: 2048 routes, 2048 active L2CKT: 2048 routes, 2048 active
user@host-R3>show route summary Router ID: 103.0.0.1 inet.0: 32 destinations, 33 routes (32 active, 0 holddown, 0 hidden) Direct: 7 routes, 7 active Local: 6 routes, 6 active OSPF: 18 routes, 17 active Static: 2 routes, 2 active inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active mpls.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden) MPLS: 6 routes, 6 active LDP: 8 routes, 8 active inet6.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) Direct: 3 routes, 3 active Local: 1 routes, 1 active OSPF3: 6 routes, 6 active inet6.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active l2circuit.0: 2048 destinations, 2048 routes (2048 active, 0 holddown, 0 hidden) L2CKT: 2048 routes, 2048 active
user@host-R4>show route summary Router ID: 104.0.0.1 inet.0: 30 destinations, 30 routes (30 active, 0 holddown, 0 hidden) Direct: 7 routes, 7 active Local: 6 routes, 6 active OSPF: 17 routes, 17 active inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) MPLS: 4 routes, 4 active LDP: 8 routes, 8 active inet6.0: 14 destinations, 18 routes (14 active, 0 holddown, 0 hidden) Direct: 7 routes, 3 active Local: 5 routes, 5 active OSPF3: 6 routes, 6 active inet6.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active
user@host-R5>show route summary Router ID: 105.0.0.1 inet.0: 34 destinations, 34 routes (34 active, 0 holddown, 0 hidden) Direct: 6 routes, 6 active Local: 5 routes, 5 active OSPF: 18 routes, 18 active Static: 5 routes, 5 active inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) LDP: 5 routes, 5 active mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) MPLS: 6 routes, 6 active LDP: 6 routes, 6 active inet6.0: 16 destinations, 20 routes (16 active, 0 holddown, 0 hidden) Direct: 9 routes, 5 active Local: 7 routes, 7 active OSPF3: 4 routes, 4 active
Meaning
Destinations and routes are functional.
Verify the Loopback and Physical Ports
Purpose
On each device, test connections to the loopback and physical ports.
Action
On each device, run the show interfaces
command
from operational mode for each port to confirm the interfaces are
Up. Then run the ping
command to verify communication with
each interface.
user@host-R1>show interfaces lo0 terse Interface Admin Link Proto Local Remote lo0 up up lo0.0 up up inet 101.0.0.1 --> 0/0 mpls lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet
user@host-R1>ping 101.0.0.1 rapid PING 101.0.0.1 (101.0.0.1): 56 data bytes !!!!! --- 101.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.074/0.176/0.288/0.092 ms user@host-R1>show interfaces ge-1/0/6 terse Interface Admin Link Proto Local Remote ge-1/0/6 up up ge-1/0/6.0 up up inet 21.21.11.2/24 mpls multiservice user@host-R1>ping 21.21.11.2 rapid PING 21.21.11.2 (21.21.11.2): 56 data bytes !!!!! --- 21.21.11.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.067/0.090/0.169/0.040 ms user@host-R1>show interfaces ge-1/1/6 terse Interface Admin Link Proto Local Remote ge-1/1/6 up up ge-1/1/6.0 up up inet 21.21.10.2/24 mpls multiservice user@host-R1>ping 21.21.10.2 rapid PING 21.21.10.2 (21.21.10.2): 56 data bytes !!!!! --- 21.21.10.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.068/0.091/0.169/0.039 ms user@host-R1>show interfaces ge-1/1/4 terse Interface Admin Link Proto Local Remote ge-1/1/4 up up ge-1/1/4.0 up up inet 21.21.20.1/24 mpls multiservice user@host-R1>ping 21.21.20.1 rapid PING 21.21.20.1 (21.21.20.1): 56 data bytes !!!!! --- 21.21.20.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.070/0.114/0.282/0.084 ms user@host-R1>show interfaces ge-1/1/5 terse Interface Admin Link Proto Local Remote ge-1/1/5 up up ge-1/1/5.0 up up inet 21.21.21.1/24 mpls multiservice user@host-R1>ping 21.21.21.1 rapid PING 21.21.21.1 (21.21.21.1): 56 data bytes !!!!! --- 21.21.21.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.070/0.200/0.420/0.157 ms
user@host-R2>show interfaces lo0 terse Interface Admin Link Proto Local Remote lo0 up up lo0.0 up up inet 102.0.0.1 --> 0/0 mpls lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet
user@host-R2>ping 102.0.0.1 rapid PING 102.0.0.1 (102.0.0.1): 56 data bytes !!!!! --- 102.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.070/0.086/0.138/0.026 ms user@host-R2>show interfaces ge-1/0/6 terse Interface Admin Link Proto Local Remote ge-1/0/6 up up ge-1/0/6.0 up up inet 21.21.13.2/24 multiservice user@host-R2>ping 21.21.13.2 rapid PING 21.21.13.2 (21.21.13.2): 56 data bytes !!!!! --- 21.21.13.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.142/0.168/0.256/0.044 ms user@host-R2>show interfaces ge-1/1/6 terse Interface Admin Link Proto Local Remote ge-1/1/6 up up ge-1/1/6.0 up up inet 21.21.12.2/24 mpls multiservice user@host-R2>ping 21.21.12.2 rapid PING 21.21.12.2 (21.21.12.2): 56 data bytes !!!!! --- 21.21.12.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.072/0.103/0.219/0.058 ms user@host-R2>show interfaces ge-1/1/4 terse Interface Admin Link Proto Local Remote ge-1/1/4 up up ge-1/1/4.0 up up inet 21.21.30.1/24 mpls multiservice user@host-R2>ping 21.21.30.1 rapid PING 21.21.30.1 (21.21.30.1): 56 data bytes !!!!! --- 21.21.30.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.069/0.097/0.138/0.032 ms user@host-R2>show interfaces ge-1/1/5 terse Interface Admin Link Proto Local Remote ge-1/1/5 up up ge-1/1/5.0 up up inet 21.21.31.1/24 mpls multiservice user@host-R2>ping 21.21.31.1 rapid PING 21.21.31.1 (21.21.31.1): 56 data bytes !!!!! --- 21.21.31.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.070/0.084/0.131/0.023 ms
user@host-R0>show interfaces lo0 terse Interface Admin Link Proto Local Remote lo0 up up lo0.0 up up inet 100.0.0.1 --> 0/0 inet6 1000::1 fe80::2a0:a50f:fc76:14de mpls lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet
user@host-R0>ping 100.0.0.1 rapid PING 100.0.0.1 (100.0.0.1): 56 data bytes !!!!! --- 100.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.052/0.080/0.115/0.021 ms user@host-R0>ping 1000::1 rapid PING6(56=40+8+8 bytes) 1000::1 --> 1000::1 !!!!! --- 1000::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.155/0.345/0.957/0.311 ms user@host-R0>show interfaces ge-0/0/0 terse Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 21.21.11.1/24 mpls multiservice user@host-R0>ping 21.21.11.1 rapid PING 21.21.11.1 (21.21.11.1): 56 data bytes !!!!! --- 21.21.11.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.050/0.112/0.248/0.072 ms user@host-R0>show interfaces ge-1/0/0 terse Interface Admin Link Proto Local Remote ge-1/0/0 up up ge-1/0/0.0 up up inet 21.21.10.1/24 mpls multiservice user@host-R0>ping 21.21.10.1 rapid PING 21.21.10.1 (21.21.10.1): 56 data bytes !!!!! --- 21.21.10.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.051/0.087/0.129/0.031 ms user@host-R0>show interfaces ge-2/0/0 terse Interface Admin Link Proto Local Remote ge-2/0/0 up up ge-2/0/0.0 up up inet 21.21.13.1/24 mpls multiservice user@host-R0>ping 21.21.13.1 rapid PING 21.21.13.1 (21.21.13.1): 56 data bytes !!!!! --- 21.21.13.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.050/0.083/0.114/0.027 ms user@host-R0>show interfaces ge-3/0/0 terse Interface Admin Link Proto Local Remote ge-3/0/0 up up ge-3/0/0.0 up up inet 21.21.12.1/24 mpls multiservice user@host-R0>ping 21.21.12.1 rapid PING 21.21.12.1 (21.21.12.1): 56 data bytes !!!!! --- 21.21.12.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.050/0.084/0.115/0.027 ms user@host-R0>show interfaces ge-4/0/0 terse Interface Admin Link Proto Local Remote ge-4/0/0 up up ge-4/0/0.0 up up inet 21.21.14.1/24 inet6 fe80::ae4b:c8ff:fe45:6800/64 mpls multiservice user@host-R0>ping 21.21.14.1 rapid PING 21.21.14.1 (21.21.14.1): 56 data bytes !!!!! --- 21.21.14.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.051/0.104/0.201/0.055 ms user@host-R0>ping fe80::ae4b:c8ff:fe45:6800 rapid PING6(56=40+8+8 bytes) fe80::ae4b:c8ff:fe45:6800 --> fe80::ae4b:c8ff:fe45:6800 !!!!! --- fe80::ae4b:c8ff:fe45:6800 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.084/0.106/0.121/0.013 ms user@host-R0>show interfaces ge-5/0/0 terse Interface Admin Link Proto Local Remote ge-5/0/0 up up ge-5/0/0.0 up up inet 21.21.15.1/24 inet6 fe80::ae4b:c8ff:fe45:6be0/64 mpls multiservice user@host-R0>ping 21.21.15.1 rapid PING 21.21.15.1 (21.21.15.1): 56 data bytes !!!!! --- 21.21.15.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.052/0.082/0.113/0.021 ms user@host-R0>ping fe80::ae4b:c8ff:fe45:6be0 rapid PING6(56=40+8+8 bytes) fe80::ae4b:c8ff:fe45:6be0 --> fe80::ae4b:c8ff:fe45:6be0 !!!!! --- fe80::ae4b:c8ff:fe45:6be0 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.062/0.131/0.206/0.047 ms
user@host-R3>show interfaces lo0 terse Interface Admin Link Proto Local Remote lo0 up up lo0.0 up up inet 103.0.0.1 --> 0/0 inet6 1003::1 fe80::2a0:a50f:fc76:14d2 mpls lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet
user@host-R3>ping 103.0.0.1 rapid PING 103.0.0.1 (103.0.0.1): 56 data bytes !!!!! --- 103.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.053/0.081/0.114/0.025 ms user@host-R3>ping 1003::1 rapid PING6(56=40+8+8 bytes) 1003::1 --> 1003::1 !!!!! --- 1003::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.062/0.092/0.170/0.040 ms user@host-R3>show interfaces ge-0/0/0 terse Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 21.21.20.2/24 mpls multiservice user@host-R3>ping 21.21.20.2 rapid PING 21.21.20.2 (21.21.20.2): 56 data bytes !!!!! --- 21.21.20.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.055/0.096/0.137/0.034 ms user@host-R3>show interfaces ge-1/0/0 terse Interface Admin Link Proto Local Remote ge-1/0/0 up up ge-1/0/0.0 up up inet 21.21.21.2/24 mpls multiservice user@host-R3>ping 21.21.21.2 rapid PING 21.21.21.2 (21.21.21.2): 56 data bytes !!!!! --- 21.21.21.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.057/0.083/0.113/0.018 ms user@host-R3>show interfaces ge-2/0/0 terse Interface Admin Link Proto Local Remote ge-2/0/0 up up ge-2/0/0.0 up up inet 21.21.30.2/24 mpls multiservice user@host-R3>ping 21.21.30.2 rapid PING 21.21.30.2 (21.21.30.2): 56 data bytes !!!!! --- 21.21.30.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.053/0.087/0.119/0.027 ms user@host-R3>show interfaces ge-3/0/0 terse Interface Admin Link Proto Local Remote ge-3/0/0 up up ge-3/0/0.0 up up inet 21.21.31.2/24 mpls multiservice user@host-R3>ping 21.21.31.2 rapid PING 21.21.31.2 (21.21.31.2): 56 data bytes !!!!! --- 21.21.31.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.054/0.082/0.116/0.025 ms user@host-R3>show interfaces ge-4/0/0 terse Interface Admin Link Proto Local Remote ge-4/0/0 up up ge-4/0/0.0 up up inet 21.21.40.1/24 inet6 fe80::ae4b:c8ff:fe45:f000/64 mpls multiservice user@host-R3>ping 21.21.40.1 rapid PING 21.21.40.1 (21.21.40.1): 56 data bytes !!!!! --- 21.21.40.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.053/0.083/0.118/0.027 ms user@host-R3>ping fe80::ae4b:c8ff:fe45:f000 rapid PING6(56=40+8+8 bytes) fe80::ae4b:c8ff:fe45:f000 --> fe80::ae4b:c8ff:fe45:f000 !!!!! --- fe80::ae4b:c8ff:fe45:f000 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.061/0.078/0.112/0.019 ms
user@host-R4>show interfaces lo0.1 terse Interface Admin Link Proto Local Remote lo0.0 up up inet 104.0.0.1 --> 0/0 inet6 1004::1 fe80::aad0:e50f:fc50:b2ff
user@host-R4>ping 104.0.0.1 rapid PING 104.0.0.1 (104.0.0.1): 56 data bytes !!!!! --- 104.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.092/0.116/0.205/0.044 ms user@host-R4>ping 1004::1 rapid PING6(56=40+8+8 bytes) 1004::1 --> 1004::1 !!!!! --- 1004::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.196/0.230/0.344/0.057 ms user@host-R4>show interfaces ge-0/0/2 terse Interface Admin Link Proto Local Remote ge-0/0/2 ge-0/0/2.0 up up inet 21.21.14.2/24 inet6 fe80::aad0:e5ff:fe50:b200/64 mpls multiservice user@host-R4>ping 21.21.14.2 rapid PING 21.21.14.2 (21.21.14.2): 56 data bytes !!!!! --- 21.21.14.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.094/0.116/0.195/0.040 ms user@host-R4>ping fe80::aad0:e5ff:fe50:b200 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b200 --> fe80::aad0:e5ff:fe50:b200 !!!!! --- fe80::aad0:e5ff:fe50:b200 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.231/0.476/1.114/0.324 ms user@host-R4>show interfaces ge-0/0/3 terse Interface Admin Link Proto Local Remote ge-0/0/3 ge-0/0/3.0 up up inet 21.21.15.2/24 inet6 fe80::aad0:e5ff:fe50:b262/64 mpls multiservice user@host-R4>ping 21.21.15.2 rapid PING 21.21.15.2 (21.21.15.2): 56 data bytes !!!!! --- 21.21.15.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.096/0.171/0.344/0.093 ms user@host-R4>ping fe80::aad0:e5ff:fe50:b262 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b262 --> fe80::aad0:e5ff:fe50:b262 !!!!! --- fe80::aad0:e5ff:fe50:b262 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.231/0.476/1.114/0.324 ms user@host-R4>show interfaces ge-0/0/4 terse Interface Admin Link Proto Local Remote ge-0/0/4 ge-0/0/4.0 up up inet 21.21.40.2/24 inet6 fe80::aad0:e5ff:fe50:b201/64 mpls multiservice user@host-R4>ping 21.21.40.2 rapid PING 21.21.40.2 (21.21.40.2): 56 data bytes !!!!! --- 21.21.40.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.093/0.116/0.194/0.039 ms user@host-R4>ping fe80::aad0:e5ff:fe50:b201 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b201 --> fe80::aad0:e5ff:fe50:b201 !!!!! --- fe80::aad0:e5ff:fe50:b201 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.231/0.476/1.114/0.324 ms user@host-R4>show interfaces ge-0/1/3 terse Interface Admin Link Proto Local Remote ge-0/1/3 ge-0/1/3.0 up up inet 21.21.50.1/24 inet6 fe80::aad0:e5ff:fe50:b268/64 mpls multiservice user@host-R4>ping 21.21.50.1 rapid PING 21.21.50.1 (21.21.50.1): 56 data bytes !!!!! --- 21.21.50.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.097/0.203/0.330/0.095 ms user@host-R4>ping fe80::aad0:e5ff:fe50:b268 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b268 --> fe80::aad0:e5ff:fe50:b268 !!!!! --- fe80::aad0:e5ff:fe50:b268 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.231/0.476/1.114/0.324 ms user@host-R4>show interfaces ge-0/1/4 terse Interface Admin Link Proto Local Remote ge-0/1/4 ge-0/1/4.0 up up inet 21.21.51.1/24 inet6 fe80::aad0:e5ff:fe50:b269/64 mpls multiservice user@host-R4>ping 21.21.51.1 rapid PING 21.21.51.1 (21.21.51.1): 56 data bytes !!!!! --- 21.21.51.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.094/0.143/0.331/0.094 ms user@host-R4>ping fe80::aad0:e5ff:fe50:b268 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b269 --> fe80::aad0:e5ff:fe50:b269 !!!!! --- fe80::aad0:e5ff:fe50:b269 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.231/0.476/1.114/0.324 ms user@host-R4>show interfaces ge-0/1/7 terse Interface Admin Link Proto Local Remote ge-0/1/7 ge-0/1/7.0 up up inet 9.0.0.1/24 multiservice user@host-R4>ping 9.0.0.1 rapid PING 9.0.0.1 (9.0.0.1): 56 data bytes !!!!! --- 9.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.194/0.262/0.322/0.049 ms
user@host-R5>show interfaces lo0 terse Interface Admin Link Proto Local Remote lo0 up up lo0.0 up up inet 105.0.0.1 --> 0/0 inet6 1005::1 fe80::aad0:e50f:fc50:b2ff lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet
user@host-R5>ping 105.0.0.1 rapid PING 105.0.0.1 (105.0.0.1): 56 data bytes !!!!! --- 105.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.092/0.137/0.209/0.053 ms user@host-R5>ping 1005::1 rapid PING6(56=40+8+8 bytes) 1005::1 --> 1005::1 !!!!! --- 1005::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.196/0.307/0.682/0.188 ms user@host-R5>show interfaces ge-0/0/3 terse Interface Admin Link Proto Local Remote ge-0/0/3 up up ge-0/0/3.0 up up inet 21.21.50.2/24 inet6 fe80::aad0:e5ff:fe50:b280/64 mpls multiservice user@host-R5>ping 21.21.50.2 rapid PING 21.21.50.2 (21.21.50.2): 56 data bytes !!!!! --- 21.21.50.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.093/0.145/0.226/0.055 ms user@host-R5>ping fe80::aad0:e5ff:fe50:b280 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b280 --> fe80::aad0:e5ff:fe50:b280 !!!!! --- fe80::aad0:e5ff:fe50:b280 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.198/0.230/0.349/0.059 ms user@host-R5>show interfaces ge-0/0/5 terse Interface Admin Link Proto Local Remote ge-0/0/5 up up ge-0/0/5.0 up up inet 21.21.51.2/24 inet6 fe80::aad0:e5ff:fe50:b281/64 mpls multiservice user@host-R5>ping 21.21.51.2 rapid PING 21.21.51.2 (21.21.51.2): 56 data bytes !!!!! --- 21.21.51.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.243/0.395/0.495/0.083 ms user@host-R5>ping fe80::aad0:e5ff:fe50:b281 rapid PING6(56=40+8+8 bytes) fe80::aad0:e5ff:fe50:b281 --> fe80::aad0:e5ff:fe50:b281 !!!!! --- fe80::aad0:e5ff:fe50:b281 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.124/0.204/0.381/0.101 ms user@host-R5>show interfaces ge-0/1/4 terse Interface Admin Link Proto Local Remote ge-0/1/4 up up ge-0/1/4.0 up up inet 10.9.46.229/24 200.0.0.1/24 inet6 3000:db8:ffff:4::1/64 fe80::aad0:e5ff:fe50:b260/64 multiservice user@host-R5>ping 10.9.46.229 rapid PING 10.9.46.229 (10.9.46.229): 56 data bytes !!!!! --- 10.9.46.229 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.093/0.137/0.244/0.059 ms user@host-R5>ping 3000:db8:ffff:4::1 rapid PING6(56=40+8+8 bytes) 3000:db8:ffff:4::1 --> 3000:db8:ffff:4::1 !!!!! --- 3000:db8:ffff:4::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.123/0.147/0.237/0.045 ms user@host-R5>show interfaces ge-1/0/4 terse Interface Admin Link Proto Local Remote ge-1/0/4 up up ge-1/0/4.0 up up inet 199.99.9.1/24 inet6 3000:db8:ffff:5::1/64 fe80::aad0:e5ff:fe50:b267/64 multiservice user@host-R5>ping 199.99.9.1 rapid PING 199.99.9.1 (199.99.9.1): 56 data bytes !!!!! --- 199.99.9.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.094/0.129/0.195/0.042 ms user@host-R5>ping 3000:db8:ffff:5::1 rapid PING6(56=40+8+8 bytes) 3000:db8:ffff:5::1 --> 3000:db8:ffff:5::1 !!!!! --- 3000:db8:ffff:5::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.231/0.476/1.114/0.324 ms
Meaning
Loopback and physical port interfaces are functional and communicating.
Verify OSPF and OSPF3 Functionality
Purpose
On each device, display OSPF and OSPF3 (when applicable) interface, neighbor, and route information to ensure all entities are functioning correctly.
Action
On each device, run the show ospf interface
, show ospf neighbor
, and show route protocol ospf
| match /32
commands from operational mode.
On each device with OSPF3 configuration, also run the show
ospf3 interface
, show ospf3 neighbor
, and show
route table inet6.0 | match /128
commands.
user@host-R1>show ospf interface Interface State Area DR ID BDR ID Nbrs ge-1/0/6.0 DR 0.0.0.0 101.0.0.1 100.0.0.1 1 ge-1/1/6.0 DR 0.0.0.0 101.0.0.1 100.0.0.1 1 ge-1/1/4.0 DR 0.0.0.0 101.0.0.1 103.0.0.1 1 ge-1/1/5.0 DR 0.0.0.0 101.0.0.1 103.0.0.1 1 lo0.0 DR 0.0.0.0 101.0.0.1 0.0.0.0 0 user@host-R1>show ospf neighbor Address Interface State ID Pri Dead 21.21.11.1 ge-1/0/6.0 Full 100.0.0.1 128 36 21.21.10.1 ge-1/1/6.0 Full 100.0.0.1 128 38 21.21.20.2 ge-1/1/4.0 Full 103.0.0.1 128 39 21.21.21.2 ge-1/1/5.0 Full 103.0.0.1 128 35 user@host-R1>show route protocol ospf | match /32 100.0.0.1/32 *[OSPF/10] 1d 23:37:08, metric 1 102.0.0.1/32 *[OSPF/10] 00:04:36, metric 2 103.0.0.1/32 *[OSPF/10] 2d 08:49:59, metric 1 104.0.0.1/32 *[OSPF/10] 1d 23:37:08, metric 2 105.0.0.1/32 *[OSPF/10] 1d 23:37:08, metric 3 224.0.0.5/32 *[OSPF/10] 3d 03:02:09, metric 1
user@host-R2>show ospf interface Interface State Area DR ID BDR ID Nbrs ge-1/0/6.0 DR 0.0.0.0 102.0.0.1 100.0.0.1 1 ge-1/1/6.0 DR 0.0.0.0 102.0.0.1 100.0.0.1 1 ge-1/1/4.0 BDR 0.0.0.0 103.0.0.1 102.0.0.1 1 ge-1/1/5.0 BDR 0.0.0.0 103.0.0.1 102.0.0.1 1 lo0.0 DR 0.0.0.0 102.0.0.1 0.0.0.0 0 user@host-R2>show ospf neighbor Address Interface State ID Pri Dead 21.21.13.1 ge-1/0/6.0 Full 100.0.0.1 128 37 21.21.12.1 ge-1/1/6.0 Full 100.0.0.1 128 31 21.21.30.2 ge-1/1/4.0 Full 103.0.0.1 128 36 21.21.31.2 ge-1/1/5.0 Full 103.0.0.1 128 39 user@host-R2>show route protocol ospf | match /32 100.0.0.1/32 *[OSPF/10] 00:05:09, metric 1 101.0.0.1/32 *[OSPF/10] 00:04:58, metric 2 103.0.0.1/32 *[OSPF/10] 00:04:58, metric 1 104.0.0.1/32 *[OSPF/10] 00:04:58, metric 2 105.0.0.1/32 *[OSPF/10] 00:04:58, metric 3 224.0.0.5/32 *[OSPF/10] 00:07:22, metric 1
user@host-R0>show ospf interface Interface State Area DR ID BDR ID Nbrs ge-0/0/0.0 BDR 0.0.0.0 101.0.0.1 100.0.0.1 1 ge-2/0/0.0 BDR 0.0.0.0 102.0.0.1 100.0.0.1 1 ge-1/0/0.0 BDR 0.0.0.0 101.0.0.1 100.0.0.1 1 ge-3/0/0.0 BDR 0.0.0.0 102.0.0.1 100.0.0.1 1 ge-5/0/0.0 BDR 0.0.0.0 104.0.0.1 100.0.0.1 1 lo0.0 DR 0.0.0.0 100.0.0.1 0.0.0.0 0 ge-4/0/0.0 BDR 0.0.0.0 104.0.0.1 100.0.0.1 1 user@host-R0>show ospf neighbor Address Interface State ID Pri Dead 21.21.11.2 ge-0/0/0.0 Full 101.0.0.1 128 34 21.21.13.2 ge-2/0/0.0 Full 102.0.0.1 128 38 21.21.10.2 ge-1/0/0.0 Full 101.0.0.1 128 35 21.21.12.2 ge-3/0/0.0 Full 102.0.0.1 128 32 21.21.15.2 ge-5/0/0.0 Full 104.0.0.1 128 36 21.21.14.2 ge-4/0/0.0 Full 104.0.0.1 128 36 user@host-R0>show route protocol ospf | match /32 101.0.0.1/32 *[OSPF/10] 1d 23:42:43, metric 1 102.0.0.1/32 *[OSPF/10] 00:10:17, metric 1 103.0.0.1/32 *[OSPF/10] 00:10:16, metric 2 104.0.0.1/32 *[OSPF/10] 1d 23:20:42, metric 1 105.0.0.1/32 *[OSPF/10] 1d 23:20:42, metric 2 224.0.0.5/32 *[OSPF/10] 1d 23:47:44, metric 1 user@host-R0>show ospf3 interface Interface State Area DR ID BDR ID Nbrs ge-5/0/0.0 BDR 0.0.0.0 104.0.0.1 100.0.0.1 1 lo0.0 DR 0.0.0.0 100.0.0.1 0.0.0.0 0 ge-4/0/0.0 BDR 0.0.0.0 104.0.0.1 100.0.0.1 1 user@host-R0>show ospf3 neighbor ID Interface State Pri Dead 104.0.0.1 ge-5/0/0.0 Full 128 36 Neighbor-address fe80::aad0:e5ff:fe50:b262 104.0.0.1 ge-4/0/0.0 Full 128 37 Neighbor-address fe80::aad0:e5ff:fe50:b200 user@host-R0>show route table inet6.0 | match /128 1000::1/128 *[Direct/0] 1d 23:49:15 1003::1/128 *[OSPF3/10] 1d 07:13:56, metric 2 1004::1/128 *[OSPF3/10] 1d 23:22:04, metric 1 1005::1/128 *[OSPF3/10] 1d 07:13:37, metric 2 fe80::2a0:a500:176:14de/128 fe80::2a0:a50f:fc76:14de/128 fe80::ae4b:c8ff:fe45:6800/128 fe80::ae4b:c8ff:fe45:6be0/128 ff02::5/128 *[OSPF3/10] 1d 23:49:17, metric 1
user@host-R3>show ospf interface Interface State Area DR ID BDR ID Nbrs ge-0/0/0.0 BDR 0.0.0.0 101.0.0.1 103.0.0.1 1 ge-2/0/0.0 DR 0.0.0.0 103.0.0.1 102.0.0.1 1 ge-1/0/0.0 BDR 0.0.0.0 101.0.0.1 103.0.0.1 1 ge-3/0/0.0 DR 0.0.0.0 103.0.0.1 102.0.0.1 1 lo0.0 DR 0.0.0.0 103.0.0.1 0.0.0.0 0 ge-4/0/0.0 BDR 0.0.0.0 104.0.0.1 103.0.0.1 1 user@host-R3>show ospf neighbor Address Interface State ID Pri Dead 21.21.20.1 ge-0/0/0.0 Full 101.0.0.1 128 36 21.21.30.1 ge-2/0/0.0 Full 102.0.0.1 128 32 21.21.21.1 ge-1/0/0.0 Full 101.0.0.1 128 39 21.21.31.1 ge-3/0/0.0 Full 102.0.0.1 128 36 21.21.40.2 ge-4/0/0.0 Full 104.0.0.1 128 31 user@host-R3>show route protocol ospf | match /32 100.0.0.1/32 *[OSPF/10] 01:46:52, metric 2 101.0.0.1/32 *[OSPF/10] 2d 10:32:20, metric 1 102.0.0.1/32 *[OSPF/10] 01:46:52, metric 1 104.0.0.1/32 *[OSPF/10] 2d 05:56:03, metric 1 105.0.0.1/32 *[OSPF/10] 2d 05:55:46, metric 2 224.0.0.5/32 *[OSPF/10] 2w1d 01:41:29, metric 1 user@host-R3>show ospf3 interface Interface State Area DR ID BDR ID Nbrs lo0.0 DR 0.0.0.0 103.0.0.1 0.0.0.0 0 ge-4/0/0.0 BDR 0.0.0.0 104.0.0.1 103.0.0.1 1 user@host-R3>show ospf3 neighbor ID Interface State Pri Dead 104.0.0.1 ge-4/0/0.0 Full 128 34 Neighbor-address fe80::aad0:e5ff:fe50:b201 user@host-R3>show route table protocol ospf | match /128 1000::1/128 *[OSPF3/10] 1d 08:49:40, metric 2 1004::1/128 *[OSPF3/10] 2d 05:56:19, metric 1 1005::1/128 *[OSPF3/10] 1d 08:49:22, metric 2 ff02::5/128 *[OSPF3/10] 3d 06:40:09, metric 1
user@host-R4>show ospf interface Interface State Area DR ID BDR ID Nbrs ge-0/0/3.0 DR 0.0.0.0 104.0.0.1 100.0.0.1 1 ge-0/1/3.0 BDR 0.0.0.0 105.0.0.1 104.0.0.1 1 ge-0/1/4.0 DR 0.0.0.0 104.0.0.1 105.0.0.1 1 ge-0/1/7.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0 lo0.0 DR 0.0.0.0 104.0.0.1 0.0.0.0 0 ge-0/0/2.0 DR 0.0.0.0 104.0.0.1 100.0.0.1 1 ge-0/0/4.0 DR 0.0.0.0 104.0.0.1 103.0.0.1 1 user@host-R4>show ospf neighbor Address Interface State ID Pri Dead 21.21.15.1 ge-0/0/3.0 Full 100.0.0.1 128 34 21.21.50.2 ge-0/1/3.0 Full 105.0.0.1 128 34 21.21.51.2 ge-0/1/4.0 Full 105.0.0.1 128 35 21.21.14.1 ge-0/0/2.0 Full 100.0.0.1 128 35 21.21.40.1 ge-0/0/4.0 Full 103.0.0.1 128 33 user@host-R4>show route protocol ospf | match /32 100.0.0.1/32 *[OSPF/10] 2d 00:42:12, metric 1 101.0.0.1/32 *[OSPF/10] 2d 00:42:12, metric 2 102.0.0.1/32 *[OSPF/10] 01:31:41, metric 2 103.0.0.1/32 *[OSPF/10] 2d 05:40:47, metric 1 105.0.0.1/32 *[OSPF/10] 2d 00:45:41, metric 1 224.0.0.5/32 *[OSPF/10] 2d 05:43:18, metric 1 user@host-R4>show ospf3 interface Interface State Area DR ID BDR ID Nbrs ge-0/0/3.0 DR 0.0.0.0 104.0.0.1 100.0.0.1 1 ge-0/1/3.0 BDR 0.0.0.0 105.0.0.1 104.0.0.1 1 ge-0/1/4.0 BDR 0.0.0.0 105.0.0.1 104.0.0.1 1 lo0.0 DR 0.0.0.0 104.0.0.1 0.0.0.0 0 ge-0/0/2.0 DR 0.0.0.0 104.0.0.1 100.0.0.1 1 ge-0/0/4.0 DR 0.0.0.0 104.0.0.1 103.0.0.1 1 user@host-R4>show ospf3 neighbor ID Interface State Pri Dead 100.0.0.1 ge-0/0/3.0 Full 128 32 Neighbor-address fe80::ae4b:c8ff:fe45:6be0 105.0.0.1 ge-0/1/3.0 Full 128 34 Neighbor-address fe80::aad0:e5ff:fe50:b280 105.0.0.1 ge-0/1/4.0 Full 128 32 Neighbor-address fe80::aad0:e5ff:fe50:b281 100.0.0.1 ge-0/0/2.0 Full 128 38 Neighbor-address fe80::ae4b:c8ff:fe45:6800 103.0.0.1 ge-0/0/4.0 Full 128 38 Neighbor-address fe80::ae4b:c8ff:fe45:f000 user@host-R4>show route table inet6.0 | match /128 1000::1/128 *[OSPF3/10] 2d 00:42:17, metric 1 1003::1/128 *[OSPF3/10] 2d 05:40:47, metric 1 1004::1/128 *[Direct/0] 2d 05:43:18 1005::1/128 *[OSPF3/10] 1d 08:33:49, metric 1 fe80::aad0:e50f:fc50:b2ff/128 fe80::aad0:e5ff:fe50:b200/128 fe80::aad0:e5ff:fe50:b201/128 fe80::aad0:e5ff:fe50:b262/128 fe80::aad0:e5ff:fe50:b268/128 fe80::aad0:e5ff:fe50:b269/128 ff02::5/128 *[OSPF3/10] 2d 05:43:34, metric 1
user@host-R5>show ospf interface Interface State Area DR ID BDR ID Nbrs ge-0/1/4.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 0 ge-0/1/4.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 0 ge-1/0/4.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 0 ge-0/0/3.0 DR 0.0.0.0 105.0.0.1 104.0.0.1 1 ge-0/0/5.0 BDR 0.0.0.0 104.0.0.1 105.0.0.1 1 lo0.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 user@host-R5>show ospf neighbor Address Interface State ID Pri Dead 21.21.50.1 ge-0/0/3.0 Full 104.0.0.1 128 35 21.21.51.1 ge-0/0/5.0 Full 104.0.0.1 128 34 user@host-R5>show route protocol ospf | match /32 100.0.0.1/32 *[OSPF/10] 2d 00:29:58, metric 2 101.0.0.1/32 *[OSPF/10] 2d 00:29:58, metric 3 102.0.0.1/32 *[OSPF/10] 01:15:59, metric 3 103.0.0.1/32 *[OSPF/10] 2d 00:29:58, metric 2 104.0.0.1/32 *[OSPF/10] 2d 00:29:58, metric 1 224.0.0.5/32 *[OSPF/10] 2d 05:27:36, metric 1 user@host-R5>show ospf3 interface Interface State Area DR ID BDR ID Nbrs ge-0/1/4.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 0 ge-1/0/4.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 0 ge-0/0/3.0 DR 0.0.0.0 105.0.0.1 104.0.0.1 1 ge-0/0/5.0 DR 0.0.0.0 105.0.0.1 104.0.0.1 1 lo0.0 DR 0.0.0.0 105.0.0.1 0.0.0.0 0 user@host-R5>show ospf3 neighbor ID Interface State Pri Dead 104.0.0.1 ge-0/0/3.0 Full 128 32 Neighbor-address fe80::aad0:e5ff:fe50:b268 104.0.0.1 ge-0/0/5.0 Full 128 35 Neighbor-address fe80::aad0:e5ff:fe50:b269 user@host-R5>show route table inet6.0 | match /128 1000::1/128 *[OSPF3/10] 1d 08:18:18, metric 2 1003::1/128 *[OSPF3/10] 1d 08:18:18, metric 2 1004::1/128 *[OSPF3/10] 1d 08:18:18, metric 1 1005::1/128 *[Direct/0] 2d 05:27:59 3000:db8:ffff:4::1/128 3000:db8:ffff:5::1/128 fe80::aad0:e50f:fc50:b2ff/128 fe80::aad0:e510:50:b2ff/128 fe80::aad0:e5ff:fe50:b260/128 fe80::aad0:e5ff:fe50:b267/128 fe80::aad0:e5ff:fe50:b280/128 fe80::aad0:e5ff:fe50:b281/128 ff02::5/128 *[OSPF3/10] 2d 05:28:04, metric 1
Meaning
OSPF and OSPF3 interfaces, neighbors, and routes are functioning properly.
Verify LDP Functionality
Purpose
On each device, display LDP interface and neighbor information to confirm the entities are functioning correctly.
Action
On each device, run the show ldp interface
and show ldp neighbor
commands from operational mode.
user@host-R1>show ldp interface Interface Label space ID Nbr count Next hello lo0.0 101.0.0.1:0 2 0 ge-1/0/6.0 101.0.0.1:0 1 2 ge-1/1/6.0 101.0.0.1:0 1 0 ge-1/1/5.0 101.0.0.1:0 1 2 user@host-R1>show ldp neighbor Address Interface Label space ID Hold time 100.0.0.1 lo0.0 100.0.0.1:0 34 103.0.0.1 lo0.0 103.0.0.1:0 32 21.21.11.1 ge-1/0/6.0 100.0.0.1:0 12 21.21.10.1 ge-1/1/6.0 100.0.0.1:0 11 21.21.21.2 ge-1/1/5.0 103.0.0.1:0 12
user@host-R2>show ldp interface Interface Label space ID Nbr count Next hello lo0.0 102.0.0.1:0 2 0 ge-1/1/6.0 102.0.0.1:0 1 2 ge-1/1/5.0 102.0.0.1:0 1 1 user@host-R2>show ldp neighbor Address Interface Label space ID Hold time 100.0.0.1 lo0.0 100.0.0.1:0 42 103.0.0.1 lo0.0 103.0.0.1:0 36 21.21.12.1 ge-1/1/6.0 100.0.0.1:0 11 21.21.31.2 ge-1/1/5.0 103.0.0.1:0 11
user@host-R0>show ldp interface Interface Label space ID Nbr count Next hello lo0.0 100.0.0.1:0 2 0 ge-4/0/0.0 100.0.0.1:0 1 0 ge-0/0/0.0 100.0.0.1:0 1 0 ge-2/0/0.0 100.0.0.1:0 0 3 ge-1/0/0.0 100.0.0.1:0 1 2 ge-3/0/0.0 100.0.0.1:0 1 3 ge-5/0/0.0 100.0.0.1:0 1 1 user@host-R0>show ldp neighbor Address Interface Label space ID Hold time 101.0.0.1 lo0.0 101.0.0.1:0 43 102.0.0.1 lo0.0 102.0.0.1:0 41 21.21.14.2 ge-4/0/0.0 104.0.0.1:0 14 21.21.11.2 ge-0/0/0.0 101.0.0.1:0 14 21.21.10.2 ge-1/0/0.0 101.0.0.1:0 13 21.21.12.2 ge-3/0/0.0 102.0.0.1:0 10 21.21.15.2 ge-5/0/0.0 104.0.0.1:0 11
user@host-R3>show ldp interface Interface Label space ID Nbr count Next hello lo0.0 103.0.0.1:0 2 0 ge-0/0/0.0 103.0.0.1:0 0 3 ge-2/0/0.0 103.0.0.1:0 0 2 ge-1/0/0.0 103.0.0.1:0 1 3 ge-3/0/0.0 103.0.0.1:0 1 1 ge-4/0/0.0 103.0.0.1:0 1 3 user@host-R3>show ldp neighbor Address Interface Label space ID Hold time 101.0.0.1 lo0.0 101.0.0.1:0 33 102.0.0.1 lo0.0 102.0.0.1:0 36 21.21.21.1 ge-1/0/0.0 101.0.0.1:0 11 21.21.31.1 ge-3/0/0.0 102.0.0.1:0 10 21.21.40.2 ge-4/0/0.0 104.0.0.1:0 13
user@host-R4>show ldp interface Interface Label space ID Nbr count Next hello lo0.1 104.0.0.1:0 0 0 ge-0/0/2.0 104.0.0.1:0 1 0 ge-0/0/4.0 104.0.0.1:0 1 4 ge-0/0/3.0 104.0.0.1:0 1 3 ge-0/1/3.0 104.0.0.1:0 1 1 ge-0/1/4.0 104.0.0.1:0 1 2 user@host-R4>show ldp neighbor Address Interface Label space ID Hold time 21.21.14.1 ge-0/0/2.0 100.0.0.1:0 13 21.21.40.1 ge-0/0/4.0 103.0.0.1:0 11 21.21.15.1 ge-0/0/3.0 100.0.0.1:0 14 21.21.50.2 ge-0/1/3.0 105.0.0.1:0 14 21.21.51.2 ge-0/1/4.0 105.0.0.1:0 14
user@host-R5>show ldp interface Interface Label space ID Nbr count Next hello lo0.0 105.0.0.1:0 0 0 ge-0/0/3.0 105.0.0.1:0 1 0 ge-0/0/5.0 105.0.0.1:0 1 2 user@host-R5>show ldp neighbor Address Interface Label space ID Hold time 21.21.50.1 ge-0/0/3.0 104.0.0.1:0 14 21.21.51.1 ge-0/0/5.0 104.0.0.1:0 10
Meaning
LDP interfaces and neighbors are operational.
Verify MPLS Interfaces
Purpose
On each device, display MPLS interface information to confirm the interfaces are Up.
Action
On each device, run the show mpls interface
command from operational mode.
user@host-R1>show mpls interface Interface State Administrative groups (x: extended) ge-1/0/6.0 Up none ge-1/1/6.0 Up none ge-1/1/4.0 Up none ge-1/1/5.0 Up none
user@host-R2>show mpls interface Interface State Administrative groups (x: extended) ge-1/1/6.0 Up none ge-1/1/4.0 Up none ge-1/1/5.0 Up none
user@host-R0>show mpls interface Interface State Administrative groups (x: extended) ge-4/0/0.0 Up none ge-0/0/0.0 Up none ge-2/0/0.0 Up none ge-1/0/0.0 Up none ge-3/0/0.0 Up none ge-5/0/0.0 Up none
user@host-R3>show mpls interface Interface State Administrative groups (x: extended) ge-0/0/0.0 Up none ge-2/0/0.0 Up none ge-1/0/0.0 Up none ge-3/0/0.0 Up none ge-4/0/0.0 Up none
user@host-R4>show mpls interface Interface State Administrative groups (x: extended) ge-0/0/2.0 Up none ge-0/0/4.0 Up none ge-0/0/3.0 Up none ge-0/1/3.0 Up none ge-0/1/4.0 Up none
user@host-R5>show mpls interface Interface State Administrative groups (x: extended) ge-0/0/3.0 Up none ge-0/0/5.0 Up none
Meaning
MPLS interfaces are operational.
Verify Circuit Cross-Connect (CCC) Interfaces and L2 Circuits on R1, R2, and R0
Purpose
Display L2 circuit and BFD session information to confirm the interfaces and sessions are functioning properly.
Action
On R1, R2, and R0, run the show interfaces terse
| match ccc | count
, show l2circuit connections summary
, show l2circuit connections interface ge-1/0/2.1
, show bfd session summary
, and show bfd session detail
commands from operational mode. The output of the show bfd
session detail
command is truncated in this example.
user@host-R1>show interfaces terse | match ccc | count Count: 1000 lines user@host-R1>show l2circuit connections summary Layer-2 Circuit Connections Summary: Neighbor: 100.0.0.1 Total VCs up: 1000, Total VCs down: 0 Neighbor: 103.0.0.1 Total VCs up: 0, Total VCs down: 1000 user@host-R1>show l2circuit connections interface ge-1/0/2.1 Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 100.0.0.1 Interface Type St Time last up # Up trans ge-1/0/2.1(vc 1) rmt Up Feb 13 23:12:57 2015 1 Remote PE: 100.0.0.1, Negotiated control-word: Yes (Null) Incoming label: 667712, Outgoing label: 299776 Negotiated PW status TLV: No Local interface: ge-1/0/2.1, Status: Up, Encapsulation: ETHERNET Flow Label Transmit: No, Flow Label Receive: No Neighbor: 103.0.0.1 ge-1/0/2.1(vc 1) rmt BK user@host-R1>show bfd session summary 1000 sessions, 1000 clients Cumulative transmit rate 999.8 pps, cumulative receive rate 999.8 pps user@host-R1>show bfd session detail Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-1/1/6.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:06:09 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Session type: VCCV BFD Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-1/0/6.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:15:06 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Session type: VCCV BFD Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-1/1/6.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:33:14 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Session type: VCCV BFD ...
user@host-R2>show interfaces terse | match ccc | count Count: 1048 lines user@host-R2>show l2circuit connections summary Layer-2 Circuit Connections Summary: Neighbor: 100.0.0.1 Total VCs up: 1048, Total VCs down: 0 Neighbor: 103.0.0.1 Total VCs up: 0, Total VCs down: 1048 user@host-R2>show l2circuit connections interface ge-1/0/2.1 Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 100.0.0.1 Interface Type St Time last up # Up trans ge-1/0/2.1(vc 1001) rmt Up Feb 15 22:42:21 2015 1 Remote PE: 100.0.0.1, Negotiated control-word: Yes (Null) Incoming label: 299776, Outgoing label: 315776 Negotiated PW status TLV: No Local interface: ge-1/0/2.1, Status: Up, Encapsulation: ETHERNET Neighbor: 103.0.0.1 ge-1/0/2.1(vc 1001) rmt BK user@host-R2>show bfd session summary 1048 sessions, 1048 clients Cumulative transmit rate 1047.8 pps, cumulative receive rate 1047.8 pps user@host-R2>show bfd session detail Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-1/1/6.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:02:30 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-1/1/6.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:02:36 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-1/1/6.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:02:00 Local diagnostic None, remote diagnostic None Remote state Up, version 1 ...
user@host-R0>show interfaces terse | match ccc | count Count: 2048 lines user@host-R0>show l2circuit connections summary Layer-2 Circuit Connections Summary: Neighbor: 101.0.0.1 Total VCs up: 1000, Total VCs down: 0 Neighbor: 102.0.0.1 Total VCs up: 1048, Total VCs down: 0 user@host-R0>show l2circuit connections interface ps0.0 Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 101.0.0.1 Interface Type St Time last up # Up trans ps0.0(vc 1) rmt Up Feb 13 22:13:18 2015 1 Remote PE: 101.0.0.1, Negotiated control-word: Yes (Null) Incoming label: 299776, Outgoing label: 667712 Negotiated PW status TLV: No Local interface: ps0.0, Status: Up, Encapsulation: ETHERNET user@host-R0>show bfd session summary 2048 sessions, 2048 clients Cumulative transmit rate 2047.5 pps, cumulative receive rate 2047.5 pps user@host-R0>show bfd session detail Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-0/0/0.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:00:39 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Replicated Session type: VCCV BFD Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:13:29 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Replicated Session type: VCCV BFD Detect Transmit Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 Client L2CKT-OAM, TX interval 1.000, RX interval 1.000 Session up time 00:13:07 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Replicated Session type: VCCV BFD ...
Meaning
CCC and L2 circuit interfaces are operational.
Verify Logical Tunnel (LT) Interfaces on R0 and R3
Purpose
Display logical tunnel interfaces to ensure they are Up.
Action
On R0 and R3 (from operational mode), run the show
interfaces terse | match lt
command to confirm the LT interfaces
are Up. Then run the show interfaces terse
command for
each individual interface to display more detailed information. One
interface for each device is shown here. Repeat for additional interfaces
as needed.
user@host-R0>show interfaces terse | match lt lt-0/0/10 up up lt-0/1/10 up up lt-0/2/10 up up lt-0/3/10 up up lt-1/0/10 up up lt-1/1/10 up up lt-1/2/10 up up lt-1/3/10 up up multiservice multiservice lt-2/0/10 up up lt-2/1/10 up up lt-2/2/10 up up lt-2/3/10 up up multiservice multiservice multiservice lt-3/0/10 up up lt-3/1/10 up up lt-3/2/10 up up lt-3/3/10 up up user@host-R0>show interfaces lt-0/0/10 terse Interface Admin Link Proto Local Remote lt-0/0/10 up up
user@host-R3>show interfaces terse | match lt multiservice lt-0/0/10 up up lt-0/1/10 up up lt-0/2/10 up up lt-0/3/10 up up lt-1/0/10 up up lt-1/1/10 up up lt-1/2/10 up up lt-1/3/10 up up multiservice multiservice lt-2/0/10 up up lt-2/1/10 up up lt-2/2/10 up up lt-2/3/10 up up multiservice multiservice lt-3/0/10 up up lt-3/1/10 up up lt-3/2/10 up up lt-3/3/10 up up user@host-R3>show interfaces lt-0/0/10 terse Interface Admin Link Proto Local Remote lt-0/0/10 up up
Meaning
LT interfaces are all confirmed to be Up.
Verify Pseudoservice (PS) Interfaces on R0 and R3
Purpose
Display pseudoservice interfaces to ensure they are Up.
Action
On R0 and R3, run the show interfaces ps0 terse
command from operational mode to confirm the PS interfaces are Up.
user@host-R0>show interfaces ps0 terse Interface Admin Link Proto Local Remote ps0 up up ps0.0 up up ccc ps0.32767 up up ps0.1073741863 up up inet 100.0.0.1 --> 0/0 inet6 fe80::2a0:a500:176:14de pppoe user@host-R0>show interfaces terse | match ps | match ccc | match up | count Count: 2048 lines
user@host-R3>show interfaces ps0 terse Interface Admin Link Proto Local Remote ps0 up up ps0.0 up up ccc ps0.32767 up up user@host-R3>show interfaces terse | match ps | match ccc | match up | count Count: 2048 lines
Meaning
PS interfaces are up and running.
Verify DHCPv4 Over Dynamic VLAN Interfaces on R0
Purpose
Display DHCPv4 subscriber and other DHCPv4 over dynamic VLAN information to ensure the interfaces are functioning.
Action
From operational mode, run the show subscribers
, show dhcp server binding
, show subscribers detail
, show route protocol access-internal
, show firewall
, show class-of-service traffic-control-profile
, and show class-of-service scheduler-hierarchy interface ps0.1073741855
commands.
user@host-R0>show subscribers Interface IP Address/VLAN ID User Name LS:RI ps0.1073741855 0x8100.1 0x8100.100 SST_USER_VLAN_DEFAULT default:default ps0.1073741855 100.16.0.3 SST_USER_DHCP_V4_DEFAULT default:default user@host-R0>show dhcp server binding IP address Session Id Hardware address Expires State Interface 100.16.0.3 55 00:22:68:14:84:d5 25191 BOUND ps0.1073741855 user@host-R0>show subscribers detail Type: VLAN User Name: SST_USER_VLAN_DEFAULT Logical System: default Routing Instance: default Interface: ps0.1073741855 Interface type: Dynamic Underlying Interface: ps0 Dynamic Profile Name: vlan-prof-0 Dynamic Profile Version: 2 State: Active Radius Accounting ID: 54 Session ID: 54 Stacked VLAN Id: 0x8100.1 VLAN Id: 0x8100.100 Login Time: 2015-02-15 21:47:47 PST Type: DHCP User Name: SST_USER_DHCP_V4_DEFAULT IP Address: 100.16.0.3 IP Netmask: 255.0.0.0 Logical System: default Routing Instance: default Interface: ps0.1073741855 Interface type: Static Underlying Interface: ps0.1073741855 Dynamic Profile Name: client-profile Dynamic Profile Version: 1 MAC Address: 00:22:68:14:84:d5 State: Active Radius Accounting ID: 55 Session ID: 55 Stacked VLAN Id: 1 VLAN Id: 100 Login Time: 2015-02-15 21:47:51 PST Service Sessions: 1 DHCP Options: len 48 35 01 01 32 04 64 10 00 03 0c 16 66 69 72 65 62 61 63 6b 2d 54 68 69 6e 6b 50 61 64 2d 54 34 30 30 37 0d 01 1c 02 03 0f 06 77 0c 2c 2f 1a 79 2a user@host-R0>show route protocol access-internal inet.0: 34 destinations, 35 routes (34 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 100.16.0.3/32 *[Access-internal/12] 00:04:41 > to #0 0.22.68.14.84.d5 via ps0.1073741855 inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) mpls.0: 4110 destinations, 4110 routes (4110 active, 0 holddown, 0 hidden) __mpls-oam__.mpls.0: 2048 destinations, 2048 routes (2048 active, 0 holddown, 0 hidden) inet6.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) inet6.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) l2circuit.0: 4096 destinations, 4096 routes (4096 active, 0 holddown, 0 hidden) user@host-R0>show firewall Filter: RPF-PASS-DHCP-V4 Counters: Name Bytes Packets RPF-DHCP-V4-TRAFFIC 1968 6 Filter: RPF-PASS-DHCP-V6 Counters: Name Bytes Packets RPF-DHCP-V6-TRAFFIC 0 0 Filter: __default_bpdu_filter__ Filter: INPUT-V4-FILTER-01-ps0.1073741855-in Counters: Name Bytes Packets COUNTER11-ps0.1073741855-in 0 0 __junos-dyn-service-counter 0 0 Filter: OUTPUT-V4-FILTER-01-ps0.1073741855-out Counters: Name Bytes Packets COUNTER12-ps0.1073741855-out 0 0 __junos-dyn-service-counter 0 0 user@host-R0>show class-of-service traffic-control-profile Traffic control profile: TCP_PS.o.ps0.1073741855, Index: 1337886568 Shaping rate: 60000000 Scheduler map: ps0.1073741855.SMAP_PS Guaranteed rate: 50000000 user@host-R0>show class-of-service scheduler-hierarchy interface ps0.1073741855 Interface/ Shaping Guarnteed Guaranteed/ Queue Excess Resource name rate rate Excess weight weight kbits kbits priority high/low lt-0/0/10 1000000 lt-0/0/10 RTP 1000000 0 1 1 FC0 1000000 0 Low Low 950 FC3 1000000 0 Low Low 50 ps0.1073741855 60000 50000 500 500 FC0 60000 Disabled High High 2 FC1 60000 20000 Medium Low 400 FC2 60000 14950 Low Low 299 FC3 60000 14950 Low Low 299
Meaning
DHCPv4 over dynamic VLAN interfaces are operational.
Verify DHCPv6-PD Over Dynamic VLAN Interfaces on R0
Purpose
Display DHCPv6-PD subscriber and other DHCPv6-PD over dynamic VLAN information to ensure the interfaces are functioning.
Action
From operational mode, run the show subscribers
, show dhcpv6 server binding
, show subscribers detail
, show route table inet6.0 protocol access
, show
firewall
, show class-of-service traffic-control-profile
, and show class-of-service scheduler-hierarchy interface ps0.1073741856
commands.
user@host-R0>show subscribers Interface IP Address/VLAN ID User Name LS:RI ps0.1073741856 0x8100.1 0x8100.100 SST_USER_VLAN_DEFAULT default:default ps0.1073741856 1000::/56 SST_USER_DHCP_V6_DEFAULT default:default user@host-R0>show dhcpv6 server binding Prefix Session Id Expires State Interface Client DUID 1000::/56 58 25178 BOUND ps0.1073741856 LL_TIME0x1-0x1c0fbbe9-00:22:68:14:84:d5 user@host-R0>show subscribers detail Type: VLAN User Name: SST_USER_VLAN_DEFAULT Logical System: default Routing Instance: default Interface: ps0.1073741856 Interface type: Dynamic Underlying Interface: ps0 Dynamic Profile Name: vlan-prof-0 Dynamic Profile Version: 2 State: Active Radius Accounting ID: 57 Session ID: 57 Stacked VLAN Id: 0x8100.1 VLAN Id: 0x8100.100 Login Time: 2015-02-15 21:54:47 PST Type: DHCP User Name: SST_USER_DHCP_V6_DEFAULT IPv6 Prefix: 1000::/56 Logical System: default Routing Instance: default Interface: ps0.1073741856 Interface type: Static Underlying Interface: ps0.1073741856 Dynamic Profile Name: client-profile Dynamic Profile Version: 1 MAC Address: 00:22:68:14:84:d5 State: Active Radius Accounting ID: 58 Session ID: 58 Stacked VLAN Id: 1 VLAN Id: 100 Login Time: 2015-02-15 21:54:48 PST Service Sessions: 1 DHCP Options: len 48 00 01 00 0e 00 01 00 01 1c 0f bb e9 00 22 68 14 84 d5 00 08 00 02 00 64 00 06 00 04 00 17 00 18 00 19 00 0c 00 00 00 01 00 00 00 00 00 00 00 00 user@host-R0>show route table inet6.0 protocol access inet6.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1000::/56 *[Access/13] 00:00:35 > to fe80::222:68ff:fe14:84d5 via ps0.1073741856 user@host-R0>show firewall Filter: RPF-PASS-DHCP-V4 Counters: Name Bytes Packets RPF-DHCP-V4-TRAFFIC 1968 6 Filter: RPF-PASS-DHCP-V6 Counters: Name Bytes Packets RPF-DHCP-V6-TRAFFIC 0 0 Filter: __default_bpdu_filter__ Filter: INPUT-V6-FILTER-01-ps0.1073741856-in Counters: Name Bytes Packets COUNTER21-ps0.1073741856-in 72 1 __junos-dyn-service-counter 72 1 Filter: OUTPUT-V6-FILTER-01-ps0.1073741856-out Counters: Name Bytes Packets COUNTER22-ps0.1073741856-out 0 0 __junos-dyn-service-counter user@host-R0>show class-of-service traffic-control-profile Traffic control profile: TCP_PS.o.ps0.1073741856, Index: 1337886571 Shaping rate: 60000000 Scheduler map: ps0.1073741856.SMAP_PS Guaranteed rate: 50000000 user@host-R0>show class-of-service scheduler-hierarchy interface ps0.1073741856 Interface/ Shaping Guarnteed Guaranteed/ Queue Excess Resource name rate rate Excess weight weight kbits kbits priority high/low lt-0/0/10 1000000 lt-0/0/10 RTP 1000000 0 1 1 FC0 1000000 0 Low Low 950 FC3 1000000 0 Low Low 50 ps0.1073741856 60000 50000 500 500 FC0 60000 Disabled High High 2 FC1 60000 20000 Medium Low 400 FC2 60000 14950 Low Low 299 FC3 60000 14950 Low Low 299
Meaning
DHCPv6-PD over dynamic VLAN interfaces are operational.
Verify PPPoE Over Dynamic VLAN Interfaces on R0
Purpose
Display PPPoE subscriber and other PPPoE over dynamic VLAN information to ensure the interfaces are functioning.
Action
From operational mode, run the show subscribers
, show subscriber summary
, show subscribers detail
, show pppoe interfaces
, show route protocol access-internal
, show firewall
, show class-of-service traffic-control-profile
, and show class-of-service scheduler-hierarchy interface ps0.1073741859
commands.
user@host-R0>show subscribers Interface IP Address/VLAN ID User Name LS:RI ps0.1073741859 0x8100.1 0x8100.100 SST_USER_VLAN_DEFAULT default:default pp0.1073741860 100.16.0.7 SST_USER_PPPOE_LT_DEFAULT default:default user@host-R0>show subscribers summary Subscribers by State Active: 2 Total: 2 Subscribers by Client Type VLAN: 1 PPPoE: 1 Total: 2 user@host-R0>show subscribers detail Type: VLAN User Name: SST_USER_VLAN_DEFAULT Logical System: default Routing Instance: default Interface: ps0.1073741859 Interface type: Dynamic Underlying Interface: ps0 Dynamic Profile Name: vlan-prof-0 Dynamic Profile Version: 2 State: Active Radius Accounting ID: 63 Session ID: 63 Stacked VLAN Id: 0x8100.1 VLAN Id: 0x8100.100 Login Time: 2015-02-15 22:09:55 PST Type: PPPoE User Name: SST_USER_PPPOE_LT_DEFAULT IP Address: 100.16.0.7 IP Netmask: 255.0.0.0 Primary DNS Address: 9.0.0.100 Secondary DNS Address: 9.0.0.101 Logical System: default Routing Instance: default Interface: pp0.1073741860 Interface type: Dynamic Underlying Interface: ps0.1073741859 Dynamic Profile Name: pppoe-client-profile Dynamic Profile Version: 1 MAC Address: 00:22:68:14:84:d5 State: Active Radius Accounting ID: 64 Session ID: 64 Stacked VLAN Id: 1 VLAN Id: 100 Login Time: 2015-02-15 22:10:00 PST Service Sessions: 1 user@host-R0>show pppoe interfaces pp0.1073741860 Index 586 State: Session Up, Session ID: 1, Type: Dynamic, Service name: (empty), Remote MAC address: 00:22:68:14:84:D5, Session AC name: petrel, Session uptime: 00:03:23 ago, Dynamic Profile: pppoe-client-profile, Underlying interface: ps0.1073741859 Index 585 user@host-R0>show route protocol access-internal inet.0: 34 destinations, 35 routes (34 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 100.16.0.7/32 *[Access-internal/12] 00:03:31 > via pp0.1073741860 inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) mpls.0: 4110 destinations, 4110 routes (4110 active, 0 holddown, 0 hidden) __mpls-oam__.mpls.0: 2048 destinations, 2048 routes (2048 active, 0 holddown, 0 hidden) inet6.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) inet6.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) l2circuit.0: 4096 destinations, 4096 routes (4096 active, 0 holddown, 0 hidden) user@host-R0>show firewall Filter: RPF-PASS-DHCP-V4 Counters: Name Bytes Packets RPF-DHCP-V4-TRAFFIC 1968 6 Filter: RPF-PASS-DHCP-V6 Counters: Name Bytes Packets RPF-DHCP-V6-TRAFFIC 0 0 Filter: __default_bpdu_filter__ Filter: INPUT-V4-FILTER-01-pp0.1073741860-in Counters: Name Bytes Packets COUNTER11-pp0.1073741860-in 40698 238 __junos-dyn-service-counter 40698 238 Filter: OUTPUT-V4-FILTER-01-pp0.1073741860-out Counters: Name Bytes Packets COUNTER12-pp0.1073741860-out 0 0 __junos-dyn-service-counter 0 0 Filter: INPUT-V6-FILTER-01-pp0.1073741860-in Counters: Name Bytes Packets COUNTER21-pp0.1073741860-in 152 2 __junos-dyn-service-counter 152 2 Filter: OUTPUT-V6-FILTER-01-pp0.1073741860-out Counters: Name Bytes Packets COUNTER22-pp0.1073741860-out 0 0 __junos-dyn-service-counter 0 0 user@host-R0>show class-of-service traffic-control-profile Traffic control profile: TCP_PS.o.ps0.1073741859, Index: 1337886564 Shaping rate: 60000000 Scheduler map: ps0.1073741859.SMAP_PS Guaranteed rate: 50000000 user@host-R0>show class-of-service scheduler-hierarchy interface ps0.1073741859 Interface/ Shaping Guarnteed Guaranteed/ Queue Excess Resource name rate rate Excess weight weight kbits kbits priority high/low lt-0/0/10 1000000 lt-0/0/10 RTP 1000000 0 1 1 FC0 1000000 0 Low Low 950 FC3 1000000 0 Low Low 50 ps0.1073741859 60000 50000 500 500 FC0 60000 Disabled High High 2 FC1 60000 20000 Medium Low 400 FC2 60000 14950 Low Low 299 FC3 60000 14950 Low Low 299
Meaning
PPPoE over dynamic VLAN interfaces are operational.
Verify DHCP-PD Over PPPoE Over Dynamic VLAN Interfaces on R0
Purpose
Display PPPoE subscriber, DHCPv6 server binding, and inet6 route table information to ensure the interfaces are functioning.
Action
From operational mode, run the show subscribers
, show subscriber summary
, show dhcpv6 server binding
, show subscribers detail
, and show route table inet6.0
protocol access
commands.
user@host-R0>show subscribers Interface IP Address/VLAN ID User Name LS:RI ps0.1073741859 0x8100.1 0x8100.100 SST_USER_VLAN_DEFAULT default:default pp0.1073741860 100.16.0.7 SST_USER_PPPOE_LT_DEFAULT default:default * 1000::/56 pp0.1073741860 1000::/56 default:default user@host-R0>show subscribers summary Subscribers by State Active: 3 Total: 3 Subscribers by Client Type DHCP: 1 VLAN: 1 PPPoE: 1 Total: 3 user@host-R0>show subscribers detail Type: VLAN User Name: SST_USER_VLAN_DEFAULT Logical System: default Routing Instance: default Interface: ps0.1073741859 Interface type: Dynamic Underlying Interface: ps0 Dynamic Profile Name: vlan-prof-0 Dynamic Profile Version: 2 State: Active Radius Accounting ID: 63 Session ID: 63 Stacked VLAN Id: 0x8100.1 VLAN Id: 0x8100.100 Login Time: 2015-02-15 22:09:55 PST Type: PPPoE User Name: SST_USER_PPPOE_LT_DEFAULT IP Address: 100.16.0.7 IP Netmask: 255.0.0.0 Primary DNS Address: 9.0.0.100 Secondary DNS Address: 9.0.0.101 Logical System: default Routing Instance: default Interface: pp0.1073741860 Interface type: Dynamic Underlying Interface: ps0.1073741859 Dynamic Profile Name: pppoe-client-profile Dynamic Profile Version: 1 MAC Address: 00:22:68:14:84:d5 State: Active Radius Accounting ID: 64 Session ID: 64 Stacked VLAN Id: 1 VLAN Id: 100 Login Time: 2015-02-15 22:10:00 PST Service Sessions: 1 user@host-R0>show dhcpv6 server binding Prefix Session Id Expires State Interface Client DUID 1000::/56 66 25102 BOUND pp0.1073741860 LL_TIME0x1-0x1c0fbbe9-00:22:68:14:84:d5 user@host-R0>show subscribers detail Type: VLAN User Name: SST_USER_VLAN_DEFAULT Logical System: default Routing Instance: default Interface: ps0.1073741859 Interface type: Dynamic Underlying Interface: ps0 Dynamic Profile Name: vlan-prof-0 Dynamic Profile Version: 2 State: Active Radius Accounting ID: 63 Session ID: 63 Stacked VLAN Id: 0x8100.1 VLAN Id: 0x8100.100 Login Time: 2015-02-15 22:09:55 PST Type: PPPoE User Name: SST_USER_PPPOE_LT_DEFAULT IP Address: 100.16.0.7 IP Netmask: 255.0.0.0 Primary DNS Address: 9.0.0.100 Secondary DNS Address: 9.0.0.101 IPv6 Prefix: 1000::/56 Logical System: default Routing Instance: default Interface: pp0.1073741860 Interface type: Dynamic Underlying Interface: ps0.1073741859 Dynamic Profile Name: pppoe-client-profile Dynamic Profile Version: 1 MAC Address: 00:22:68:14:84:d5 State: Active Radius Accounting ID: 64 Session ID: 64 Stacked VLAN Id: 1 VLAN Id: 100 Login Time: 2015-02-15 22:10:00 PST Service Sessions: 1 Type: DHCP IPv6 Prefix: 1000::/56 Logical System: default Routing Instance: default Interface: pp0.1073741860 Interface type: Static Underlying Interface: ps0.1073741859 MAC Address: 00:22:68:14:84:d5 State: Active Radius Accounting ID: 66 Session ID: 66 Underlying Session ID: 64 Login Time: 2015-02-15 22:15:20 PST DHCP Options: len 48 00 01 00 0e 00 01 00 01 1c 0f bb e9 00 22 68 14 84 d5 00 08 00 02 00 00 00 06 00 04 00 17 00 18 00 19 00 0c 00 00 00 01 00 00 00 00 00 00 00 00 user@host-R0>show route table inet6.0 protocol access inet6.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1000::/56 *[Access/13] 00:02:02 > via pp0.1073741860
Meaning
DHCPv6-PD over PPPoE over dynamic VLAN interfaces are operational.
Verify LAC PPP over Dynamic Interfaces on R0
Purpose
Display subscriber, network access AAA, and L2TP services information to ensure the interfaces are functioning.
Action
From operational mode, run the show subscribers
, show subscriber summary
, show subscribers detail
, show network-access aaa subscribers
, show network-access
aaa subscribers session-id 67
, show network-access aaa
subscribers session-id 67 detail
, show network-access aaa
subscribers session-id 68
, show network-access aaa subscribers
session-id 68 detail
, show services l2tp summary
, show services l2tp destination
, show services l2tp tunnel
, show services l2tp session
, show services l2tp
destination extensive
, show services l2tp tunnel extensive
, and show services l2tp session extensive
commands.
user@host-R0>show subscribers Interface IP Address/VLAN ID User Name LS:RI ps0.1073741861 0x8100.1 0x8100.100 SST_USER_VLAN_DEFAULT default:default pp0.1073741862 Tunneled SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM default:default user@host-R0>show subscribers summary Subscribers by State Active: 2 Total: 2 Subscribers by Client Type VLAN: 1 PPPoE: 1 Total: 2 user@host-R0>show subscribers detail Type: VLAN User Name: SST_USER_VLAN_DEFAULT Logical System: default Routing Instance: default Interface: ps0.1073741861 Interface type: Dynamic Underlying Interface: ps0 Dynamic Profile Name: vlan-prof-0 Dynamic Profile Version: 2 State: Active Radius Accounting ID: 67 Session ID: 67 Stacked VLAN Id: 0x8100.1 VLAN Id: 0x8100.100 Login Time: 2015-02-15 22:19:54 PST Type: PPPoE User Name: SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM Logical System: default Routing Instance: default Interface: pp0.1073741862 Interface type: Dynamic Underlying Interface: ps0.1073741861 Dynamic Profile Name: pppoe-client-profile Dynamic Profile Version: 1 MAC Address: 00:22:68:14:84:d5 State: Active PPP State: Tunneled Local IP Address: 100.0.0.1 Remote IP Address: 105.0.0.1 Radius Accounting ID: 68 Session ID: 68 Stacked VLAN Id: 1 VLAN Id: 100 Login Time: 2015-02-15 22:19:59 PST user@host-R0>show network-access aaa subscribers Username Logical system/Routing instance Client type Session-ID SST_USER_VLAN_DEFAULT default:default vlan 67 SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM default:default pppoe 68 user@host-R0>show network-access aaa subscribers session-id 67 Logical system/Routing instance Client type Session-ID Session uptime Accounting default:default vlan 67 00:09:43 on/volume+time user@host-R0>show network-access aaa subscribers session-id 67 detail Type: vlan Stripped username: SST_USER_VLAN_DEFAULT AAA Logical system/Routing instance: default:default Target Logical system/Routing instance: default:default Access-profile: Access-Profile-0 Session ID: 67 Accounting Session ID: 67 Multi Accounting Session ID: 0 Authentication State: AuthStateActive Accounting State: Acc-Interim-Sent Provisioning Type: None user@host-R0>show network-access aaa subscribers session-id 68 Logical system/Routing instance Client type Session-ID Session uptime Accounting default:default pppoe 68 00:09:48 on/volume+time user@host-R0>show network-access aaa subscribers session-id 68 detail Type: pppoe Username: SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM Stripped username: SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM AAA Logical system/Routing instance: default:default Target Logical system/Routing instance: default:default Access-profile: Access-Profile-0 Session ID: 68 Accounting Session ID: 68 Multi Accounting Session ID: 0 Authentication State: AuthStateActive Accounting State: Acc-Interim-Sent Provisioning Type: None user@host-R0>show services l2tp summary Failover within a preference level is Disabled Weighted load balancing is Disabled Tunnel authentication challenge is Enabled Calling number avp is Enabled Failover Protocol is Enabled Tx Connect speed method is static Rx speed avp when equal is Disabled Tunnel assignment id format is assignment-id Tunnel Tx Address Change is Accept Max Retransmissions for Established Tunnel is 7 Max Retransmissions for Not Established Tunnel is 5 Tunnel Idle Timeout is 60 seconds Destruct Timeout is 300 seconds Destination Lockout Timeout is 300 seconds Destinations: 1, Tunnels: 1, Sessions: 1, Switched sessions: 0 user@host-R0>show services l2tp destination Local Name Remote IP Tunnels Sessions State 3 105.0.0.1 1 1 Enabled user@host-R0>show services l2tp tunnel Local ID Remote ID Remote IP Sessions State 26595 30823 105.0.0.1:1701 1 Established user@host-R0>show services l2tp session Tunnel local ID: 26595 Local Remote State Interface Interface ID ID unit Name 8956 1214 Established 1073741862 pp0 user@host-R0>show services l2tp destination extensive Waiting for statistics... Local name: 3 Remote IP: 105.0.0.1 Tunnels: 1, Sessions: 1 State: Enabled Local IP: 100.0.0.1 Transport: ipUdp, Logical System: default, Router Instance: default Lockout State: not locked Connections Totals Active Failed Tunnels 1 1 0 Sessions 1 1 0 Packets Bytes Control Tx 16 591 Control Rx 16 438 Data Tx 584 122.2k Data Rx 441 23.8k Errors Tx 0 Errors Rx 0 user@host-R0>show services l2tp tunnel extensive Waiting for statistics... Tunnel local ID: 26595, Tunnel remote ID: 30823 Remote IP: 105.0.0.1:1701 Sessions: 1, State: Established Tunnel Name: 3/Tunnel-ID-1 Local IP: 100.0.0.1:1701 Local name: petrel, Remote name: R5 Effective Peer Resync Mechanism: failover protocol Nas Port Method: none Tunnel Logical System: default, Tunnel Routing Instance: default Max sessions: 128100, Window size: 4, Hello interval: 60 Create time: Sun Feb 15 22:20:00 2015, Up time: 00:13:52 Idle time: 00:00:00 Statistics since: Sun Feb 15 22:20:00 2015 Packets Bytes Control Tx 16 591 Control Rx 16 438 Data Tx 584 122.2k Data Rx 441 23.8k Errors Tx 0 Errors Rx 0 user@host-R0>show services l2tp session extensive Tunnel local ID: 26595 Session local ID: 8956, Session remote ID: 1214 Interface unit: 1073741862 State: Established Interface: pp0 Mode: Dedicated Local IP: 100.0.0.1:1701, Remote IP: 105.0.0.1:1701 Local name: petrel, Remote name: R5 Bearer type: 1, Framing type: 1 LCP renegotiation: N/A, Authentication: None, Interface ID: N/A Call serial number: 7 Tx speed: 0, Rx speed: 0 Create time: Sun Feb 15 22:20:00 2015, Up time: 00:13:57 Idle time: N/A Statistics since: Sun Feb 15 22:20:00 2015 Packets Bytes Data Tx 589 122.5k Data Rx 446 24.1k
Meaning
LAC PPP over dynamic VLAN interfaces are operational.
Verify the AAA Access and RADIUS Server Configuration and Statistics on R0
Purpose
Display RADIUS server, domain map, and AAA information to ensure that AAA and RADIUS are functioning as expected.
Action
From operational mode, run the show network-access
aaa accounting
, show network-access aaa radius-servers
detail
, show network-access domain-map statistics
, show network-access aaa statistics authentication
, show network-access aaa statistics authentication detail
, show network-access aaa statistics accounting
, show network-access
aaa statistics accounting detail
, show network-access requests
statistics
, show network-access requests pending
, show network-access aaa statistics pending-accounting-stops detail
, and show network-access aaa statistics radius
commands.
user@host-R0>show network-access aaa accounting Profile Logical System Routing Instance Acct-On-Response Access-Profile-0 default default ACK user@host-R0>show network-access aaa radius-servers detail Profile: Access-Profile-0 Server address: 9.0.0.9 Authentication port: 1812 Accounting port: 1813 Status: UP RADIUS Servers 9.0.0.9 Round Trip Time: 0 Authentication requests: 51 Authentication rollover requests: 0 Authentication retransmissions: 0 Accepts: 51 Rejects: 0 Challenges: 0 Authentication malformed responses: 0 Authentication bad authenticators: 0 Authentication requests pending: 0 Authentication request timeouts: 0 Authentication unknown responses: 0 Authentication packets dropped: 0 Accounting start requests: 59 Accounting interim requests: 389 Accounting stop requests: 59 Accounting rollover requests: 0 Accounting retransmissions: 10 Accounting start responses: 59 Accounting interim responses: 389 Accounting stop responses: 59 Accounting malformed responses: 0 Accounting bad authenticators: 0 Accounting requests pending: 0 Accounting request timeouts: 11 Accounting unknown responses: 0 Accounting packets dropped: 0 user@host-R0>show network-access domain-map statistics General domain mapping statistics Matched domains: 8 Unmatched domains: 43 Missing domain names: 43 Stripped usernames: 0 Domain statistics for domain-name: default Default used: 0 user@host-R0>show network-access aaa statistics authentication Authentication module statistics Requests received: 51 Accepts: 51 Rejects: 0 Challenges: 0 Timed out requests: 0 user@host-R0>show network-access aaa statistics authentication detail Authentication module statistics Requests received: 51 Accepts: 51 Rejects: 0 RADIUS authentication failures: 0 Queue request deleted: 0 Malformed reply: 0 No server configured: 0 Access Profile configuration not found: 0 Unable to create client record: 0 Unable to create client request: 0 Unable to build authentication request: 0 No available server: 0 Unable to create handle: 0 Unable to queue request: 0 Invalid credentials: 0 Malformed request: 0 License unavailable: 0 Redirect requested: 0 Internal failure: 0 Local authentication failures: 0 LDAP lookup failures: 0 Challenges: 0 Timed out requests: 0 user@host-R0>show network-access aaa statistics accounting Accounting module statistics Requests received: 511 Accounting response failures: 0 Accounting response success: 508 Timed out requests: 1 user@host-R0>show network-access aaa statistics accounting detail Accounting module statistics Requests received: 511 Account on requests: 4 Accounting start requests: 59 Accounting interim requests: 389 Accounting stop requests: 59 Accounting response failures: 0 Accounting response success: 508 Account on responses: 1 Accounting start responses: 59 Accounting interim responses: 389 Accounting stop responses: 59 Timed out requests: 1 Accounting rollover requests: 0 Accounting unknown responses: 0 Accounting pending account requests: 0 Accounting malformed responses: 0 Accounting retransmissions: 10 Accounting bad authenticators: 0 Accounting packets dropped: 0 user@host-R0>show network-access requests statistics General authentication statistics Total requests received: 240 Total responses sent: 284 Radius authentication statistics Total requests received: 51 Success responses: 51 Failure responses: 0 Local authentication statistics Total requests received: 0 Success responses: 0 Failure responses: 0 LDAP authentication statistics Total requests received: 0 Success responses: 0 Failure responses: 0 Securid authentication statistics Total requests received: 0 Success responses: 0 Failure responses: 0 Gx-plus general counters: Counter Value engine created 1 initial config: inactive 1 recovery: cold-boot 1 diameter-app initial config: success 1 Gx-plus sync-event counters: Sync-Event Counter Value cold-boot activated 1 Gx-plus general counters: Counter Value engine created 1 initial config: inactive 1 recovery: cold-boot 1 diameter-app initial config: success 1 Gx-plus sync-event counters: Sync-Event Counter Value cold-boot activated 1 user@host-R0>show network-access requests pending Information about pending authentication entries Total pending authentication requests: 0 user@host-R0>show network-access aaa statistics pending-accounting-stops detail Pending accounting stops: 0 user@host-R0>show network-access aaa statistics radius Outstanding Requests RADIUS Server Profile Configured Current Peak Exceeded 9.0.0.9 Access-Profile-0 1000 1 3 0
Meaning
AAA and RADIUS server functions are correct.
Verify That on R3, No L2 Circuits Are Up and No BFD Sessions Are Running
Purpose
Display L2 circuit and BFD session information to confirm nothing is running on the backup BNG (R3).
Action
From operational mode, run the show interfaces
terse | match ccc | count
, show l2circuit connections summary
, show l2circuit connections interface ps0.0
, show
bfd session summary
, and show bfd session detail
commands.
user@host-R3>show interfaces terse | match ccc | count Count: 2048 lines user@host-R3>show l2circuit connections summary Layer-2 Circuit Connections Summary: Neighbor: 101.0.0.1 Total VCs up: 0, Total VCs down: 1000 Neighbor: 102.0.0.1 Total VCs up: 0, Total VCs down: 1048 user@host-R3>show l2circuit connections interface ps0.0 Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 101.0.0.1 Interface Type St Time last up # Up trans ps0.0(vc 1) rmt OL user@host-R3>show bfd session summary 0 sessions, 0 clients Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps user@host-R3>show bfd session detail 0 sessions, 0 clients Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Meaning
No L2 circuits or BFD sessions are running on the backup BNG.
Verify L2TP Functionality on R5
Purpose
Display subscriber, network access AAA, and L2TP services information to ensure the interfaces are functioning.
Action
From operational mode, run the show subscribers
, show subscriber summary
, show subscribers detail
, show network-access aaa subscribers
, show network-access
aaa subscribers session-id 9
, show network-access aaa subscribers
session-id 9 detail
, show route protocol access internal
, show firewall
, show services l2tp summary
, show services l2tp destination
, show services l2tp
tunnel
, show services l2tp session
, show services
l2tp destination extensive
, show services l2tp tunnel extensive
, and show services l2tp session extensive
commands.
user@host-R5>show subscribers Interface IP Address/VLAN ID User Name LS:RI si-1/0/0.1073741832 100.48.0.9 SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM default:default user@host-R5>show subscribers summary Subscribers by State Active: 1 Total: 1 Subscribers by Client Type L2TP: 1 Total: 1 user@host-R5>show subscribers detail Type: L2TP User Name: SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM IP Address: 100.48.0.9 IP Netmask: 255.0.0.0 Logical System: default Routing Instance: default Interface: si-1/0/0.1073741832 Interface type: Dynamic Underlying Interface: si-1/0/0.1073741832 Dynamic Profile Name: lns-profile State: Active Radius Accounting ID: 9 Session ID: 9 Login Time: 2015-02-15 23:44:31 PST user@host-R5>show network-access aaa subscribers Username Logical system/Routing instance Client type Session-ID SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM default:default l2tp 9 user@host-R5>show network-access aaa subscribers session-id 9 Logical system/Routing instance Client type Session-ID Session uptime Accounting default:default l2tp 9 00:11:39 off user@host-R5>show network-access aaa subscribers session-id 9 detail Type: l2tp Stripped username: SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM AAA Logical system/Routing instance: default:default Target Logical system/Routing instance: default:default Access-profile: AccProf-LNS Session ID: 9 Accounting Session ID: 9 Multi Accounting Session ID: 0 IP Address: 100.48.0.9 Authentication State: AuthStateActive Accounting State: Acc-Init Converted to time accounting: no Provisioning Type: None user@host-R5>show route protocol access-internal inet.0: 35 destinations, 35 routes (35 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 100.48.0.9/32 *[Access-internal/12] 00:11:50 > via si-1/0/0.1073741832 inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) inet6.0: 17 destinations, 22 routes (17 active, 0 holddown, 0 hidden) user@host-R5>show firewall Filter: __default_bpdu_filter__ user@host-R5>show services l2tp summary Failover within a preference level is Disabled Weighted load balancing is Disabled Tunnel authentication challenge is Enabled Calling number avp is Enabled Failover Protocol is Enabled Tx Connect speed method is static Rx speed avp when equal is Disabled Tunnel assignment id format is assignment-id Tunnel Tx Address Change is Accept Min Retransmission Timeout for control packets is 1 seconds Max Retransmissions for Established Tunnel is 7 Max Retransmissions for Not Established Tunnel is 5 Tunnel Idle Timeout is 60 seconds Destruct Timeout is 300 seconds Destination Lockout Timeout is 300 seconds Max Packets processed per iteration is 64 Access Line Information is Disabled, Speed Updates is Disabled Destinations: 1, Tunnels: 1, Sessions: 1, Switched sessions: 0 user@host-R5>show services l2tp destination Local Name Remote IP Tunnels Sessions State 6 100.0.0.1 1 1 Enabled user@host-R5>show services l2tp tunnel Local ID Remote ID Remote IP Sessions State 30823 26595 100.0.0.1:1701 1 Established user@host-R5>show services l2tp session Tunnel local ID: 30823 Local Remote State Interface Interface ID ID unit Name 1214 8956 Established 1073741832 si-1/0/0 user@host-R5>show services l2tp destination extensive Waiting for statistics... Local name: 6 Remote IP: 100.0.0.1 Tunnels: 1, Sessions: 1 State: Enabled Local IP: 105.0.0.1 Transport: ipUdp, Logical System: default, Router Instance: default Lockout State: not locked Access Line Information: disabled, Speed Updates: disabled Connections Totals Active Failed Tunnels 1 1 0 Sessions 1 1 0 Packets Bytes Control Tx 15 418 Control Rx 15 579 Data Tx 722 40.4k Data Rx 244 14.4k Errors Tx 0 Errors Rx 0 user@host-R5>show services l2tp tunnel extensive Waiting for statistics... Tunnel local ID: 30823, Tunnel remote ID: 26595 Remote IP: 100.0.0.1:1701 Sessions: 1, State: Established Tunnel Name: 6/15 Local IP: 105.0.0.1:1701 Local name: R5, Remote name: petrel Effective Peer Resync Mechanism: failover protocol Nas Port Method: none Tunnel Logical System: default, Tunnel Routing Instance: default Max sessions: 128100, Window size: 4, Hello interval: 60 Create time: Sun Feb 15 23:44:31 2015, Up time: 00:12:29 Idle time: 00:00:00, ToS Reflect: Disabled Tunnel Group Name: lns-tunnel-group Statistics since: Sun Feb 15 23:44:31 2015 Packets Bytes Control Tx 15 418 Control Rx 15 579 Data Tx 734 41.1k Data Rx 244 14.4k Errors Tx 0 Errors Rx 0 user@host-R5>show services l2tp session extensive Tunnel local ID: 30823 Session local ID: 1214, Session remote ID: 8956 Interface unit: 1073741832 State: Established Interface: si-1/0/0 Mode: Dedicated Local IP: 105.0.0.1:1701, Remote IP: 100.0.0.1:1701 Local name: R5, Remote name: petrel Bearer type: 1, Framing type: 1 LCP renegotiation: On, Authentication: None Call serial number: 7 Tx speed: 0, Rx speed: 0 Create time: Sun Feb 15 23:44:31 2015, Up time: 00:12:16 Idle time: N/A, ToS Reflect: Disabled Statistics since: Sun Feb 15 23:44:31 2015 Packets Bytes Data Tx 718 40.2k Data Rx 244 14.4k
Meaning
L2TP LAC PPP over dynamic VLAN interfaces are operational.
Verify Dynamic VLAN Authentication and Accounting on the RADIUS Server
Purpose
Determine whether or not RADIUS messages sent by the BNG arrive at the RADIUS server and are accepted.
Action
Review the RADIUS server debug log messages to confirm whether RADIUS messages arrive and are processed. If a subscriber username and password match the user profile on the RADIUS server, the RADIUS server should return an access-accept message response back to the BNG system. If the RADIUS server returns an access-reject message, check the username and password configuration on both the RADIUS server and the BNG DHCP local server, and check the PPPoE client’s username and password.
The following debug log messages are related to straight dynamic VLAN authentication and accounting requests.
rad_recv: Access-Request packet from host 100.0.0.1 port 53274, id=29, length=134 User-Name = "SST_USER_VLAN_DEFAULT" User-Password = "<password>" Service-Type = Framed-User Chargeable-User-Identity = "" Acct-Session-Id = "54" ERX-Dhcp-Mac-Addr = "0000.0000.0000" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 Sending Access-Accept of id 29 to 100.0.0.1 port 53274 Service-Type = Framed-User rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=30, length=165 User-Name = "SST_USER_VLAN_DEFAULT" Acct-Status-Type = Start Acct-Session-Id = "54" Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0000.0000.0000" Event-Timestamp = "Feb 16 2015 00:47:48 EST" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=34, length=309 User-Name = "SST_USER_VLAN_DEFAULT" Acct-Status-Type = Stop Acct-Session-Id = "54" Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Time = 345 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Terminate-Cause = Admin-Reset Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0000.0000.0000" Event-Timestamp = "Feb 16 2015 00:53:33 EST" ERX-Input-Gigapkts = 0 Acct-Input-Gigawords = 0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0:1-100" NAS-Port-Type = Ethernet ERX-Output-Gigapkts = 0 Acct-Output-Gigawords = 0 ERX-IPv6-Acct-Input-Octets = 0 ERX-IPv6-Acct-Output-Octets = 0 ERX-IPv6-Acct-Input-Packets = 0 ERX-IPv6-Acct-Output-Packets = 0 ERX-IPv6-Acct-Input-Gigawords = 0 ERX-IPv6-Acct-Output-Gigawords = 0 NAS-IP-Address = 100.0.0.1
The following debug log messages are related to DHCPv4 over dynamic VLAN authentication and accounting requests.
rad_recv: Access-Request packet from host 100.0.0.1 port 53274, id=31, length=210 User-Name = "SST_USER_DHCP_V4_DEFAULT" User-Password = "<password>" Service-Type = Framed-User Chargeable-User-Identity = "" Acct-Session-Id = "55" ERX-Dhcp-Options = "5\001\0012\004d\020\000\003\014\026fireback-ThinkPad-T4007\r\001\034\002\003\017\006w\014,/\032y*" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Framed-IP-Address = 100.16.0.3 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741855:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 Sending Access-Accept of id 31 to 100.0.0.1 port 53274 Service-Type = Framed-User ERX-Service-Activate:1 += "DHCP-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)" rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=32, length=247 User-Name = "SST_USER_DHCP_V4_DEFAULT" Acct-Status-Type = Start Acct-Session-Id = "55" Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Options = "5\001\0012\004d\020\000\003\014\026fireback-ThinkPad-T4007\r\001\034\002\003\017\006w\014,/\032y*" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 00:47:51 EST" Framed-IP-Address = 100.16.0.3 Framed-IP-Netmask = 255.0.0.0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741855:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=33, length=391 User-Name = "SST_USER_DHCP_V4_DEFAULT" Acct-Status-Type = Stop Acct-Session-Id = "55" Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Time = 342 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Terminate-Cause = NAS-Request Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Options = "5\001\0012\004d\020\000\003\014\026fireback-ThinkPad-T4007\r\001\034\002\003\017\006w\014,/\032y*" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 00:53:33 EST" Framed-IP-Address = 100.16.0.3 Framed-IP-Netmask = 255.0.0.0 ERX-Input-Gigapkts = 0 Acct-Input-Gigawords = 0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741855:1-100" NAS-Port-Type = Ethernet ERX-Output-Gigapkts = 0 Acct-Output-Gigawords = 0 ERX-IPv6-Acct-Input-Octets = 0 ERX-IPv6-Acct-Output-Octets = 0 ERX-IPv6-Acct-Input-Packets = 0 ERX-IPv6-Acct-Output-Packets = 0 ERX-IPv6-Acct-Input-Gigawords = 0 ERX-IPv6-Acct-Output-Gigawords = 0 NAS-IP-Address = 100.0.0.1
The following debug log messages are related to DHCPv6 over dynamic VLAN authentication and accounting requests.
rad_recv: Access-Request packet from host 100.0.0.1 port 53274, id=37, length=204 User-Name = "SST_USER_DHCP_V6_DEFAULT" User-Password = "<password>" Service-Type = Framed-User Chargeable-User-Identity = "" Acct-Session-Id = "58" ERX-Dhcp-Options = "\000\001\000\016\000\001\000\001\034\017\273\351\000\"h\ 024\204\325\000\010\000\002\000d\000\006\000\004\000\027\000\030\000\031\000\014\000\ 000\000\001\000\000\000\000\000\000\000" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741856:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 Sending Access-Accept of id 37 to 100.0.0.1 port 53274 Service-Type = Framed-User ERX-Service-Activate:1 += "DHCP-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)" rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=38, length=254 User-Name = "SST_USER_DHCP_V6_DEFAULT" Acct-Status-Type = Start Acct-Session-Id = "58" Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Delegated-IPv6-Prefix = 1000::/56 Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Options = "\000\001\000\016\000\001\000\001\034\017\273\351\000\"h\024\ 204\325\000\010\000\002\000d\000\006\000\004\000\027\000\030\000\031\000\014\000\000\000\ 001\000\000\000\000\000\000\000" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 00:54:49 EST" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741856:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=40, length=309 User-Name = "SST_USER_VLAN_DEFAULT" Acct-Status-Type = Stop Acct-Session-Id = "57" Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Time = 265 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Terminate-Cause = Admin-Reset Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0000.0000.0000" Event-Timestamp = "Feb 16 2015 00:59:12 EST" ERX-Input-Gigapkts = 0 Acct-Input-Gigawords = 0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0:1-100" NAS-Port-Type = Ethernet ERX-Output-Gigapkts = 0 Acct-Output-Gigawords = 0 ERX-IPv6-Acct-Input-Octets = 0 ERX-IPv6-Acct-Output-Octets = 0 ERX-IPv6-Acct-Input-Packets = 0 ERX-IPv6-Acct-Output-Packets = 0 ERX-IPv6-Acct-Input-Gigawords = 0 ERX-IPv6-Acct-Output-Gigawords = 0 NAS-IP-Address = 100.0.0.1
The following debug log messages are related to PPPoE over dynamic VLAN authentication and accounting requests.
rad_recv: Access-Request packet from host 100.0.0.1 port 53274, id=49, length=189 User-Name = "SST_USER_PPPOE_LT_DEFAULT" Service-Type = Framed-User Framed-Protocol = PPP CHAP-Password = 0x341c1103d16b6d5a56a3eacef911e227ca CHAP-Challenge = 0x9c35da48d9c6351050ccf15141901947968a4a56ebf0690ab64291240c6f3b Chargeable-User-Identity = "" Acct-Session-Id = "64" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741859:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 Sending Access-Accept of id 49 to 100.0.0.1 port 53274 Service-Type = Framed-User ERX-Service-Activate:1 += "PPPOE-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01)" rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=50, length=208 User-Name = "SST_USER_PPPOE_LT_DEFAULT" Acct-Status-Type = Start Acct-Session-Id = "64" Service-Type = Framed-User Framed-Protocol = PPP ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Framed-Interface-Id = 2473:3f40:86ef:c3b3 Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 01:10:01 EST" Framed-IP-Address = 100.16.0.7 Framed-IP-Netmask = 255.0.0.0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741859:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=52, length=309 User-Name = "SST_USER_VLAN_DEFAULT" Acct-Status-Type = Stop Acct-Session-Id = "63" Acct-Input-Octets = 86662 Acct-Output-Octets = 256 Acct-Session-Time = 495 Acct-Input-Packets = 557 Acct-Output-Packets = 32 Acct-Terminate-Cause = Admin-Reset Service-Type = Framed-User ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0000.0000.0000" Event-Timestamp = "Feb 16 2015 01:18:11 EST" ERX-Input-Gigapkts = 0 Acct-Input-Gigawords = 0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0:1-100" NAS-Port-Type = Ethernet ERX-Output-Gigapkts = 0 Acct-Output-Gigawords = 0 ERX-IPv6-Acct-Input-Octets = 93 ERX-IPv6-Acct-Output-Octets = 0 ERX-IPv6-Acct-Input-Packets = 1 ERX-IPv6-Acct-Output-Packets = 0 ERX-IPv6-Acct-Input-Gigawords = 0 ERX-IPv6-Acct-Output-Gigawords = 0 NAS-IP-Address = 100.0.0.1 rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=51, length=352 User-Name = "SST_USER_PPPOE_LT_DEFAULT" Acct-Status-Type = Stop Acct-Session-Id = "64" Acct-Input-Octets = 14356 Acct-Output-Octets = 0 Acct-Session-Time = 490 Acct-Input-Packets = 239 Acct-Output-Packets = 0 Acct-Terminate-Cause = User-Request Service-Type = Framed-User Framed-Protocol = PPP ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Framed-Interface-Id = 2473:3f40:86ef:c3b3 Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 01:18:11 EST" Framed-IP-Address = 100.16.0.7 Framed-IP-Netmask = 255.0.0.0 ERX-Input-Gigapkts = 0 Acct-Input-Gigawords = 0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741859:1-100" NAS-Port-Type = Ethernet ERX-Output-Gigapkts = 0 Acct-Output-Gigawords = 0 ERX-IPv6-Acct-Input-Octets = 0 ERX-IPv6-Acct-Output-Octets = 0 ERX-IPv6-Acct-Input-Packets = 0 ERX-IPv6-Acct-Output-Packets = 0 ERX-IPv6-Acct-Input-Gigawords = 0 ERX-IPv6-Acct-Output-Gigawords = 0 NAS-IP-Address = 100.0.0.1
The following debug log messages are related to LAC PPP over dynamic VLAN interface requests.
rad_recv: Access-Request packet from host 100.0.0.1 port 53274, id=55, length=195 User-Name = "SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM" Service-Type = Framed-User Framed-Protocol = PPP CHAP-Password = 0x3b1b159a8dd20e71fc05178bde237a3f18 CHAP-Challenge = 0xce86862897f89c3e6d20ef40c3f0295e669d1649c7a8180c828a Chargeable-User-Identity = "" Acct-Session-Id = "68" ERX-Dhcp-Mac-Addr = "0022.6814.84d5" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741861:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 Sending Access-Accept of id 55 to 100.0.0.1 port 53274 Service-Type = Framed-User rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=56, length=256 User-Name = "SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM" Acct-Status-Type = Start Acct-Session-Id = "68" Service-Type = Framed-User Framed-Protocol = PPP ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IPv4 Tunnel-Client-Endpoint:0 = "100.0.0.1" Tunnel-Server-Endpoint:0 = "105.0.0.1" Tunnel-Assignment-Id:0 = "Tunnel-ID-1" Acct-Tunnel-Connection = "0000000007" Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 01:20:00 EST" NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741861:1-100" NAS-Port-Type = Ethernet NAS-IP-Address = 100.0.0.1 rad_recv: Accounting-Request packet from host 100.0.0.1 port 53274, id=59, length=400 User-Name = "SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM" Acct-Status-Type = Stop Acct-Session-Id = "68" Acct-Input-Octets = 128977 Acct-Output-Octets = 24940 Acct-Session-Time = 874 Acct-Input-Packets = 589 Acct-Output-Packets = 446 Acct-Terminate-Cause = NAS-Request Service-Type = Framed-User Framed-Protocol = PPP ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IPv4 Tunnel-Client-Endpoint:0 = "100.0.0.1" Tunnel-Server-Endpoint:0 = "105.0.0.1" Tunnel-Assignment-Id:0 = "Tunnel-ID-1" Acct-Tunnel-Connection = "0000000007" Acct-Authentic = RADIUS Acct-Delay-Time = 0 ERX-Dhcp-Mac-Addr = "0022.6814.84d5" Event-Timestamp = "Feb 16 2015 01:34:34 EST" ERX-Input-Gigapkts = 0 Acct-Input-Gigawords = 0 NAS-Identifier = "R0-BNG1" NAS-Port = 100 NAS-Port-Id = "ps0.1073741861:1-100" NAS-Port-Type = Ethernet ERX-Output-Gigapkts = 0 Acct-Output-Gigawords = 0 ERX-IPv6-Acct-Input-Octets = 460 ERX-IPv6-Acct-Output-Octets = 0 ERX-IPv6-Acct-Input-Packets = 6 ERX-IPv6-Acct-Output-Packets = 0 ERX-IPv6-Acct-Input-Gigawords = 0 ERX-IPv6-Acct-Output-Gigawords = 0 NAS-IP-Address = 100.0.0.1
Meaning
Dynamic VLAN authentication and accounting functionality is confirmed.
Troubleshooting
This troubleshooting section focuses on pseudowire head-end termination and subscriber management on the BNG platform. To troubleshoot these functions, see the following sections.
For information on using traceoptions, see Junos OS Tracing and Logging Operations.
MPLS L2 Circuit Pseudowire
Problem
MPLS L2 circuit pseudowires are not being established.
Solution
On the BNG device, investigate each network layer’s operational status and error count. Start by ensuring that the operational status is Up for both Layer 1 (L1) and L2, and that the error count is not increasing.
user@host-BNG>show interfaces ge-2/0/0 extensive Physical interface: ge-2/0/0, Enabled, Physical link is Up Interface index: 2359, SNMP ifIndex: 579, Generation: 2362 Description: To R1 - APE1 Link-level type: Ethernet, MTU: 1514, MRU: 1522, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Pad to minimum frame size: Disabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Schedulers : 0 Hold-times : Up 0 ms, Down 0 ms Current address: ac:4b:c8:45:6a:94, Hardware address: ac:4b:c8:45:6a:94 Last flapped : 2015-03-24 16:34:13 PDT (22:13:47 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 37913131 234088 bps Output bytes : 27109253 150976 bps Input packets: 750139 595 pps Output packets: 736385 588 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Label-switched interface (LSI) traffic statistics: Input bytes : 0 0 bps Input packets: 0 0 pps Dropped traffic statistics due to STP State: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Egress queues: 8 supported, 8 in use Queue counters: Queued packets Transmitted packets Dropped packets 0 2082 2082 0 1 0 0 0 2 0 0 0 3 735288 735288 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 Queue number: Mapped forwarding classes 0 FC0 1 FC1 2 FC2 3 FC3 4 FC4 5 FC5 6 FC6 7 FC7 Active alarms : None Active defects : None MAC statistics: Receive Transmit Total octets 51466725 49001759 Total packets 750906 737115 Unicast packets 731162 699812 Broadcast packets 35 38 Multicast packets 19709 37265 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Total errors 0 0 Filter statistics: Input packet count 750316 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 736542 Output packet pad count 0 Output packet error count 0 CAM destination filters: 0, CAM source filters: 0 Autonegotiation information: Negotiation status: Complete Link partner: Link mode: Full-duplex, Flow control: Symmetric/Asymmetric, Remote fault: OK Local resolution: Flow control: Symmetric, Remote fault: Link OK Packet Forwarding Engine configuration: Destination slot: 0 (0x00) CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 FC0 95 950000000 95 0 low none 3 FC3 5 50000000 5 0 low none Interface transmit statistics: Disabled Logical interface ge-2/0/0.0 (Index 4447) (SNMP ifIndex 14264) (Generation 4256) Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2 Traffic statistics: Input bytes : 41421857 Output bytes : 27287563 Input packets: 786945 Output packets: 736385 Local statistics: Input bytes : 8105510 Output bytes : 5342123 Input packets: 102278 Output packets: 50590 Transit statistics: Input bytes : 33316347 230800 bps Output bytes : 21945440 150624 bps Input packets: 684667 591 pps Output packets: 685795 588 pps Protocol inet, MTU: 1500, Generation: 2247, Route table: 0 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred Is-Primary Destination: 21.21.11/24, Local: 21.21.11.1, Broadcast: 21.21.11.255, Generation: 155 Protocol mpls, MTU: 1488, Maximum labels: 3, Generation: 2248, Route table: 0 Protocol multiservice, MTU: Unlimited, Generation: 2249, Route table: 0 Policer: Input: __default_arp_policer__
If the interface is a PS interface, check the status of the anchor interface as well.
user@host-BNG>show configuration interfaces ps0 | display inheritance no-comments anchor-point { lt-0/0/10; } flexible-vlan-tagging; auto-configure { stacked-vlan-ranges { dynamic-profile vlan-prof-0 { accept [ inet inet6 pppoe ]; ranges { 1-256,1-4094; } } authentication { password <password>; username-include { user-prefix SST_USER_VLAN_DEFAULT; } } } remove-when-no-subscribers; } no-gratuitous-arp-request; unit 0 { encapsulation ethernet-ccc; } user@host-BNG>show interfaces lt-0/0/10 media Physical interface: lt-0/0/10, Enabled, Physical link is Up Interface index: 159, SNMP ifIndex: 12719 Type: Logical-tunnel, Link-level type: Logical-tunnel, MTU: Unlimited, Speed: 1000mbps Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000 Physical info : 13 Current address: ac:4b:c8:45:68:00, Hardware address: ac:4b:c8:45:68:00 Last flapped : 2015-03-24 16:33:23 PDT (22:55:56 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) user@host-BNG>show interfaces ps0 media Physical interface: ps0, Enabled, Physical link is Up Interface index: 160, SNMP ifIndex: 12720 Type: Software-Pseudo, Link-level type: 90, MTU: 1522, Clocking: 1, Speed: 1000mbps Device flags : Present Running Interface flags: Point-To-Point Internal: 0x4000 Current address: ac:4b:c8:45:68:00, Hardware address: ac:4b:c8:45:68:00 Last flapped : Never Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) user@host-BNG>show interfaces ps0.0 Logical interface ps0.0 (Index 332) (SNMP ifIndex 18023) Flags: Up Point-To-Point 0x4000 Encapsulation: Ethernet-CCC Input packets : 272 Output packets: 459 Protocol ccc, MTU: 1514 Flags: Is-Primary user@host-BNG>show interfaces ps0.0 extensive Logical interface ps0.0 (Index 332) (SNMP ifIndex 18023) (Generation 141) Flags: Up Point-To-Point 0x4000 Encapsulation: Ethernet-CCC Traffic statistics: Input bytes : 17251 Output bytes : 37799 Input packets: 272 Output packets: 459 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 17251 0 bps Output bytes : 37799 0 bps Input packets: 272 0 pps Output packets: 459 0 pps Protocol ccc, MTU: 1514, Generation: 169, Route table: 0 Flags: Is-Primary
Next, check the IP connectivity of the directly connected interface.
user@host-BNG>show interfaces ge-2/0/0 terse Interface Admin Link Proto Local Remote ge-2/0/0 up up ge-2/0/0.0 up up inet 21.21.11.1/24 mpls multiservice user@host-BNG>ping 21.21.11.2 rapid count 1000 PING 21.21.11.2 (21.21.11.2): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --- 21.21.11.2 ping statistics --- 1000 packets transmitted, 1000 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.460/0.748/16.578/0.820 ms
Determine whether the IGP is stable, without any route flapping. The OSPF neighbor state should be Full and the age of the OSPF database and route table should increase consistently without resetting to be zero. The IP connectivity to the neighbor router’s loopback interface should be intact.
user@host-BNG>show ospf neighbor Address Interface State ID Pri Dead 21.21.11.2 ge-2/0/0.0 Full 101.0.0.1 128 35 21.21.13.2 ge-2/0/1.0 Full 102.0.0.1 128 30 21.21.10.2 ge-3/0/0.0 Full 101.0.0.1 128 36 21.21.12.2 ge-3/0/1.0 Full 102.0.0.1 128 36 21.21.15.2 ge-3/0/2.0 Full 104.0.0.1 128 37 21.21.14.2 xe-0/0/0.0 Full 104.0.0.1 128 34 user@host-BNG>show ospf database router OSPF database, Area 0.0.0.0 Type ID Adv Rtr Seq Age Opt Cksum Len Router *100.0.0.1 100.0.0.1 0x8000000b 1721 0x22 0xac4b 108 Router 101.0.0.1 101.0.0.1 0x80000005 1699 0x22 0x6180 84 Router 102.0.0.1 102.0.0.1 0x80000006 1712 0x22 0x7736 84 Router 103.0.0.1 103.0.0.1 0x8001452e 1727 0x22 0x134c 96 Router 104.0.0.1 104.0.0.1 0x80000010 768 0x22 0x135e 108 Router 105.0.0.1 105.0.0.1 0x80000033 1096 0x22 0xbdf6 96 user@host-BNG>show route protocol ospf | match /32 101.0.0.1/32 *[OSPF/10] 00:28:53, metric 1 102.0.0.1/32 *[OSPF/10] 00:29:01, metric 1 103.0.0.1/32 *[OSPF/10] 00:28:53, metric 2 104.0.0.1/32 *[OSPF/10] 00:35:33, metric 1 105.0.0.1/32 *[OSPF/10] 00:35:33, metric 2 224.0.0.5/32 *[OSPF/10] 22:21:18, metric 1 user@host-BNG>ping 101.0.0.1 rapid count 1000 PING 101.0.0.1 (101.0.0.1): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --- 101.0.0.1 ping statistics --- 1000 packets transmitted, 1000 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.480/0.830/11.262/0.771 ms user@host-BNG>show ldp route 101.0.0.1 Destination Next-hop intf/lsp/table Next-hop address 101.0.0.1/32 ge-2/0/0.0 21.21.11.2 ge-3/0/0.0 21.21.10.2 user@host-BNG>show route 101.0.0.1 inet.0: 33 destinations, 34 routes (33 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 101.0.0.1/32 *[OSPF/10] 00:30:48, metric 1 to 21.21.11.2 via ge-2/0/0.0 > to 21.21.10.2 via ge-3/0/0.0 inet.3: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 101.0.0.1/32 *[LDP/9] 00:30:48, metric 1 > to 21.21.11.2 via ge-2/0/0.0 to 21.21.10.2 via ge-3/0/0.0
Next, check the BFD session status for MPLS L2 circuit pseudowires.
user@host-BNG>show bfd session Address State Interface Time Interval Multiplier 127.0.0.1 Up ge-2/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-2/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-2/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-2/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-2/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-3/0/0.0 4.000 1.000 4 127.0.0.1 Up ge-2/0/0.0 4.000 1.000 4
Examine the MPLS pseudowire datapath.
user@host-BNG>ping mpls l2circuit interface ps0.0 !!!!! --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss user@host-BNG>ping mpls l2circuit virtual-circuit 1 count 10 destination 127.0.0.1 neighbor 101.0.0.1 !!!!!!!!!! --- lsping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss user@host-PE1>ping mpls l2circuit interface ge-1/1/9.1 !!!!! --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss user@host-PE1>ping mpls l2circuit interface ge-1/1/9.1 !!!!! --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss user@host-PE1>ping mpls l2circuit interface ge-1/1/9.1 detail Request for seq 1, to interface 329, label 360336, packet size 88 Reply for seq 1, return code: Egress-ok, time: -4752393.948 ms Local transmit time: 2015-03-25 17:21:25 PDT 394.073 ms Remote receive time: 2015-03-25 16:02:13 PDT 0.125 ms Request for seq 2, to interface 329, label 360336, packet size 88 Reply for seq 2, return code: Egress-ok, time: -4752393.851 ms Local transmit time: 2015-03-25 17:21:26 PDT 393.976 ms Remote receive time: 2015-03-25 16:02:14 PDT 0.125 ms Request for seq 3, to interface 329, label 360336, packet size 88 Reply for seq 3, return code: Egress-ok, time: -4752393.839 ms Local transmit time: 2015-03-25 17:21:27 PDT 393.964 ms Remote receive time: 2015-03-25 16:02:15 PDT 0.125 ms Request for seq 4, to interface 329, label 360336, packet size 88 Reply for seq 4, return code: Egress-ok, time: -4752393.831 ms Local transmit time: 2015-03-25 17:21:28 PDT 393.956 ms Remote receive time: 2015-03-25 16:02:16 PDT 0.125 ms Request for seq 5, to interface 329, label 360336, packet size 88 Reply for seq 5, return code: Egress-ok, time: -4752393.823 ms Local transmit time: 2015-03-25 17:21:29 PDT 393.948 ms Remote receive time: 2015-03-25 16:02:17 PDT 0.125 ms --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss
Finally, verify that the MPLS L2 circuit status is Up. If it is not, consult the connection status code legend provided in the
show
command output for the reason.user@host-BNG>show l2circuit connections interface ps0.0 extensive Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 101.0.0.1 Interface Type St Time last up # Up trans ps0.0(vc 1) rmt Up Mar 25 14:26:50 2015 1 Remote PE: 101.0.0.1, Negotiated control-word: Yes (Null) Incoming label: 360336, Outgoing label: 338624 Negotiated PW status TLV: No Local interface: ps0.0, Status: Up, Encapsulation: ETHERNET Connection History: Mar 25 14:26:50 2015 status update timer Mar 25 14:26:50 2015 PE route changed Mar 25 14:26:50 2015 Out lbl Update 338624 Mar 25 14:26:50 2015 In lbl Update 360336 Mar 25 14:26:50 2015 loc intf up ps0.0 user@host-PE1>show l2circuit connections interface ge-1/1/9.1 extensive Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 100.0.0.1 Interface Type St Time last up # Up trans ge-1/1/9.1(vc 1) rmt Up Mar 25 15:46:05 2015 1 Remote PE: 100.0.0.1, Negotiated control-word: Yes (Null) Incoming label: 338624, Outgoing label: 360336 Negotiated PW status TLV: No Local interface: ge-1/1/9.1, Status: Up, Encapsulation: ETHERNET Flow Label Transmit: No, Flow Label Receive: No Connection History: Mar 25 15:46:05 2015 status update timer Mar 25 15:46:01 2015 PE route changed Mar 25 15:46:01 2015 Out lbl Update 360336 Mar 25 15:46:01 2015 In lbl Update 338624 Mar 25 15:46:01 2015 loc intf up ge-1/1/9.1 Neighbor: 103.0.0.1 ge-1/1/9.1(vc 1) rmt BK
Subscriber Sessions
Problem
Subscriber sessions are not being established.
Solution
First, check the AAA status. Start by using the
test aaa
command to ascertain the authentication and address assignment operational status.user@host-BNG>test aaa ppp user SST_USER_VLAN_DEFAULT password <password> Authentication Grant ************User Attributes*********** User Name - SST_USER_VLAN_DEFAULT Client IP Address - 100.16.0.2 Client IP Netmask - 255.0.0.0 Virtual Router Name - default Reply Message - NULL Primary DNS IP Address - 0.0.0.0 Secondary DNS IP Address - 0.0.0.0 Primary WINS IP Address - 0.0.0.0 Secondary WINS IP Address - 0.0.0.0 Primary DNS IPv6 Address - :: Secondary DNS IPv6 Address - :: Framed Pool - v4-pool-0 Class Attribute - not set Service Type - 0 Client Ipv6 Address - :: Client Ipv6 Mask - null Framed Ipv6 Prefix - ::/0 Framed Ipv6 Pool - not-set NDRA Ipv6 Prefix - not-set Login Ipv6 Host - :: Framed Interface Id: - 0:0:0:0 Delegated Ipv6 Prefix - ::/0 Delegated Ipv6 Pool - not-set User Password - <password> CHAP Password - NULL Mac Address - AB:CD:00:00:00:01 Filter Id - not set Framed MTU - (null) Framed Route - not set Ingress Policy Name - not set Egress Policy Name - not set IGMP - disabled Redirect VR Name - default Service Bundle - Null Framed Ip Route Tag - not set Ignore DF Bit - disabled IGMP Access Group Name - not set IGMP Access Source Group Name - not set MLD Access Group Name - not set MLD Access Source Group Name - not set IGMP Version - not set MLD Version - not set IGMP Immediate Leave - disabled MLD Immediate Leave - disabled IPv6 Ingress Policy Name - not set IPv6 Egress Policy Name - not set Acct Session ID- 10 Acct Interim Interval - 600 Acct Type - 2 Ingress Statistics disabled Egress Statistics disabled Chargeable user identity - 0 NAS Port Id - not set NAS Port - 4095 NAS Port Type - 15 Framed Protocol - 0 ****Pausing 10 seconds before disconnecting the test user********* Logging out subscriber Terminate Id - not set Test complete. Exiting user@host-BNG>test aaa ppp user SST_USER_PPPOE_LT_DEFAULT password <password> Authentication Grant ************User Attributes*********** User Name - SST_USER_PPPOE_LT_DEFAULT Client IP Address - 100.16.0.9 Client IP Netmask - 255.0.0.0 Virtual Router Name - default Reply Message - NULL Primary DNS IP Address - 0.0.0.0 Secondary DNS IP Address - 0.0.0.0 Primary WINS IP Address - 0.0.0.0 Secondary WINS IP Address - 0.0.0.0 Primary DNS IPv6 Address - :: Secondary DNS IPv6 Address - :: Framed Pool - v4-pool-0 Class Attribute - not set Service Type - 0 Client Ipv6 Address - :: Client Ipv6 Mask - null Framed Ipv6 Prefix - ::/0 Framed Ipv6 Pool - not-set NDRA Ipv6 Prefix - not-set Login Ipv6 Host - :: Framed Interface Id: - 0:0:0:0 Delegated Ipv6 Prefix - ::/0 Delegated Ipv6 Pool - not-set User Password - <password> CHAP Password - NULL Mac Address - AB:CD:00:00:00:01 Service tag - 1 Service Name - PPPOE-SERVICE-PROFILE(INPUT-V4-FILTER-01, OUTPUT-V4-FILTER-01, INPUT-V6-FILTER-01, OUTPUT-V6-FILTER-01) Filter Id - not set Framed MTU - (null) Framed Route - not set Ingress Policy Name - not set Egress Policy Name - not set IGMP - disabled Redirect VR Name - default Service Bundle - Null Framed Ip Route Tag - not set Ignore DF Bit - disabled IGMP Access Group Name - not set IGMP Access Source Group Name - not set MLD Access Group Name - not set MLD Access Source Group Name - not set IGMP Version - not set MLD Version - not set IGMP Immediate Leave - disabled MLD Immediate Leave - disabled IPv6 Ingress Policy Name - not set IPv6 Egress Policy Name - not set Acct Session ID- 28 Acct Interim Interval - 600 Acct Type - 2 Ingress Statistics disabled Egress Statistics disabled Chargeable user identity - 0 NAS Port Id - not set NAS Port - 4095 NAS Port Type - 15 Framed Protocol - 0 ****Pausing 10 seconds before disconnecting the test user********* Logging out subscriber Terminate Id - not set Test complete. Exiting user@host-BNG>test aaa ppp user SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM password <password> Authentication Grant with Tunnel Attributes ************Tunnel Attributes*********** ****Tunnel Definiton - 1 Tunnel Medium - 1 Tunnel Type - 3 Tunnel Max Sessions - 0 Tunnel Server Endpoint - 105.0.0.1 Tunnel Client Endpoint - 100.0.0.1 Tunnel Server AuthId - Tunnel Client AuthId - Tunnel Password - juniper Tunnel Assignment Id - Tunnel-ID-1 Tunnel Logical System - Tunnel Routing Instance - ****Pausing 10 seconds before disconnecting the test user********* Logging out subscriber Terminate Id - not set Test complete. Exiting
Check the RADIUS server’s operational status and statistics.
user@host-BNG>show network-access aaa radius-servers detail Profile: Access-Profile-0 Server address: 9.0.0.9 Authentication port: 1812 Accounting port: 1813 Status: UP RADIUS Servers 9.0.0.9 Round Trip Time: 1 Authentication requests: 9 Authentication rollover requests: 0 Authentication retransmissions: 25 Accepts: 4 Rejects: 0 Challenges: 0 Authentication malformed responses: 0 Authentication bad authenticators: 0 Authentication requests pending: 0 Authentication request timeouts: 30 Authentication unknown responses: 0 Authentication packets dropped: 0 Accounting start requests: 4 Accounting interim requests: 1 Accounting stop requests: 8 Accounting rollover requests: 0 Accounting retransmissions: 30 Accounting start responses: 4 Accounting interim responses: 1 Accounting stop responses: 3 Accounting malformed responses: 0 Accounting bad authenticators: 0 Accounting requests pending: 0 Accounting request timeouts: 36 Accounting unknown responses: 0 Accounting packets dropped: 0
Monitor incoming and outgoing subscriber protocol control traffic via the PS interface. Start by checking the subscriber access protocol negotiation status.
user@host-BNG>monitor traffic interface ps0 no-resolve verbose output suppressed, use (detail) or (extensive) for full protocol decode Address resolution is OFF. Listening on ps0, capture size 96 bytes 15:10:51.505345 In PPPoE PADI [Service-Name] [Host-Uniq UTF8] 15:10:56.507188 In PPPoE PADI [Service-Name] [Host-Uniq UTF8] 15:10:56.507566 Out PPPoE PADO [AC-Name "R0"] [Host-Uniq UTF8] [Service-Name] [AC-Cookie UTF8] 15:10:56.508055 In PPPoE PADR [Service-Name] [Host-Uniq UTF8] [AC-Cookie UTF8] 15:10:56.592436 In PPPoE [ses 1]LCP, Conf-Request (0x01), id 1, length 16 15:10:56.592437 In PPPoE [ses 1]LCP, Conf-Request (0x01), id 1, length 16 15:10:56.592511 Out PPPoE [ses 1]LCP, Conf-Request (0x01), id 141, length 21 15:10:56.592511 Out PPPoE [ses 1]LCP, Conf-Request (0x01), id 141, length 21 15:10:56.592560 Out PPPoE [ses 1]LCP, Conf-Ack (0x02), id 1, length 16 15:10:56.592560 Out PPPoE [ses 1]LCP, Conf-Ack (0x02), id 1, length 16 15:10:56.593707 In PPPoE [ses 1]LCP, Conf-Ack (0x02), id 141, length 21 15:10:56.593708 In PPPoE [ses 1]LCP, Conf-Ack (0x02), id 141, length 21 15:10:56.593899 Out PPPoE [ses 1]CHAP, Challenge (0x01), id 32, Value 13bf1f6f74448948130f8648c8c14a49b46125, Name JUNOS 15:10:56.593899 Out PPPoE [ses 1]CHAP, Challenge (0x01), id 32, Value 13bf1f6f74448948130f8648c8c14a49b46125, Name JUNOS 15:10:56.594771 In PPPoE [ses 1]CHAP, Response (0x02), id 32, Value 117cf30ec090ee60ba642403955fa37d, Name SST_USER_PPPOE_LT[|chap] 15:10:56.594772 In PPPoE [ses 1]CHAP, Response (0x02), id 32, Value 117cf30ec090ee60ba642403955fa37d, Name SST_USER_PPPOE_LT[|chap] 15:10:56.800192 Out PPPoE [ses 1]CHAP, Success (0x03), id 32, Msg 15:10:56.800193 Out PPPoE [ses 1]CHAP, Success (0x03), id 32, Msg 15:10:56.800866 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 1, length 24 15:10:56.800867 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 1, length 24 15:10:56.800870 In PPPoE [ses 1]IP6CP, Conf-Request (0x01), id 1, length 16 15:10:56.800871 In PPPoE [ses 1]IP6CP, Conf-Request (0x01), id 1, length 16 15:10:56.801043 Out PPPoE [ses 1]IPCP, Conf-Nack (0x03), id 1, length 24 15:10:56.801044 Out PPPoE [ses 1]IPCP, Conf-Nack (0x03), id 1, length 24 15:10:56.801234 Out PPPoE [ses 1]IP6CP, Conf-Ack (0x02), id 1, length 16 15:10:56.801235 Out PPPoE [ses 1]IP6CP, Conf-Ack (0x02), id 1, length 16 15:10:56.801533 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 2, length 24 15:10:56.801534 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 2, length 24 15:10:56.801580 Out PPPoE [ses 1]IPCP, Conf-Ack (0x02), id 2, length 24 15:10:56.801581 Out PPPoE [ses 1]IPCP, Conf-Ack (0x02), id 2, length 24 15:10:56.872600 Out PPPoE [ses 1]IPCP, Conf-Request (0x01), id 126, length 12 15:10:56.872601 Out PPPoE [ses 1]IPCP, Conf-Request (0x01), id 126, length 12 15:10:56.872683 Out PPPoE [ses 1]IP6CP, Conf-Request (0x01), id 146, length 16 15:10:56.872683 Out PPPoE [ses 1]IP6CP, Conf-Request (0x01), id 146, length 16 15:10:56.873141 In PPPoE [ses 1]IPCP, Conf-Ack (0x02), id 126, length 12 15:10:56.873141 In PPPoE [ses 1]IPCP, Conf-Ack (0x02), id 126, length 12 15:10:56.878193 In PPPoE [ses 1]IP6CP, Conf-Ack (0x02), id 146, length 16 15:10:56.878194 In PPPoE [ses 1]IP6CP, Conf-Ack (0x02), id 146, length 16 15:11:03.085120 Out PPPoE [ses 1][|ip6] 15:11:03.085121 Out PPPoE [ses 1][|ip6] 15:11:03.469052 Out PPPoE [ses 1][|ip6] 15:11:03.469053 Out PPPoE [ses 1][|ip6] 51 packets received by filter 0 packets dropped by kernel
To monitor L2 header information, use the
monitor traffic
command with thelayer2
option.user@host-BNG>monitor traffic interface ps0 layer2-headers no-resolve verbose output suppressed, use (detail) or (extensive) for full protocol decode Address resolution is OFF. Listening on ps0, capture size 96 bytes 15:11:51.631290 In 00:22:68:14:84:d5 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 40: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq UTF8] 15:11:56.634347 In 00:22:68:14:84:d5 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 40: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq UTF8] 15:11:56.634596 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 66: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE D, PPPoE PADO [AC-Name "R0"] [Host-Uniq UTF8] [Service-Name] [AC-Cookie UTF8] 15:11:56.635054 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE D, PPPoE PADR [Service-Name] [Host-Uniq UTF8] [AC-Cookie UTF8] 15:11:56.663820 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 44: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 1, length 16 15:11:56.663821 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 44: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 1, length 16 15:11:56.663924 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 49: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 21: LCP, Conf-Request (0x01), id 8, length 21 15:11:56.663925 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 49: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 21: LCP, Conf-Request (0x01), id 8, length 21 15:11:56.663973 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 44: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 1, length 16 15:11:56.663974 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 44: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 1, length 16 15:11:56.664432 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 49: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 21: LCP, Conf-Ack (0x02), id 8, length 21 15:11:56.664433 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 49: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]LCP (0xc021), length 21: LCP, Conf-Ack (0x02), id 8, length 21 15:11:56.664614 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 66: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]CHAP (0xc223), length 38: CHAP, Challenge (0x01), id 103, Value 29df1053315de91c31adc72e60f6aa1fa892ba1fc737082abd9d, Name JUNOS 15:11:56.664615 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 66: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]CHAP (0xc223), length 38: CHAP, Challenge (0x01), id 103, Value 29df1053315de91c31adc72e60f6aa1fa892ba1fc737082abd9d, Name JUNOS 15:11:56.666088 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 68: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]CHAP (0xc223), length 48: CHAP, Response (0x02), id 103, Value a28ce2e6abc62d6fb129888792f0914c, Name SST_USER_PPPOE_LT[|chap] 15:11:56.666089 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 68: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]CHAP (0xc223), length 48: CHAP, Response (0x02), id 103, Value a28ce2e6abc62d6fb129888792f0914c, Name SST_USER_PPPOE_LT[|chap] 15:11:56.870223 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 34: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]CHAP (0xc223), length 6: CHAP, Success (0x03), id 103, Msg 15:11:56.870224 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 34: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]CHAP (0xc223), length 6: CHAP, Success (0x03), id 103, Msg 15:11:56.870893 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 52: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Request (0x01), id 1, length 24 15:11:56.870893 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 52: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Request (0x01), id 1, length 24 15:11:56.870897 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 44: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 1, length 16 15:11:56.870897 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 44: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 1, length 16 15:11:56.871071 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 52: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Nack (0x03), id 1, length 24 15:11:56.871071 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 52: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Nack (0x03), id 1, length 24 15:11:56.871247 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 44: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Ack (0x02), id 1, length 16 15:11:56.871247 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 44: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Ack (0x02), id 1, length 16 15:11:56.871616 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 52: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Request (0x01), id 2, length 24 15:11:56.871617 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 52: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Request (0x01), id 2, length 24 15:11:56.871662 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 52: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Ack (0x02), id 2, length 24 15:11:56.871663 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 52: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 24: IPCP, Conf-Ack (0x02), id 2, length 24 15:11:56.959681 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 40: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 12: IPCP, Conf-Request (0x01), id 244, length 12 15:11:56.959681 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 40: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 12: IPCP, Conf-Request (0x01), id 244, length 12 15:11:56.959763 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 44: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 242, length 16 15:11:56.959764 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 44: vlan 1, p 6, ethertype 802.1Q, vlan 100, p 6, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 242, length 16 15:11:56.960192 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 40: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 12: IPCP, Conf-Ack (0x02), id 244, length 12 15:11:56.960193 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 40: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IPCP (0x8021), length 12: IPCP, Conf-Ack (0x02), id 244, length 12 15:11:56.963905 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 44: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Ack (0x02), id 242, length 16 15:11:56.963906 In 00:22:68:14:84:d5 > ac:4b:c8:45:68:00, ethertype 802.1Q (0x8100), length 44: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6CP (0x8057), length 16: IP6CP, Conf-Ack (0x02), id 242, length 16 15:11:58.634264 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 68: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6 (0x0057), length 74: [|ip6] 15:11:58.634265 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 68: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6 (0x0057), length 74: [|ip6] 15:12:00.323994 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 68: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6 (0x0057), length 74: [|ip6] 15:12:00.323995 Out ac:4b:c8:45:68:00 > 00:22:68:14:84:d5, ethertype 802.1Q (0x8100), length 68: vlan 1, p 0, ethertype 802.1Q, vlan 100, p 0, ethertype PPPoE S, PPPoE [ses 1]IP6 (0x0057), length 74: [|ip6] ^C 54 packets received by filter 0 packets dropped by kernel