JunOS config:
root@mx80-2-R5> show configuration interfaces ge-1/1/0
description " ** Link to 3750-12s-1 g1/0/5 **";
flexible-vlan-tagging;
auto-configure { < -- auto configure interface
vlan-ranges { < -- using one vlan
dynamic-profile VLAN_PROFILE { <--using profile
accept dhcp-v4; < when we receive dhcp-discovery
ranges {
411-411; < only allow vlan 411
}
}
}
remove-when-no-subscribers;
}
Dynamic profile :
root@mx80-2-R5> show configuration dynamic-profiles VLAN_PROFILE
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
demux-source inet;
proxy-arp;
vlan-id "$junos-vlan-id";
family inet {
mac-validate strict;
unnumbered-address lo0.5 preferred-source-address 100.100.100.1;
}
}
}
}
root@mx80-2-R5> show configuration forwarding-options dhcp-relay
authentication {
password 123;
username-include {
option-82 circuit-id;
}
}
dynamic-profile DHCP_CST;
overrides {
always-write-option-82;
}
relay-option-82 {
circuit-id {
prefix {
host-name;
}
}
}
server-group {
ONE {
10.100.100.2;
}
}
active-server-group ONE;
group ONE {
interface ge-1/1/0.0;
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-ip-address;
}
filter {
input "$junos-input-filter";
}
unnumbered-address lo0.5;
}
}
}
}
root@mx80-2-R5> show configuration access
radius-server {
10.100.100.2 {
secret "$9$Fe48nApO1RSlK"; ## SECRET-DATA
timeout 5;
source-address 10.100.100.1;
}
}
profile sbr {
accounting-order radius;
authentication-order radius;
radius {
authentication-server 10.100.100.2;
accounting-server 10.100.100.2;
options {
revert-interval 0;
}
}
##
## Warning: requires 'subscriber-accounting' license
##
accounting {
order radius;
immediate-update;
coa-immediate-update;
update-interval 120;
statistics volume-time;
duplication;
}
}
root@mx80-2-R5> show configuration access-profile
sbr;
root@mx80-2-R5> show configuration firewall
filter 2M {
interface-specific;
term 10 {
then {
count 2M;
accept;
}
}
}
filter 5M {
interface-specific;
term 10 {
then {
count 5M;
accept;
}
}
}
filter DENY {
interface-specific;
term 10 {
then {
count DENY;
reject;
}
}
}
DHCP/RADIUS server conf
/etc/dhcp/dhcpd.conf
subnet 10.100.100.0 netmask 255.255.255.0 {
}
subnet 100.100.100.0 netmask 255.255.255.0 {
range 100.100.100.5 100.100.100.8;
option broadcast-address 100.100.100.255;
option routers 100.100.100.2;
}
/etc/freeradius/clients.conf
client 10.100.100.1 {
secret = 123
}
/etc/freeradius/users
mx80-2-R5:ge-1/1/0:411 Auth-Type:= ACCEPT , User-Password == "123"
Filter-ID = "5M"
Checklist:
root@mx80-2-R5> show subscribers
Interface IP Address/VLAN ID User Name LS:RI
ge-1/1/0.1073741824 411 default:default
demux0.1073741825 100.100.100.5 mx80-2-R5:ge-1/1/0:411 default:default
root@mx80-2-R5> show subscribers client-type dhcp detail
Type: DHCP
User Name: mx80-2-R5:ge-1/1/0:411
IP Address: 100.100.100.5
Logical System: default
Routing Instance: default
Interface: demux0.1073741825
Interface type: Dynamic
Dynamic Profile Name: DHCP_CST
MAC Address: 00:19:bb:5a:e8:a6
State: Active
DHCP Relay IP Address: 100.100.100.1
Radius Accounting ID: 2
Session ID: 2
Agent Circuit ID: mx80-2-R5:ge-1/1/0:411
Login Time: 2013-09-18 09:30:05 UTC
DHCP Options: len 75
35 01 01 32 04 64 64 64 05 0c 09 75 62 75 6e 74 75 2d 73 32
51 0c 00 00 00 75 62 75 6e 74 75 2d 73 32 37 0d 01 1c 02 03
0f 06 77 0c 2c 2f 1a 79 2a 52 18 01 16 6d 78 38 30 2d 32 2d
52 35 3a 67 65 2d 31 2f 31 2f 30 3a 34 31 31
root@mx80-2-R5> show dynamic-configuration session information session-id 2
Session info:
Accounting session ID: 2
IP address: 100.100.100.5
Logical system name: default
Profile name: DHCP_CST
MAC address: 00:19:bb:5a:e8:a6
NAS port type: 15
Routing instance: default
Access Profile: sbr
User name: mx80-2-R5:ge-1/1/0:411
Interface name: demux0.1073741825
Dynamic-configuration state: 2
Client session type: 1
DHCP relay agent IP address: 100.100.100.1
IFL type: 2
Accounting type: 2
Accounting interval: 7200
Underlying logical-interface: ge-1/1/0.1073741824
Client login time: 2013-09-18 09:30:05 UTC
DHCP option: 35:01:01:32:04:64
VLAN tag: 411
Agent Circuit ID: mx80-2-R5:ge-1/1/0:411
Configuration bits: 0x80007 0 0 0 0
Dynamic configuration:
junos-input-filter: 5M
junos-interface-unit: 1073741825
junos-phy-ifd-name: ge-1/1/0
junos-underlying-interface: ge-1/1/0.1073741824
COA
server :
root@ubuntu-s1: echo "Framed-IP-Address=100.100.100.5,Acct-Session-Id=2,Filter-ID=2M" | radclient -x 10.100.100.1 coa 123
Sending CoA-Request of id 200 to 10.100.100.1 port 3799
Framed-IP-Address = 100.100.100.5
Acct-Session-Id = "2"
Filter-Id = "2M"
rad_recv: CoA-ACK packet from host 10.100.100.1 port 3799, id=200, length=20
Check:
root@mx80-2-R5> ...ion session information session-id 2
Session info:
Accounting session ID: 2
IP address: 100.100.100.5
Logical system name: default
Profile name: DHCP_CST
MAC address: 00:19:bb:5a:e8:a6
NAS port type: 15
Routing instance: default
Access Profile: sbr
User name: mx80-2-R5:ge-1/1/0:411
Interface name: demux0.1073741825
Dynamic-configuration state: 2
Client session type: 1
DHCP relay agent IP address: 100.100.100.1
IFL type: 2
Accounting type: 2
Accounting interval: 7200
Underlying logical-interface: ge-1/1/0.1073741824
Client login time: 2013-09-18 09:30:05 UTC
DHCP option: 35:01:01:32:04:64
VLAN tag: 411
Agent Circuit ID: mx80-2-R5:ge-1/1/0:411
Configuration bits: 0x80007 0 0 0 0
Dynamic configuration:
junos-input-filter: 2M
junos-interface-unit: 1073741825
junos-phy-ifd-name: ge-1/1/0
junos-underlying-interface: ge-1/1/0.1073741824
No comments:
Post a Comment