Routing

Expand all | Collapse all

I am in need of help setting up a pppoe server

  • 1.  I am in need of help setting up a pppoe server

    Posted 12-10-2018 06:59

    I am in need of help setting up a pppoe server my level of connection on the juniper and very low

    dynamic-profiles {
    pppoe-profile {
    interfaces {
    pp0 {
    unit 0 {
    ppp-options {
    pap;
    }
    pppoe-options {
    underlying-interface fxp0.800;
    server;
    }
    family inet {
    filter {
    input 2048k;
    output 2048k;
    }
    unnumbered-address lo0.0;
    }
    }
    }
    }
    }
    }
    system {
    root-authentication {
    encrypted-password "$5$5WxxBkDo$CtzNX951hqCEGWI1HtXXrxxYu4zt3Nb1pJ82nnp9074"; ## SECRET-DATA
    }
    services {
    ssh;
    }
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    }
    interfaces {
    ge-1/3/0 {
    unit 0 {
    family inet {
    address 192.168.89.4/29;
    }
    }
    }
    em0 {
    unit 0 {
    family inet;
    }
    }
    em1 {
    unit 0 {
    family inet;
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 172.16.0.56/32;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 192.168.89.1;
    }
    }
    firewall {
    family inet {
    filter MONTHLY_4096_OUT {
    interface-specific;
    term 1 {
    then {
    policer MONTHLY_4096_POLICER;
    accept;
    }
    }
    }
    filter MONTHLY_4096_IN {
    interface-specific;
    term 1 {
    then {
    policer MONTHLY_256K_POLICER;
    accept;
    }
    }
    }
    }
    policer MONTHLY_4096_POLICER {
    if-exceeding {
    bandwidth-limit 4m;
    burst-size-limit 100k;
    }
    then discard;
    }
    policer MONTHLY_256K_POLICER {
    if-exceeding {
    bandwidth-limit 1m;
    burst-size-limit 128k;
    }
    then discard;
    }
    }
    access {
    radius-server {
    192.168.89.7 {
    secret "$9$RRkEhyX7Vs4ZX7JDHmF30BIRES"; ## SECRET-DATA
    source-address 192.168.3.103;
    }
    192.168.89.8 {
    secret "$9$mPfQtu1EyKtueWX-2gik.mPT"; ## SECRET-DATA
    source-address 192.168.3.103;
    }
    }
    profile SBR {
    accounting-order radius;
    authentication-order radius;
    radius {
    authentication-server [ 192.168.89.7 192.168.89.8 ];
    accounting-server [ 192.168.89.7 192.168.89.8 ];
    options {
    nas-identifier 192.168.3.103;
    }
    }
    }
    address-assignment {
    pool BRAS_POOL {
    family inet {
    network 192.168.3.0/24;
    range 1 {
    low 192.168.3.66;
    high 192.168.3.70;
    }
    dhcp-attributes {
    maximum-lease-time 3600;
    name-server {
    8.8.8.8;
    }
    router {
    192.168.3.4;
    }
    }
    }
    }
    }
    }



  • 2.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-10-2018 07:48

    Hi,

     

    Configuration looks very odd. Please confirm the MX version and series you're using for PPPoE.

     

    Regards,
    Rahul



  • 3.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-10-2018 07:52

    https://forums.juniper.net/t5/Routing/how-to-setup-a-zero-PPPoE-SERVER-and-an-ip-pool-for-the-clients/m-p/408768#M18897

     

    This is junos variable to build the subscriber interface dynamically.

     

    "$junos-underlying-interface";   <<< interface where the subscriber’s packet arrives

    "$junos-interface-unit" {      <<< subs IFL unit number

     

    FXP0 is management interface. Kindly avoid using it for subscriber.

     

    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
    set chassis network-services enhanced-ip
    set access-profile aaa
    set interfaces lo0 unit 0 family inet address 10.10.10.10/32
    set interfaces ge-4/0/0 flexible-vlan-tagging
    set interfaces ge-4/0/0 unit 100 encapsulation ppp-over-ether
    set interfaces ge-4/0/0 unit 100 vlan-id 100
    set interfaces ge-4/0/0 unit 100 pppoe-underlying-options dynamic-profile PPPoE-Profile

    set access radius-server 10.204.95.67 secret "$9$n2XKC0IyrvLX-yl87Nd4o"
    set access radius-server 10.204.95.67 timeout 6
    set access radius-server 10.204.95.67 retry 10
    set access radius-server 10.204.95.67 source-address 10.204.12.210

    set access profile aaa authentication-order radius
    set access profile aaa radius authentication-server 10.204.95.67
    set access profile aaa radius accounting-server 10.204.95.67
    set access profile aaa radius options nas-port-extended-format slot-width 4
    set access profile aaa radius options nas-port-extended-format adapter-width 1
    set access profile aaa radius options nas-port-extended-format port-width 3
    set access profile aaa radius options nas-port-extended-format vlan-width 16
    set access profile aaa radius options nas-port-type ethernet xdsl
    set access profile aaa radius options revert-interval 1200
    set access profile aaa accounting order radius
    set access profile aaa accounting accounting-stop-on-access-deny
    set access profile aaa accounting coa-immediate-update
    set access profile aaa accounting update-interval 10
    set access profile aaa accounting statistics volume-time
    set access address-assignment pool test family inet network 10.1.1.0/24
    set access address-assignment pool test family inet range 1 low 10.1.1.1
    set access address-assignment pool test family inet range 1 high 10.1.1.254
    set access domain map default access-profile aaa

     

     



  • 4.  RE: I am in need of help setting up a pppoe server

    Posted 12-11-2018 05:17

    dynamic-profiles {
    PPPoE-Profile {
    interfaces {
    pp0 {
    unit 0 {
    no-traps;
    ppp-options {
    chap;
    pap;
    }
    pppoe-options {
    underlying-interface ge-1/3/1.100;
    server;
    }
    family inet {
    unnumbered-address lo0.0;
    }
    }
    }
    }
    }
    }
    system {
    root-authentication {
    encrypted-password "$5$jWXEJUX0$W9SMmSVKuBFS5Vmb0SXRXAohJQkLlLkiekMKD/ptnm5"; ## SECRET-DATA
    }
    login {
    user ixc {
    uid 2000;
    class super-user;
    authentication {
    encrypted-password "$5$gM2wmXdP$jXhoDx0kYpvnK0VLuQnUzEJxphZOscPbBjqTORiwMj1"; ## SECRET-DATA
    }
    }
    }
    services {
    ssh;
    telnet;
    }
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    }
    chassis {
    network-services enhanced-ip;
    }
    access-profile aaa;
    }
    ge-1/3/1 {
    flexible-vlan-tagging;
    unit 100 {
    encapsulation ppp-over-ether;
    vlan-id 100;
    pppoe-underlying-options {
    dynamic-profile PPPoE-Profile;
    }
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 10.10.10.10/32;
    }
    }
    }
    }
    }
    }
    access {
    radius-server {
    192.168.5.125 {
    secret "$9$6ZIs/9thSeMX-hSNbYojiQFn6/A"; ## SECRET-DATA
    timeout 6;
    retry 10;
    source-address 10.10.10.10;
    }
    }
    profile aaa {
    authentication-order radius;
    radius {
    authentication-server 192.168.5.125;
    accounting-server 192.168.5.125;
    options {
    nas-port-extended-format {
    slot-width 4;
    adapter-width 1;
    port-width 3;
    vlan-width 16;
    }
    nas-port-type {
    ethernet xdsl;
    }
    revert-interval 1200;
    }
    }
    accounting {
    order radius;
    accounting-stop-on-access-deny;
    coa-immediate-update;
    update-interval 10;
    statistics volume-time;
    }
    }
    address-assignment {
    pool test {
    family inet {
    network 10.1.1.0/24;
    range 1 {
    low 10.1.1.1;
    high 10.1.1.254;
    }
    }
    }
    }
    domain {
    map default {
    access-profile aaa;
    }
    }
    }



  • 5.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-11-2018 05:56

    Don't configure "underlying-interface as ge-1/3/1.100" Kindly delete the dynamic-profile configuration and configure like below

     

    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0



  • 6.  RE: I am in need of help setting up a pppoe server

    Posted 12-11-2018 17:50

    Don't configure "underlying-interface as ge-1/3/1.100" Kindly delete the dynamic-profile configuration and configure like below

    What interface do I put?



  • 7.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-11-2018 17:59
    Hi

    That is variable and it will automatically take the interface.

    Regards,
    Rahul


  • 8.  RE: I am in need of help setting up a pppoe server

    Posted 12-13-2018 03:45

    I do not understand, I will not put any interface is it?



  • 9.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-13-2018 04:05

    Yes. Just don't modify anything under dynamic-profile.



  • 10.  RE: I am in need of help setting up a pppoe server

    Posted 12-13-2018 07:21

    What is wrong ?

     

    the pppoe request is not going to the radius this is quitting on the juniper

     

    dynamic-profiles {
    PPPoE-Profile {
    interfaces {
    pp0 {
    unit "$junos-interface-unit" {
    no-traps;
    ppp-options {
    chap;
    pap;
    }
    pppoe-options {
    underlying-interface "$junos-underlying-interface";
    server;
    }
    family inet {
    unnumbered-address lo0.0;
    }
    }
    }
    }
    }
    }
    system {
    root-authentication {
    encrypted-password "$5$IOagpIz5$8aUR2git1ZJxbqBbAsJezCP.7YQUnD3yKZL5CdKhpK3"; ## SECRET-DATA
    }
    services {
    ssh;
    }
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    }
    chassis {
    network-services enhanced-ip;
    }
    access-profile aaa;
    interfaces {
    ge-1/3/0 {
    unit 0 {
    family inet {
    address 192.168.89.5/29;
    }
    }
    }
    ge-1/3/1 {
    flexible-vlan-tagging;
    unit 100 {
    encapsulation ppp-over-ether;
    vlan-id 100;
    pppoe-underlying-options {
    dynamic-profile PPPoE-Profile;
    }
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 10.10.10.10/32;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 192.168.89.1;
    }
    }
    access {
    radius-server {
    192.168.10.7 {
    secret "$9$IU6RESLxdwgJLxaUi.zFuO1IRc"; ## SECRET-DATA
    timeout 6;
    retry 10;
    source-address 192.168.89.5;
    }
    }
    profile aaa {
    authentication-order radius;
    radius {
    authentication-server 192.168.10.7;
    accounting-server 192.168.10.7;
    options {
    nas-port-extended-format {
    slot-width 4;
    adapter-width 1;
    port-width 3;
    vlan-width 16;
    }
    nas-port-type {
    ethernet xdsl;
    }
    revert-interval 1200;
    }
    }
    accounting {
    order radius;
    accounting-stop-on-access-deny;
    coa-immediate-update;
    update-interval 10;
    statistics volume-time;
    }
    }
    address-assignment {
    pool test {
    family inet {
    network 10.1.1.0/24;
    range 1 {
    low 10.1.1.1;
    high 10.1.1.254;
    }
    }
    }
    }
    domain {
    map default {
    access-profile aaa;
    }
    }
    }



  • 11.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-13-2018 08:37

    What version you are running?
    In case 15.1 above, you need to enable few knobs.

    Set chassis network-service enhanced-ip
    Set system services subscriber-management enable
    Set system configuration-database max-db-size 100m

    Reboot the router after enabling the above knobs.



  • 12.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-13-2018 09:40


  • 13.  RE: I am in need of help setting up a pppoe server

    Posted 12-14-2018 04:07

     

    Now it worked out the radius is receiving authentication but not firming the connection, could you help me?

     

    How do I put bandwidth control?

     

    dynamic-profiles {
    PPPoE-Profile {
    interfaces {
    pp0 {
    unit "$junos-interface-unit" {
    no-traps;
    ppp-options {
    chap;
    pap;
    }
    pppoe-options {
    underlying-interface "$junos-underlying-interface";
    server;
    }
    family inet {
    unnumbered-address lo0.0;
    }
    }
    }
    }
    }
    }
    system {
    root-authentication {
    encrypted-password "$5$IOagpIz5$8aUR2git1ZJxbqBbAsJezCP.7YQUnD3yKZL5CdKh
    }
    services {
    ssh;
    subscriber-management {
    enable;
    }
    }
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    configuration-database {
    max-db-size 104857600;
    }
    }
    chassis {
    network-services enhanced-ip;
    }
    access-profile aaa;
    interfaces {
    ge-1/3/0 {
    unit 0 {
    family inet {
    address 192.168.89.5/29;
    }
    }
    }
    ge-1/3/1 {
    flexible-vlan-tagging;
    unit 100 {
    encapsulation ppp-over-ether;
    vlan-id 100;
    pppoe-underlying-options {
    dynamic-profile PPPoE-Profile;
    }
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 10.10.10.10/32;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 192.168.89.1;
    }
    }
    access {
    radius-server {
    192.168.10.7 {
    secret "$9$IU6RESLxdwgJLxaUi.zFuO1IRc"; ## SECRET-DATA
    timeout 6;
    retry 10;
    source-address 192.168.89.5;
    }
    }
    profile aaa {
    authentication-order radius;
    radius {
    authentication-server 192.168.10.7;
    accounting-server 192.168.10.7;
    options {
    nas-port-extended-format {
    slot-width 4;
    adapter-width 1;
    port-width 3;
    vlan-width 16;
    }
    nas-port-type {
    ethernet xdsl;
    }
    revert-interval 1200;
    }
    }
    accounting {
    order radius;
    accounting-stop-on-access-deny;
    coa-immediate-update;
    update-interval 10;
    statistics volume-time;
    }
    }
    address-assignment {
    pool test {
    family inet {
    network 10.1.1.0/24;
    range 1 {
    low 10.1.1.1;
    high 10.1.1.254;
    }
    }
    }
    }
    domain {
    map default {
    access-profile aaa;
    }
    }
    }

     

    juniper.png



  • 14.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-14-2018 04:11

    Try below and check if subscriber is coming online.

     

    set access profile none authentication-order none

    set access-profile none



  • 15.  RE: I am in need of help setting up a pppoe server

    Posted 12-14-2018 04:33


    Still not signing

     

    juniper2.png



  • 16.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-14-2018 04:44

    Please execute command "delete access domain" and check again

     



  • 17.  RE: I am in need of help setting up a pppoe server

    Posted 12-17-2018 01:56

    is now authenticating but has a but not searching in radius to authenticate authenticates any client

     

    dynamic-profiles {
    PPPoE-Profile {
    interfaces {
    pp0 {
    unit "$junos-interface-unit" {
    no-traps;
    ppp-options {
    chap;
    pap;
    }
    pppoe-options {
    underlying-interface "$junos-underlying-interface";
    server;
    }
    family inet {
    unnumbered-address lo0.0;
    }
    }
    }
    }
    }
    }
    system {
    root-authentication {
    encrypted-password "$5$IOagpIz5$8aUR2git1ZJxbqBbAsJezCP.7YQUnD3yKZL5CdKh pK3"; ## SECRET-DATA
    }
    services {
    ssh;
    subscriber-management {
    enable;
    }
    }
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    configuration-database {
    max-db-size 104857600;
    }
    }
    chassis {
    network-services enhanced-ip;
    }
    access-profile teste;
    interfaces {
    ge-1/3/0 {
    unit 0 {
    family inet {
    address 192.168.89.5/29;
    }
    }
    }
    ge-1/3/1 {
    flexible-vlan-tagging;
    unit 100 {
    encapsulation ppp-over-ether;
    vlan-id 100;
    pppoe-underlying-options {
    dynamic-profile PPPoE-Profile;
    }
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 10.10.10.10/32;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 192.168.89.1;
    }
    }
    access {
    radius-server {
    192.168.10.7 {
    secret "$9$IU6RESLxdwgJLxaUi.zFuO1IRc"; ## SECRET-DATA
    timeout 6;
    retry 10;
    source-address 192.168.89.5;
    }
    }
    profile aaa {
    authentication-order radius;
    radius {
    authentication-server 192.168.10.7;
    accounting-server 192.168.10.7;
    options {
    nas-port-extended-format {
    slot-width 4;
    adapter-width 1;
    port-width 3;
    vlan-width 16;
    }
    nas-port-type {
    ethernet xdsl;
    }
    revert-interval 1200;
    }
    }
    accounting {
    order radius;
    accounting-stop-on-access-deny;
    coa-immediate-update;
    update-interval 10;
    statistics volume-time;
    }
    }
    profile teste {
    authentication-order none;
    }
    address-assignment {
    pool test {
    family inet {
    network 10.1.1.0/24;
    range 1 {
    low 10.1.1.1;
    high 10.1.1.254;
    }
    }
    }
    }
    }



  • 18.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-17-2018 03:16
    Yes command was to stop the radius authentication. Is subscriber coming online?


  • 19.  RE: I am in need of help setting up a pppoe server

    Posted 12-17-2018 04:50

    yes it is online, but I have it to go through the radius, if you have how to teach me how to do band contrale freeradius is confortable



  • 20.  RE: I am in need of help setting up a pppoe server

     
    Posted 12-17-2018 06:57
    Please find the sample from freeradius and how to assign bandwidth to the subscriber.

    test@test.com Cleartext-Password := "XXXX"
    ERX-Ingress-Policy-Name = "12M",
    ERX-Egress-Policy-Name = "12M"

    labroot@X# show dynamic-profiles TEST
    interfaces {
    pp0 {
    unit "$junos-interface-unit" {
    ppp-options {
    chap;
    pap;
    }
    pppoe-options {
    underlying-interface "$junos-underlying-interface";
    server;
    }
    keepalives interval 60;
    family inet {
    filter {
    input "$junos-input-filter";
    output "$junos-output-filter";
    }
    unnumbered-address "$junos-loopback-interface";
    }
    }
    }
    }


    labroot@X# show firewall filter 12M
    interface-specific;
    term 1 {
    then {
    policer 12M;
    service-accounting;
    service-filter-hit;
    accept;
    }
    }

    [edit]
    labroot@X# show firewall policer 12M
    filter-specific;
    logical-interface-policer;
    if-exceeding {
    bandwidth-limit 12m;
    burst-size-limit 1m;
    }
    then discard;