Routing

Expand all | Collapse all

L2TP and FreeRADIUS Juniper VSA's

Jump to Best Answer
  • 1.  L2TP and FreeRADIUS Juniper VSA's

     
    Posted 01-23-2018 01:44

    Hi,

     

    With the help of the great people here, I have a working, test, LNS for L2TP. Currently the configuration issues IP addresses from a pool on the LNS. Our requirements are that we will issue the addresses via the RADIUS server. The configuration for the RADIUS and pool is as follows:

     

    set access profile aaa-profile authentication-order radius
    set access profile aaa-profile radius authentication-server 195.80.0.38
    set access profile aaa-profile radius-server 195.80.0.38 secret "$9$2mgGiPfz6CuQFu1EyW8VwYgZUik.5z3"
    set access address-assignment pool POOL family inet network 192.168.85.0/24
    set access address-assignment pool POOL family inet range lns low 192.168.85.1
    set access address-assignment pool POOL family inet range lns high 192.168.85.254

     

    And the "lns" part is called within the dynamic profile and also the SI interface.

     

    My question is: If we are assigning the IP from the RADIUS, do we require this configuration on the LNS itself please? Can I remove the configuration?

     

    Thanks

     



  • 2.  RE: L2TP and FreeRADIUS Juniper VSA's

     
    Posted 01-23-2018 02:03

    Hi,

     

     

    If you assigning IPAddr to subscriber from this pool "POOL" by returning framed-ip-pool VSA from Address, then yes, you do require this pool configuration. And in case if your IPAddress Allocation for Subscriber is external (Radius), then the local pool configuration is not required.

     

    But i suggest to keep a pool in spare on MX,  say that in case if external entity ran out of address for some reason, you still have IP to be picked from local pool.

     

     

     

     

     



  • 3.  RE: L2TP and FreeRADIUS Juniper VSA's
    Best Answer

     
    Posted 01-23-2018 02:15

     

    Also to add some more info, Radius returned attributes have more preference over the local attributes.

    Meaning, you have happen to keep the ip address POOL on the node(MX) and return IPAddr from Radius, the attribute returned from Radius will be prefered. So let the ip address pool be there, Radius returned VSA will override.

     

     

     

     



  • 4.  RE: L2TP and FreeRADIUS Juniper VSA's

     
    Posted 01-23-2018 03:00

    Hi Karan,

     

    Thank you. That's the answer I was looking for. Much appreciated.

     

    Thanks