Routing

Expand all | Collapse all

L2TP Client and IPv6

Jump to Best Answer
  • 1.  L2TP Client and IPv6

     
    Posted 02-08-2018 01:26

    Hi all,

     

    Thank you for your help with regards to the BGP configuration. We now have a fully working end-to-end test completed for IPv4. I have a couple of quick questions if I may regarding the same test for IPv6 (as we will be utilising dual-stack):

     

    First question is regarding the LNS. Currently we have everything configured to allow for IPv4 and, although I had IPv6 offering working before, it was only working via the IPv6 address being issued from a pool on the LNS. I have no problem configuring the Framed-IPv6-Prefix VSA on the RADIUS, but, what are the best command lines to introduce on the LNS to allow for this IPv6. Currently configured as follows for IPv4:

     

    set dynamic-profiles dyn-lns-profile routing-instances "$junos-routing-instance" interface "$junos-interface-name"
    set dynamic-profiles dyn-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop"
    set dynamic-profiles dyn-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix metric "$junos-framed-route-cost"
    set dynamic-profiles dyn-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix preference "$junos-framed-route-distance"
    set dynamic-profiles dyn-lns-profile routing-instances "$junos-routing-instance" routing-options access-internal route $junos-subscriber-ip-address qualified-next-hop "$junos-interface-name"
    set dynamic-profiles dyn-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options l2tp-interface-id l2tp-encapsulation
    set dynamic-profiles dyn-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options dedicated
    set dynamic-profiles dyn-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" no-traps
    set dynamic-profiles dyn-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
    set dynamic-profiles dyn-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"

     

    set system dynamic-profile-options versioning

    set system services subscriber-management enable

    set system configuration-database max-db-size 314572800
    set system processes smg-service

    set services l2tp tunnel-group LAC l2tp-access-profile l2tp-profile
    set services l2tp tunnel-group LAC aaa-access-profile aaa-profile
    set services l2tp tunnel-group LAC local-gateway address 195.80.0.62
    set services l2tp tunnel-group LAC service-device-pool lns
    set services l2tp tunnel-group LAC dynamic-profile dyn-lns-profile

    set services service-device-pools pool lns interface si-1/2/0

    set interfaces si-1/2/0 hierarchical-scheduler maximum-hierarchy-levels 2
    set interfaces si-1/2/0 encapsulation generic-services
    set interfaces si-1/2/0 unit 0 family inet
    set interfaces si-1/2/0 unit 0 family inet6

    set access group-profile l2tp-group-profile ppp idle-timeout 200
    set access group-profile l2tp-group-profile ppp ppp-options pap
    set access group-profile l2tp-group-profile ppp ppp-options mtu 1492
    set access group-profile l2tp-group-profile ppp keepalive 30
    set access profile l2tp-profile client 21CN l2tp maximum-sessions-per-tunnel 4000
    set access profile l2tp-profile client 21CN l2tp interface-id l2tp-encapsulation
    set access profile l2tp-profile client 21CN l2tp shared-secret "$9$5T6AB1hrK8Ec87dsJZqmfTn/Ap0IhS"
    set access profile l2tp-profile client 21CN user-group-profile l2tp-group-profile
    set access profile aaa-profile authentication-order radius
    set access profile aaa-profile radius authentication-server 195.80.0.38
    set access profile aaa-profile radius-server 195.80.0.38 secret "$9$2mgGiPfz6CuQFu1EyW8VwYgZUik.5z3"
    set access address-assignment pool POOL family inet network 192.168.85.0/24
    set access address-assignment pool POOL family inet range lns low 192.168.85.1
    set access address-assignment pool POOL family inet range lns high 192.168.85.254

     

    Can I assume that I only need to add the following lines of code to the LNS:

     

    set dynamic-profiles dyn-lns-profile protocols router-advertisement interface "$junos-interface-name" managed-configuration
    set dynamic-profiles dyn-lns-profile protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration
    set dynamic-profiles dyn-lns-profile protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix

    set system services dhcp-local-server dhcpv6 group test interface si-1/2/0.0

    set access address-assignment neighbor-discovery-router-advertisement NDRA

    set access address-assignment pool POOL family inet6 prefix 2a05:d840:0100:0200::/64
    set access address-assignment pool POOL family inet6 range LNS low 2a05:d840:0100:0200::2/128
    set access address-assignment pool POOL family inet6 range LNS high 2a05:d840:0100:0200::10/128

    set access address-assignment pool NDRA family inet6 prefix 2a05:d840:0100::/48
    set access address-assignment pool NDRA family inet6 range LNS low 2a05:d840:0100:0200::/64
    set access address-assignment pool NDRA family inet6 range LNS high 2a05:d840:0100:ffff::/64

    set routing-instances test access address-assignment neighbor-discovery-router-advertisement NDRA
    set routing-instances test access address-assignment pool POOL family inet6 prefix 2a05:d840:0100:0200::/64
    set routing-instances test access address-assignment pool POOL family inet6 range LNS low 2a05:d840:0100:0200::2/128
    set routing-instances test access address-assignment pool POOL family inet6 range LNS high 2a05:d840:0100:0200::10/128

     

    Apologies for the length of the post.

     



  • 2.  RE: L2TP Client and IPv6

     
    Posted 02-08-2018 01:28

    Second question based around the LNS.... easier to answer I expect 🙂

     

    Our downstream LAC supplier has stated that they do not normally utilise client names for their L2TP tunnels, but I currently have configured the following (for test purposes):

     

    set access profile l2tp-profile client 21CN l2tp maximum-sessions-per-tunnel 4000
    set access profile l2tp-profile client 21CN l2tp interface-id l2tp-encapsulation
    set access profile l2tp-profile client 21CN l2tp shared-secret "$9$5T6AB1hrK8Ec87dsJZqmfTn/Ap0IhS"
    set access profile l2tp-profile client 21CN user-group-profile l2tp-group-profile

     

    Do I just remove the client name from this profile or do I have to configure it some other way?

     

    Thanks



  • 3.  RE: L2TP Client and IPv6

     
    Posted 02-08-2018 02:05

    Hi Clive,

     

    For your second question, you can change the name to default. Let me review you first query.

     

    Regards,

    Rahul 



  • 4.  RE: L2TP Client and IPv6
    Best Answer

     
    Posted 02-08-2018 02:17

    Hi CLive,

     

    For first query, yes you need below configuration. Please confirm your requirement.

     

    You need to assign NDRA+PD or NDRA or DHCPv6 IANA+IAPD or DHCPv6 IAPD

     

    To support NDRA, you need below configuration.

     

    set dynamic-profiles dyn-lns-profile protocols router-advertisement interface "$junos-interface-name" managed-configuration
    set dynamic-profiles dyn-lns-profile protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration
    set dynamic-profiles dyn-lns-profile protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix

     

    To allocate DHCPv6 PD prefix you need below configuration.


    set system services dhcp-local-server dhcpv6 group test interface si-1/2/0.0
    set system services dhcp-local-server dhcpv6 group test overrides delegated-pool test

     

    NDRA pool from MX, else you can return from radius.


    set access address-assignment neighbor-discovery-router-advertisement NDRA


    DHCPv6 IANA

     

    set access address-assignment pool POOL family inet6 prefix 2a05:d840:0100:0200::/64
    set access address-assignment pool POOL family inet6 range LNS low 2a05:d840:0100:0200::2/128
    set access address-assignment pool POOL family inet6 range LNS high 2a05:d840:0100:0200::10/128

     

    NDRA


    set access address-assignment pool NDRA family inet6 prefix 2a05:d840:0100::/48
    set access address-assignment pool NDRA family inet6 range LNS low 2a05:d840:0100:0200::/64
    set access address-assignment pool NDRA family inet6 range LNS high 2a05:d840:0100:ffff::/64

     

    IANA

     

    set routing-instances test access address-assignment neighbor-discovery-router-advertisement NDRA
    set routing-instances test access address-assignment pool POOL family inet6 prefix 2a05:d840:0100:0200::/64
    set routing-instances test access address-assignment pool POOL family inet6 range LNS low 2a05:d840:0100:0200::2/128
    set routing-instances test access address-assignment pool POOL family inet6 range LNS high 2a05:d840:0100:0200::10/128



  • 5.  RE: L2TP Client and IPv6

     
    Posted 02-08-2018 03:15

    Hi Rahul,

     

    Thank you for the response. This is exactly what I expected. very much appreciated.

     

    Thanks

     

    Clive