Routing

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Juniper MX BNG Radius Server access over Routing-instance

  • 1.  Juniper MX BNG Radius Server access over Routing-instance

    Posted 03-23-2022 09:21
    Hi,

    I want radius authentication over routing-instance, no on global RI.
    I have below the interface group config I applied under the access interface connected DSL aggregation link.
    Also below access radius config.
    I cannot see any radius auth message send from BNG.
    I think I need to bind the below interface group to vrf-provisioning.
    How can I do this?

    interface ae0
    apply-groups ACCESS
    !
    [edit group ACCESS]

    interfaces {

        <*> {

            hierarchical-scheduler;

            flexible-vlan-tagging;

            auto-configure {

                stacked-vlan-ranges {

                    dynamic-profile VLAN {

                        accept dhcp-v4;

                        ranges {

                            any,any;

                        }

                    }

                    authentication {

                        password xxx;

                        username-include {

                            option-82 circuit-id;

                        }

                    }

                    access-profile RADIUS;

                }

                remove-when-no-subscribers;

            }

    And access config like below:

    radius-server {

        10.10.10.38 {

            secret "$s;kf;lsdkfl;"; ## SECRET-DATA

            source-address 10.1.1.40;

            routing-instance vrf-provisioning;

        }

    }

    radius-disconnect {

        10.10.10.38 secret "$dasdasfa"; ## SECRET-DATA

    }

    profile RADIUS {

        accounting-order radius;

        authentication-order [ radius none ];

        radius {

            authentication-server 10.10.10.38;

            accounting-server 10.10.10.38;

            options {

                juniper-access-line-attributes;

            }

        }

        radius-server {

            10.10.10.38 {

                secret "$sdfsdfsdf"; ## SECRET-DATA

                source-address 10.1.1.40;

                routing-instance vrf-provisioning;

            }

        }

        accounting {

            order radius;

            coa-immediate-update;

            address-change-immediate-update;

            update-interval 30;

            statistics volume-time;

        }

    }



    ------------------------------
    UY
    ------------------------------