Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

MX BNG attribute nas-port format and domain stripping

This thread has been viewed 1 times
  • 1.  MX BNG attribute nas-port format and domain stripping

    Posted 10-02-2020 00:42

    Hi

     

    I am trying to port an IOS-XE BNG config over to Junos.

    I have an entry on my cisco which states:

     

    aaa group server radius FREERADIUS
    server-private 1.1.1.1 auth-port 1812 acct-port 1813 timeout 3 retransmit 2 
    ip radius source-interface Loopback20
    attribute nas-port format d
    throttle accounting 100 access 100 access-timeout 3
    domain-stripping
    !

     

    I can see that the NAS port format d is PPPoX

    format

    NAS-Port format. Possible values for the format argument are as follows:

    • a--Standard NAS-Port format
    • b--Extended NAS-Port format
    • c--Carrier-based format
    • d--PPPoX (PPP over Ethernet or PPP over ATM) extended NAS-Port format
    • e--C onfigurable NAS-Port format

    Does anyone know what the equivalent command is on Junos?

     

    also in that piece of code there is a domain-stripping entry.

    I have seen on junos a domain-map that can allow me to strip the domain name

    [access]

      domain {
        map default {
          strip-domain;
      }
    }

     

    But this seems to be at a global level rather than per radius server/group

     

    many thanks

     


    #mxbng


  • 2.  Re: MX BNG attribute nas-port format and domain stripping

     
    Posted 10-02-2020 01:07

    Hi,

     

    If you want to change/modify NAS-PORT-ID from its default setting, use the following knob:


    #set access profile test radius options nas-
    'nas-' is ambiguous.
    Possible completions:
    nas-identifier NAS-Identifier to be used for authentication and accounting requests (RADIUS attribute 32)
    > nas-port-extended-format RADIUS client's use of an extended format for RADIUS attribute 5
    nas-port-id-delimiter Single character delimiter character to use in the NAS-Port-Id
    > nas-port-id-format Format methods for building the NAS-Port-Id radius attribute
    > nas-port-type Translation mechanism for changing the NAS-Port-Type radius attribute


    and in case if you want to exclude NAS-PORT-ID information from AAA messages, use the following knob:


    # set access profile test radius attributes exclude nas-
    'nas-' is ambiguous.
    Possible completions:
    + nas-identifier Excludes RADIUS attribute 32, NAS-identifier
    + nas-port Excludes RADIUS attribute 5, NAS-Port
    + nas-port-id Excludes RADIUS attribute 87, NAS-Port-ID
    + nas-port-type Excludes RADIUS attribute 61, NAS-Port-Type

     

    More info on NAS-PORT-ID, visit the following document:

     


    As for domain map, it is supported in the default logical system only:

    Though you can strip a domain based on domain name other than the default by creating one:
    # set access domain map test.com strip-domain