Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  address-pool statements

    Posted 02-16-2020 08:03

    Dear all,

     

    I would like to understand the differences between the address-pools hierarchy. 

    edit access address-assignment 

      - pool -- here I can create pools and use them later from radius or as an ip-address-first

      - address-pools  -- here I can create named pools but with lots of network and configurations for those networks

         Could you explain what does the functionalities this hierarchy provide?

     

    edit access address-pool Test  -- what does this hierarchy do?

    I was not able to find any documentation which explains this.

    Thank you for any help.



  • 2.  RE: address-pool statements

     
    Posted 02-16-2020 17:43

    Hi Petro,

     

    the "set accesss address-pool" statement at the [edit access] hierarchy level, is more of a legacy knob.

     

    "address-assignment pools" are completely separate from services PIC-based L2TP LNS address pools, which you create with the address-pool statement at the [edit access] hierarchy level, and NAT pools, which you create with the pool statement at the [edit services nat] hierarchy level.

     

    Please refer to the follow document:

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/address-assignment-pools-subscriber-management.html

     

    If you're use case is for either static or dynamic subscriber service for PPPoE, DHCP, and even for the L2TP LNS subscriber, please use "access address-assignment pools " statement at the [edit access] hierarchy level.

     

    With access "address-assignment pools <pool_name>" you can either return the pool name from Radius calling VSA such framed-ipv4 or framed-ipv6 pool. If framed-pool name is not returned from Radius, client/subscriber is automatically assigned an address from the address-assignment pool.

     

     

     

     



  • 3.  RE: address-pool statements

    Posted 02-18-2020 14:50

    Thank you for your explanation it is very useful for me.

    But I still have one more question

    What does this hierarchy mean?

    edit access address-assignment address-pools -- the main thing here is that I can set a lot of networks for the same pool. I would like to ask you could I use this pool name

    set access address-assignment address-pools TestAddPool family inet network 172.17.20.0/24 range main low 172.17.20.2 high 172.17.20.254

    set access address-assignment address-pools TestAddPool family inet network 172.17.20.0/24 range main low 172.17.222.2 high 172.17.222.254

    And send radius-attribute Framed-IP-Pool with the name TestAddPool. Will Juniper set subscriber's IP address from these to different networks?

    Thanks,



  • 4.  RE: address-pool statements
    Best Answer

     
    Posted 02-18-2020 21:33

    Hi,

     

    I mentioned in my previous post, use "access address-assignment pool" for subscriber use.

    Your network "172.17.20.0/24" for range 172.17.222.2 ~ 172.17.222.254 is incorrect.

    Your correct network should be 172.17.222.0/24 to get 172.17.222.1 ~ 172.17.222.254 range or 254 host address.

     

    The last address network range will take precedence over the previous one when you set the the same pool name.

    You should aviod doing that and use linked pool.

     

    In order to bind the network address ranges, create different pool name and then link them using "link" knob to the pool chain for a continuous address space. For example, return the framed-pool name "TestAddPool1" from radius and MX will allocate address from TestAddPool1. Once the TestAddPool1 addresses are fully utilized and as more subscriber logs in, MX will allocate address from linked pool called TestAddPool2.

     

    You don't require to return TestAddPool2 from radius at this point. So just return "TestAddPool1" from radius and MX will allocate the address from main pool "TestAddPool1" followed by linked pool "TestAddPool2" when TestAddPool1 is full. You can also create another pool "TestAddPool3" and link it to "TestAddPool2" so that when TestAddPool2 is full, addresses from TestAddPool3 will be picked.

     

    re0# show access address-assignment pool TestAddPool1 | display set
    set access address-assignment pool TestAddPool1 link TestAddPool2
    set access address-assignment pool TestAddPool1 family inet network 172.17.20.0/24
    set access address-assignment pool TestAddPool1 family inet range main low 172.17.20.2
    set access address-assignment pool TestAddPool1 family inet range main high 172.17.20.254

     


    re0# show access address-assignment pool TestAddPool2 | display set
    set access address-assignment pool TestAddPool2 family inet network 172.17.222.0/24
    set access address-assignment pool TestAddPool2 family inet range main low 172.17.222.2
    set access address-assignment pool TestAddPool2 family inet range main high 172.17.222.254

     

    And ofcourse, if you want to certain set of subscribers with different network range, you can simply return the specfic pool name from radius accordingly.

     

     



  • 5.  RE: address-pool statements

    Posted 02-19-2020 00:28

    Thank you, Karah for the detailed explanation.

    Sorry for the mistake in network definition. But I still have a question related to the know address-pools.

    pool DHCP_Fake {
    family inet {
        network 10.255.0.0/16;
        range main {
            low 10.255.0.10;
            high 10.255.255.250;
        }
        dhcp-attributes {
            maximum-lease-time 2400;
            name-server {
                192.168.192.168;
                8.8.8.8;
            }                           
            router {
                10.255.0.1;
            }
            t1-percentage 60;
            t2-percentage 85;
        }
    }
}
address-pools {
    TestAddPool {
        family inet {
            network {
                172.17.20.0/24 {
                    range {
                        main {
                            low 172.17.20.3;
                            high 172.17.20.252;
                        }
                    }
                }
                172.17.21.0/24 {
                    range {
                        main21 {
                            low 172.17.21.3;
                            high 172.17.21.252;
                        }
                    }
                }
            }
        }
    }
}

    As you can see in the address-pools know I can add a lot of network into one pool.

    Can I use TestAddPool from Radius?
    Thanks,



  • 6.  RE: address-pool statements

     
    Posted 02-19-2020 02:15

     

    You can do the similar thing with "address-assignment pool" knob using biggger pool and sort them in different sub-ranges.

    else create different pool/different network and link the pool and in case of dhcp, its keeps the router/network address to fetch matching pool.

     

    re0# show access address-assignment pool dhcpv4
    family inet {
    network 10.100.0.0/16;
    range 1 {
    low 10.100.1.1;
    high 10.100.1.254;
    }
    range 2 {
    low 10.100.2.1;
    high 10.100.2.254;
    }