Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



MX 240 dhcp subscribers into VRF

  • 1.  MX 240 dhcp subscribers into VRF

    Posted 08-30-2021 09:51

    Hello

    I have VRF with BGP fo example HNET

    And dhcp local server that auth subscriber through radius server

    All subscribers get IP inside inet.0 table

    I need that dhcp subscriber get access to HNET table

    Config

    set system services dhcp-local-server pool-match-order option-82
    set system services dhcp-local-server pool-match-order external-authority
    set system services dhcp-local-server liveness-detection method layer2-liveness-detection transmit-interval 300
    set system services dhcp-local-server liveness-detection method layer2-liveness-detection max-consecutive-retries 3
    deactivate system services dhcp-local-server liveness-detection
    set system services dhcp-local-server group IPoE authentication password IPoE
    set system services dhcp-local-server group IPoE authentication username-include user-prefix OPT82
    set system services dhcp-local-server group IPoE authentication username-include option-82 circuit-id
    set system services dhcp-local-server group IPoE authentication username-include option-82 remote-id
    set system services dhcp-local-server group IPoE dynamic-profile CLIENTS-IPoE
    set system services dhcp-local-server group IPoE short-cycle-protection lockout-min-time 10
    set system services dhcp-local-server group IPoE short-cycle-protection lockout-max-time 300
    deactivate system services dhcp-local-server group IPoE short-cycle-protection
    set system services dhcp-local-server group IPoE interface demux0.0

    set access profile BILLING accounting-order radius
    set access profile BILLING authentication-order radius
    set access profile BILLING radius authentication-server 10.255.245.165
    set access profile BILLING radius accounting-server 10.255.245.165
    set access profile BILLING radius options accounting-session-id-format decimal
    set access profile BILLING radius-server 10.255.246.99 port 1812
    set access profile BILLING radius-server 10.255.246.99 accounting-port 1813
    set access profile BILLING radius-server 10.255.246.99 secret "$9$scYJU3nCAu1Nd2aUDmPBIEcyKLxdsgoLXUj"
    set access profile BILLING radius-server 10.255.246.99 timeout 30
    set access profile BILLING radius-server 10.255.246.99 retry 5
    set access profile BILLING radius-server 10.255.246.99 max-outstanding-requests 1000
    set access profile BILLING radius-server 10.255.246.99 source-address 10.255.245.164
    deactivate access profile BILLING radius-server 10.255.246.99
    set access profile BILLING radius-server 10.255.245.165 port 1812
    set access profile BILLING radius-server 10.255.245.165 accounting-port 1813
    set access profile BILLING radius-server 10.255.245.165 secret 
    set access profile BILLING radius-server 10.255.245.165 timeout 30
    set access profile BILLING radius-server 10.255.245.165 retry 5
    set access profile BILLING radius-server 10.255.245.165 max-outstanding-requests 1000
    set access profile BILLING radius-server 10.255.245.165 source-address 10.255.245.164
    set access profile BILLING accounting order radius
    set access profile BILLING accounting accounting-stop-on-failure
    set access profile BILLING accounting accounting-stop-on-access-deny
    set access profile BILLING accounting immediate-update
    set access profile BILLING accounting coa-immediate-update
    set access profile BILLING accounting address-change-immediate-update
    set access profile BILLING accounting update-interval 10
    set access profile BILLING accounting statistics volume-time

    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" actual-transit-statistics
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" proxy-arp
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" actual-transit-statistics
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" demux-source inet
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" proxy-arp
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
    set dynamic-profiles svc-global-ipoe variables SPEED_IN default-value 10000000
    set dynamic-profiles svc-global-ipoe variables SPEED_IN mandatory
    set dynamic-profiles svc-global-ipoe variables SPEED_OUT default-value 10000000
    set dynamic-profiles svc-global-ipoe variables SPEED_OUT mandatory
    set dynamic-profiles svc-global-ipoe variables INET_OUT uid
    set dynamic-profiles svc-global-ipoe variables POLICER_IN uid
    set dynamic-profiles svc-global-ipoe variables POLICER_OUT uid
    set dynamic-profiles svc-global-ipoe variables INET_IN uid
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter input "$INET_IN"
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter input precedence 50
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter output "$INET_OUT"
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter output precedence 50
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" interface-specific
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" term default then policer "$POLICER_OUT"
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" term default then service-accounting
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" term default then accept
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" interface-specific
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET from source-prefix-list CustomerIP
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET then policer "$POLICER_IN"
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET then service-accounting
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET then routing-instance to-hnet
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term default then policer "$POLICER_IN"
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term default then service-accounting
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term default then accept
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" filter-specific
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" logical-interface-policer
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" if-exceeding bandwidth-limit "$SPEED_IN"
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" if-exceeding burst-size-limit 512k
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" then discard
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" filter-specific
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" logical-interface-policer
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" if-exceeding bandwidth-limit "$SPEED_OUT"
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" if-exceeding burst-size-limit 512k
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" then discard

    et routing-instances to-hnet instance-type forwarding
    set routing-instances to-hnet routing-options static route 0.0.0.0/0 next-table hnet.inet.0

    set routing-options rib-groups TO-HNET import-rib inet.0
    set routing-options rib-groups TO-HNET import-rib hnet.inet.0
    set routing-options rib-groups TO-HNET import-rib to-hnet.inet.0

    Whant can I do to fix my problem?