Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

MX 240 dhcp subscribers into VRF

  • 1.  MX 240 dhcp subscribers into VRF

    Posted 08-30-2021 09:51

    Hello

    I have VRF with BGP fo example HNET

    And dhcp local server that auth subscriber through radius server

    All subscribers get IP inside inet.0 table

    I need that dhcp subscriber get access to HNET table

    Config

    set system services dhcp-local-server pool-match-order option-82
    set system services dhcp-local-server pool-match-order external-authority
    set system services dhcp-local-server liveness-detection method layer2-liveness-detection transmit-interval 300
    set system services dhcp-local-server liveness-detection method layer2-liveness-detection max-consecutive-retries 3
    deactivate system services dhcp-local-server liveness-detection
    set system services dhcp-local-server group IPoE authentication password IPoE
    set system services dhcp-local-server group IPoE authentication username-include user-prefix OPT82
    set system services dhcp-local-server group IPoE authentication username-include option-82 circuit-id
    set system services dhcp-local-server group IPoE authentication username-include option-82 remote-id
    set system services dhcp-local-server group IPoE dynamic-profile CLIENTS-IPoE
    set system services dhcp-local-server group IPoE short-cycle-protection lockout-min-time 10
    set system services dhcp-local-server group IPoE short-cycle-protection lockout-max-time 300
    deactivate system services dhcp-local-server group IPoE short-cycle-protection
    set system services dhcp-local-server group IPoE interface demux0.0

    set access profile BILLING accounting-order radius
    set access profile BILLING authentication-order radius
    set access profile BILLING radius authentication-server 10.255.245.165
    set access profile BILLING radius accounting-server 10.255.245.165
    set access profile BILLING radius options accounting-session-id-format decimal
    set access profile BILLING radius-server 10.255.246.99 port 1812
    set access profile BILLING radius-server 10.255.246.99 accounting-port 1813
    set access profile BILLING radius-server 10.255.246.99 secret "$9$scYJU3nCAu1Nd2aUDmPBIEcyKLxdsgoLXUj"
    set access profile BILLING radius-server 10.255.246.99 timeout 30
    set access profile BILLING radius-server 10.255.246.99 retry 5
    set access profile BILLING radius-server 10.255.246.99 max-outstanding-requests 1000
    set access profile BILLING radius-server 10.255.246.99 source-address 10.255.245.164
    deactivate access profile BILLING radius-server 10.255.246.99
    set access profile BILLING radius-server 10.255.245.165 port 1812
    set access profile BILLING radius-server 10.255.245.165 accounting-port 1813
    set access profile BILLING radius-server 10.255.245.165 secret 
    set access profile BILLING radius-server 10.255.245.165 timeout 30
    set access profile BILLING radius-server 10.255.245.165 retry 5
    set access profile BILLING radius-server 10.255.245.165 max-outstanding-requests 1000
    set access profile BILLING radius-server 10.255.245.165 source-address 10.255.245.164
    set access profile BILLING accounting order radius
    set access profile BILLING accounting accounting-stop-on-failure
    set access profile BILLING accounting accounting-stop-on-access-deny
    set access profile BILLING accounting immediate-update
    set access profile BILLING accounting coa-immediate-update
    set access profile BILLING accounting address-change-immediate-update
    set access profile BILLING accounting update-interval 10
    set access profile BILLING accounting statistics volume-time

    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" actual-transit-statistics
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" proxy-arp
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address
    set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" actual-transit-statistics
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" demux-source inet
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" proxy-arp
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles VLAN-IPoE interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
    set dynamic-profiles svc-global-ipoe variables SPEED_IN default-value 10000000
    set dynamic-profiles svc-global-ipoe variables SPEED_IN mandatory
    set dynamic-profiles svc-global-ipoe variables SPEED_OUT default-value 10000000
    set dynamic-profiles svc-global-ipoe variables SPEED_OUT mandatory
    set dynamic-profiles svc-global-ipoe variables INET_OUT uid
    set dynamic-profiles svc-global-ipoe variables POLICER_IN uid
    set dynamic-profiles svc-global-ipoe variables POLICER_OUT uid
    set dynamic-profiles svc-global-ipoe variables INET_IN uid
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter input "$INET_IN"
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter input precedence 50
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter output "$INET_OUT"
    set dynamic-profiles svc-global-ipoe interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet filter output precedence 50
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" interface-specific
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" term default then policer "$POLICER_OUT"
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" term default then service-accounting
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_OUT" term default then accept
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" interface-specific
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET from source-prefix-list CustomerIP
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET then policer "$POLICER_IN"
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET then service-accounting
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term TO-HNET then routing-instance to-hnet
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term default then policer "$POLICER_IN"
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term default then service-accounting
    set dynamic-profiles svc-global-ipoe firewall family inet filter "$INET_IN" term default then accept
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" filter-specific
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" logical-interface-policer
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" if-exceeding bandwidth-limit "$SPEED_IN"
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" if-exceeding burst-size-limit 512k
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_IN" then discard
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" filter-specific
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" logical-interface-policer
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" if-exceeding bandwidth-limit "$SPEED_OUT"
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" if-exceeding burst-size-limit 512k
    set dynamic-profiles svc-global-ipoe firewall policer "$POLICER_OUT" then discard

    et routing-instances to-hnet instance-type forwarding
    set routing-instances to-hnet routing-options static route 0.0.0.0/0 next-table hnet.inet.0

    set routing-options rib-groups TO-HNET import-rib inet.0
    set routing-options rib-groups TO-HNET import-rib hnet.inet.0
    set routing-options rib-groups TO-HNET import-rib to-hnet.inet.0

    Whant can I do to fix my problem?