Hi everyone,
I am having a big trouble trying to configure a MX80 router as a PPPoE server. I'm trying to configure it to receive shaper values from radius attributes, but it is not working correctly, I think I am missing something:
Aug 16 14:21:31.849269 UserAccess:planoteste session-id:3204 state:log-out 4%xe-2/0/1.1000:1000 reason: ppp subscriber-mgr-activation-failed
Here is my configuration:
version 15.1R6.7;
dynamic-profiles {
PPPoE-Profile {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
routing-options {
access {
route $junos-framed-route-ip-address-prefix {
next-hop "$junos-framed-route-nexthop";
metric "$junos-framed-route-cost";
preference "$junos-framed-route-distance";
tag "$junos-framed-route-tag";
}
}
access-internal {
route $junos-subscriber-ip-address {
qualified-next-hop "$junos-interface-name";
}
}
}
}
}
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
chap;
pap;
mtu 1480;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
}
PPPoE-Rate-Limit {
variables {
up-rate {
default-value 32k;
mandatory;
}
down-rate {
default-value 32k;
mandatory;
}
filter-up uid;
filter-down uid;
shaper-up uid;
shaper-down uid;
}
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
family inet {
filter {
input "$filter-up";
output "$filter-down";
}
}
}
}
}
firewall {
family inet {
filter "$filter-up" {
interface-specific;
term accept {
then {
policer "$shaper-up";
service-filter-hit;
accept;
}
}
}
filter "$filter-down" {
interface-specific;
term accept {
then {
policer "$shaper-down";
service-filter-hit;
accept;
}
}
}
}
policer "$shaper-up" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$up-rate";
burst-size-limit 1024000000;
}
then discard;
}
policer "$shaper-down" {
filter-specific;
logical-interface-policer;
if-exceeding {
bandwidth-limit "$down-rate";
burst-size-limit 1024000000;
}
then discard;
}
}
}
}
system {
host-name BRAS-SDT-01;
time-zone America/Sao_Paulo;
no-multicast-echo;
no-redirects;
no-ping-record-route;
no-ping-time-stamp;
internet-options {
inactive: icmpv4-rate-limit packet-rate 10;
path-mtu-discovery;
tcp-drop-synfin-set;
ipv6-path-mtu-discovery;
no-tcp-reset drop-all-tcp;
}
root-authentication {
encrypted-password "$5$hy7U0vlP$QVeRDU.QYm7vE4gK6CVqK6tqcU4NDAh1OeIG71w64I5"; ## SECRET-DATA
}
name-server {
A.B.C.D;
}
dynamic-profile-options {
versioning;
}
radius-options {
attributes {
nas-ip-address 10.20.1.114;
}
}
login {
user teste {
uid 2010;
class super-user;
authentication {
encrypted-password "$5$lnXHStnE$UUsB1v4ePNe2a4HB9ajIl1B1qLfEJN5IRXV3EztE0CC"; ## SECRET-DATA
}
}
}
services {
ssh {
protocol-version v2;
}
telnet;
subscriber-management {
enable;
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
configuration-database {
max-db-size 104857600;
}
processes {
general-authentication-service {
traceoptions {
file auth-geral.log size 10m files 4 world-readable;
flag address-assignment;
flag user-access;
flag radius;
inactive: flag session-db;
inactive: flag profile-db;
flag all;
}
}
}
}
chassis {
network-services enhanced-ip;
}
access-profile PPPoE-Access-Profile;
interfaces {
xe-2/0/0 {
unit 0 {
family inet {
address 10.20.1.114/24;
}
}
}
xe-2/0/1 {
vlan-tagging;
unit 1000 {
encapsulation ppp-over-ether;
vlan-id 1000;
pppoe-underlying-options {
access-concentrator TESTE_NAS;
duplicate-protection;
dynamic-profile PPPoE-Profile;
service-name-table PPPoE-Table;
}
}
}
fxp0 {
unit 0 {
family inet;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.20.1.1;
}
}
protocols {
ppp-service {
traceoptions {
file ppps.log size 10m world-readable;
level all;
flag all;
}
}
ppp {
traceoptions {
file ppp.log size 10m files 8 world-readable;
level all;
flag all;
}
}
pppoe {
traceoptions {
file pppoe.log size 10m files 8 world-readable;
level all;
flag all;
}
service-name-tables PPPoE-Table {
service any {
terminate;
}
service empty {
terminate;
}
}
}
}
access {
radius-server {
A.B.C.D {
port 1812;
accounting-port 1813;
secret "$9$tiavu1hLX-dwgM8aUji.muOBIyl"; ## SECRET-DATA
timeout 40;
retry 3;
accounting-timeout 20;
accounting-retry 6;
}
}
radius-disconnect-port 3799;
radius-disconnect {
189.90.192.16 secret "$9$nysU/tOeK8L7Vyls4aJDj/CApIE"; ## SECRET-DATA
}
profile PPPoE-Access-Profile {
accounting-order radius;
authentication-order radius;
domain-name-server-inet {
A.B.C.D;
A.B.C.D;
}
radius {
authentication-server A.B.C.D;
accounting-server A.B.C.D;
options {
nas-identifier 4;
nas-port-id-delimiter "%";
nas-port-id-format {
nas-identifier;
interface-description;
}
nas-port-type {
ethernet ethernet;
}
calling-station-id-delimiter :;
calling-station-id-format {
mac-address;
}
accounting-session-id-format decimal;
client-authentication-algorithm direct;
client-accounting-algorithm direct;
service-activation {
dynamic-profile required-at-login;
}
}
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
coa-immediate-update;
update-interval 10;
statistics volume-time;
wait-for-acct-on-ack;
send-acct-status-on-config-change;
}
}
domain {
map DEFAULT {
access-profile PPPoE-Access-Profile;
}
}
radius-options {
unique-nas-port {
chassis-id 1;
chassis-id-width 7;
}
}
}
My freeradius is sending this reply attribute:
Radius service activate attribute is being sent with this value: PPPoE-Rate-Limit(5120k,10240k)
Can someone help me with this.
Thanks.