Hi,
I want radius authentication over routing-instance, no on global RI.
I have below the interface group config I applied under the access interface connected DSL aggregation link.
Also below access radius config.
I cannot see any radius auth message send from BNG.
I think I need to bind the below interface group to vrf-provisioning.
How can I do this?
interface ae0
apply-groups ACCESS
!
[edit group ACCESS]
interfaces {
<*> {
hierarchical-scheduler;
flexible-vlan-tagging;
auto-configure {
stacked-vlan-ranges {
dynamic-profile VLAN {
accept dhcp-v4;
ranges {
any,any;
}
}
authentication {
password xxx;
username-include {
option-82 circuit-id;
}
}
access-profile RADIUS;
}
remove-when-no-subscribers;
}
And access config like below:
radius-server {
10.10.10.38 {
secret "$s;kf;lsdkfl;"; ## SECRET-DATA
source-address 10.1.1.40;
routing-instance vrf-provisioning;
}
}
radius-disconnect {
10.10.10.38 secret "$dasdasfa"; ## SECRET-DATA
}
profile RADIUS {
accounting-order radius;
authentication-order [ radius none ];
radius {
authentication-server 10.10.10.38;
accounting-server 10.10.10.38;
options {
juniper-access-line-attributes;
}
}
radius-server {
10.10.10.38 {
secret "$sdfsdfsdf"; ## SECRET-DATA
source-address 10.1.1.40;
routing-instance vrf-provisioning;
}
}
accounting {
order radius;
coa-immediate-update;
address-change-immediate-update;
update-interval 30;
statistics volume-time;
}
}
------------------------------
UY
------------------------------