Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Juniper MX BNG Radius Server access over Routing-instance

  • 1.  Juniper MX BNG Radius Server access over Routing-instance

    Posted 03-23-2022 09:21
    Hi,

    I want radius authentication over routing-instance, no on global RI.
    I have below the interface group config I applied under the access interface connected DSL aggregation link.
    Also below access radius config.
    I cannot see any radius auth message send from BNG.
    I think I need to bind the below interface group to vrf-provisioning.
    How can I do this?

    interface ae0
    apply-groups ACCESS
    !
    [edit group ACCESS]

    interfaces {

        <*> {

            hierarchical-scheduler;

            flexible-vlan-tagging;

            auto-configure {

                stacked-vlan-ranges {

                    dynamic-profile VLAN {

                        accept dhcp-v4;

                        ranges {

                            any,any;

                        }

                    }

                    authentication {

                        password xxx;

                        username-include {

                            option-82 circuit-id;

                        }

                    }

                    access-profile RADIUS;

                }

                remove-when-no-subscribers;

            }

    And access config like below:

    radius-server {

        10.10.10.38 {

            secret "$s;kf;lsdkfl;"; ## SECRET-DATA

            source-address 10.1.1.40;

            routing-instance vrf-provisioning;

        }

    }

    radius-disconnect {

        10.10.10.38 secret "$dasdasfa"; ## SECRET-DATA

    }

    profile RADIUS {

        accounting-order radius;

        authentication-order [ radius none ];

        radius {

            authentication-server 10.10.10.38;

            accounting-server 10.10.10.38;

            options {

                juniper-access-line-attributes;

            }

        }

        radius-server {

            10.10.10.38 {

                secret "$sdfsdfsdf"; ## SECRET-DATA

                source-address 10.1.1.40;

                routing-instance vrf-provisioning;

            }

        }

        accounting {

            order radius;

            coa-immediate-update;

            address-change-immediate-update;

            update-interval 30;

            statistics volume-time;

        }

    }



    ------------------------------
    UY
    ------------------------------