Розбіжності
Тут показані розбіжності між вибраною ревізією та поточною версією сторінки.
Порівняння попередніх версій Попередня ревізія Наступна ревізія | Попередня ревізія | ||
juniper:mx_bras [09/07/2022 13:21] – [access-profile IPOE_QINQ] Method | juniper:mx_bras [18/06/2023 21:52] (поточний) – Method | ||
---|---|---|---|
Рядок 1: | Рядок 1: | ||
- | ====== | + | {{tag>Juniper |
- | В даному розділі буду описувати свій досвід налаштування Juniper MX в ролі [[https:// | + | |
- | На моїй практиці були налаштовані Juniper MX80 MX104 MX960, на останній моделі зупинились (провайдер на якого я працюю), | ||
===== DHCP server ===== | ===== DHCP server ===== | ||
Рядок 22: | Рядок 20: | ||
set system services dhcp-local-server group IPOE_QINQ authentication username-include mac-address | set system services dhcp-local-server group IPOE_QINQ authentication username-include mac-address | ||
set system services dhcp-local-server group IPOE_QINQ authentication username-include vlan-tags | set system services dhcp-local-server group IPOE_QINQ authentication username-include vlan-tags | ||
- | set system services dhcp-local-server group IPOE_QINQ liveness-detection failure-action clear-binding | ||
- | set system services dhcp-local-server group IPOE_QINQ liveness-detection method layer2-liveness-detection transmit-interval 300 | ||
- | set system services dhcp-local-server group IPOE_QINQ liveness-detection method layer2-liveness-detection max-consecutive-retries 3 | ||
set system services dhcp-local-server group IPOE_QINQ reconfigure clear-on-abort | set system services dhcp-local-server group IPOE_QINQ reconfigure clear-on-abort | ||
set system services dhcp-local-server group IPOE_QINQ reconfigure attempts 5 | set system services dhcp-local-server group IPOE_QINQ reconfigure attempts 5 | ||
Рядок 133: | Рядок 128: | ||
===== DHCP_SVLAN ===== | ===== DHCP_SVLAN ===== | ||
+ | |||
+ | < | ||
+ | set access profile RADIUS_SVLAN accounting-order radius | ||
+ | set access profile RADIUS_SVLAN authentication-order radius | ||
+ | set access profile RADIUS_SVLAN radius authentication-server 172.20.20.1 | ||
+ | set access profile RADIUS_SVLAN radius accounting-server 172.20.20.1 | ||
+ | set access profile RADIUS_SVLAN radius options calling-station-id-delimiter * | ||
+ | set access profile RADIUS_SVLAN radius options calling-station-id-format mac-address | ||
+ | set access profile RADIUS_SVLAN radius options calling-station-id-format stacked-vlan | ||
+ | set access profile RADIUS_SVLAN radius options calling-station-id-format vlan | ||
+ | set access profile RADIUS_SVLAN radius options accounting-session-id-format decimal | ||
+ | set access profile RADIUS_SVLAN radius options client-authentication-algorithm round-robin | ||
+ | set access profile RADIUS_SVLAN radius options client-accounting-algorithm round-robin | ||
+ | set access profile RADIUS_SVLAN accounting order radius | ||
+ | set access profile RADIUS_SVLAN accounting immediate-update | ||
+ | set access profile RADIUS_SVLAN accounting coa-immediate-update | ||
+ | set access profile RADIUS_SVLAN accounting address-change-immediate-update | ||
+ | set access profile RADIUS_SVLAN accounting update-interval 10 | ||
+ | set access profile RADIUS_SVLAN accounting statistics volume-time | ||
+ | set access profile RADIUS_SVLAN accounting wait-for-acct-on-ack | ||
+ | set access profile RADIUS_SVLAN accounting send-acct-status-on-config-change | ||
+ | </ | ||
+ | |||
< | < | ||
set dynamic-profiles CLIENTS_SVLAN routing-instances " | set dynamic-profiles CLIENTS_SVLAN routing-instances " | ||
Рядок 139: | Рядок 157: | ||
set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | ||
set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | ||
- | set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | + | ### dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " |
- | deactivate | + | |
set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | ||
set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | ||
set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit " | ||
- | < | ||
</ | </ | ||
+ | < | ||
set system services dhcp-local-server pool-match-order external-authority | set system services dhcp-local-server pool-match-order external-authority | ||
set system services dhcp-local-server pool-match-order ip-address-first | set system services dhcp-local-server pool-match-order ip-address-first | ||
Рядок 157: | Рядок 174: | ||
set system services dhcp-local-server group DHCP_SVLAN reconfigure timeout 5 | set system services dhcp-local-server group DHCP_SVLAN reconfigure timeout 5 | ||
set system services dhcp-local-server group DHCP_SVLAN reconfigure token mx104_0 | set system services dhcp-local-server group DHCP_SVLAN reconfigure token mx104_0 | ||
- | set system services dhcp-local-server group DHCP_SVLAN overrides client-discover-match incoming-interface | + | ### system services dhcp-local-server group DHCP_SVLAN overrides client-discover-match incoming-interface |
set system services dhcp-local-server group DHCP_SVLAN dynamic-profile CLIENTS_SVLAN | set system services dhcp-local-server group DHCP_SVLAN dynamic-profile CLIENTS_SVLAN | ||
set system services dhcp-local-server group DHCP_SVLAN access-profile RADIUS_SVLAN | set system services dhcp-local-server group DHCP_SVLAN access-profile RADIUS_SVLAN |