Показати сторінкуСтарі ревізіїПосилання сюдиЕкспорт до PDFПовернутися наверх Ця сторінка доступна тільки для перегляду. Ви можете продивитися вихідний текст, але не можете змінювати його. Якщо ви вважаєте, що це не вірно, зверніться до адміністратора. {{tag>Juniper }} ===== DHCP server ===== Глобальні налаштування DHCP сервера <code> set system services dhcp-local-server pool-match-order external-authority set system services dhcp-local-server pool-match-order ip-address-first set system services dhcp-local-server no-stale-timer-refresh set system services dhcp-local-server stale-timer 30 </code> ==== QinQ DHCP server ==== Наступний блок це власне налаштування DHCP сервера. Рекомендую зразу записувати різні кейси в окремі групи - так легше розуміти <code> set system services dhcp-local-server group IPOE_QINQ authentication password PROVIDER set system services dhcp-local-server group IPOE_QINQ authentication username-include delimiter "|" set system services dhcp-local-server group IPOE_QINQ authentication username-include user-prefix IPOE_QINQ set system services dhcp-local-server group IPOE_QINQ authentication username-include mac-address set system services dhcp-local-server group IPOE_QINQ authentication username-include vlan-tags set system services dhcp-local-server group IPOE_QINQ reconfigure clear-on-abort set system services dhcp-local-server group IPOE_QINQ reconfigure attempts 5 set system services dhcp-local-server group IPOE_QINQ reconfigure timeout 5 set system services dhcp-local-server group IPOE_QINQ reconfigure token mx960_0 set system services dhcp-local-server group IPOE_QINQ overrides client-discover-match incoming-interface set system services dhcp-local-server group IPOE_QINQ dynamic-profile dhcp-profile set system services dhcp-local-server group IPOE_QINQ access-profile IPOE_QINQ set system services dhcp-local-server group IPOE_QINQ interface ae1.0 </code> в даному блоці є 3 змінні без яких нічого не запрацює: * dynamic-profile dhcp-profile * access-profile IPOE_QINQ * interface ae1.0 їх треба описати ==== dynamic-profile dhcp-profile ==== <code> set dynamic-profiles dhcp-profile routing-instances "$junos-routing-instance" interface "$junos-interface-name" set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" actual-transit-statistics set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" no-traps set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" proxy-arp set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface" set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" targeted-distribution set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address set dynamic-profiles dhcp-profile interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" </code> ==== access-profile IPOE_QINQ ==== <code> set access profile IPOE_QINQ accounting-order radius set access profile IPOE_QINQ authentication-order radius set access profile IPOE_QINQ domain-name-server 10.10.10.5 set access profile IPOE_QINQ domain-name-server 10.10.10.6 set access profile IPOE_QINQ radius authentication-server 10.10.10.7 set access profile IPOE_QINQ radius accounting-server 10.10.10.7 set access profile IPOE_QINQ radius options calling-station-id-delimiter * set access profile IPOE_QINQ radius options calling-station-id-format mac-address set access profile IPOE_QINQ radius options calling-station-id-format stacked-vlan set access profile IPOE_QINQ radius options calling-station-id-format vlan set access profile IPOE_QINQ radius options accounting-session-id-format decimal set access profile IPOE_QINQ radius options client-authentication-algorithm round-robin set access profile IPOE_QINQ radius options client-accounting-algorithm round-robin set access profile IPOE_QINQ accounting order radius set access profile IPOE_QINQ accounting immediate-update set access profile IPOE_QINQ accounting coa-immediate-update set access profile IPOE_QINQ accounting address-change-immediate-update set access profile IPOE_QINQ accounting update-interval 10 set access profile IPOE_QINQ accounting statistics volume-time set access profile IPOE_QINQ accounting wait-for-acct-on-ack set access profile IPOE_QINQ accounting send-acct-status-on-config-change </code> <code> set access radius-server 10.10.10.7 port 1812 set access radius-server 10.10.10.7 accounting-port 1813 set access radius-server 10.10.10.7 dynamic-request-port 3799 set access radius-server 10.10.10.7 secret "superhardpass:)" set access radius-server 10.10.10.7 retry 3 set access radius-server 10.10.10.7 accounting-retry 3 set access radius-server 10.10.10.7 max-outstanding-requests 2000 set access radius-server 10.10.10.7 source-address **.**.***.2 </code> Всі пули іп адрес, які можуть бути видані абоненту потрібно описати наступним чином <code> set access address-assignment pool cvlan10_128-17 family inet network 10.10.128.0/17 set access address-assignment pool cvlan10_128-17 family inet range ip low 10.10.128.11 set access address-assignment pool cvlan10_128-17 family inet range ip high 10.10.255.254 set access address-assignment pool cvlan10_128-17 family inet dhcp-attributes maximum-lease-time 10000 set access address-assignment pool cvlan10_128-17 family inet dhcp-attributes grace-period 100 set access address-assignment pool cvlan10_128-17 family inet dhcp-attributes router 10.10.128.2 ### access address-assignment pool cvlan10_128-17 family inet dhcp-attributes option 43 hex-string 010400000002 set interfaces lo0 unit 0 family inet address 10.10.128.2/32 </code> перші 10 іп з кожного пулу я резервую для майбутніх БРАСів. В мене використовується QinQ технологія, тому немає сенсу робити пули меншими - описую весь пул за раз. <code> set interfaces ae1 description ae1 set interfaces ae1 flexible-vlan-tagging set interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile Auto-VLAN-Stacked-Demux accept dhcp-v4 ### interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile Auto-VLAN-Stacked-Demux accept pppoe set interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile Auto-VLAN-Stacked-Demux ranges 501-515,any set interfaces ae1 auto-configure remove-when-no-subscribers set interfaces ae1 mtu 9216 set interfaces ae1 encapsulation flexible-ethernet-services set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast </code> <code> set dynamic-profiles Auto-VLAN-Stacked-Demux routing-instances "$junos-routing-instance" interface "$junos-interface-name" set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" no-traps set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" proxy-arp set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id" set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id" set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name" set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" family inet mac-validate strict set dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" ### dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" family pppoe access-concentrator PPPoE-Server ### dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection ### dynamic-profiles Auto-VLAN-Stacked-Demux interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile PP0 </code> ### - не хороша ідея на одному влані тримати і pppoe і dhcp абонів - dual-access на роутерах вам почнуть снитись в страшних снах ===== DHCP_SVLAN ===== <code> set access profile RADIUS_SVLAN accounting-order radius set access profile RADIUS_SVLAN authentication-order radius set access profile RADIUS_SVLAN radius authentication-server 172.20.20.1 set access profile RADIUS_SVLAN radius accounting-server 172.20.20.1 set access profile RADIUS_SVLAN radius options calling-station-id-delimiter * set access profile RADIUS_SVLAN radius options calling-station-id-format mac-address set access profile RADIUS_SVLAN radius options calling-station-id-format stacked-vlan set access profile RADIUS_SVLAN radius options calling-station-id-format vlan set access profile RADIUS_SVLAN radius options accounting-session-id-format decimal set access profile RADIUS_SVLAN radius options client-authentication-algorithm round-robin set access profile RADIUS_SVLAN radius options client-accounting-algorithm round-robin set access profile RADIUS_SVLAN accounting order radius set access profile RADIUS_SVLAN accounting immediate-update set access profile RADIUS_SVLAN accounting coa-immediate-update set access profile RADIUS_SVLAN accounting address-change-immediate-update set access profile RADIUS_SVLAN accounting update-interval 10 set access profile RADIUS_SVLAN accounting statistics volume-time set access profile RADIUS_SVLAN accounting wait-for-acct-on-ack set access profile RADIUS_SVLAN accounting send-acct-status-on-config-change </code> <code> set dynamic-profiles CLIENTS_SVLAN routing-instances "$junos-routing-instance" interface "$junos-interface-name" set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" actual-transit-statistics set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" no-traps set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" proxy-arp set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface" ### dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" targeted-distribution set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" set dynamic-profiles CLIENTS_SVLAN interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address preferred-source-address $junos-preferred-source-address </code> <code> set system services dhcp-local-server pool-match-order external-authority set system services dhcp-local-server pool-match-order ip-address-first set system services dhcp-local-server group DHCP_SVLAN authentication password IPoE-Pool set system services dhcp-local-server group DHCP_SVLAN authentication username-include delimiter "|" set system services dhcp-local-server group DHCP_SVLAN authentication username-include user-prefix IPOE_SVLAN set system services dhcp-local-server group DHCP_SVLAN authentication username-include mac-address set system services dhcp-local-server group DHCP_SVLAN authentication username-include vlan-tags set system services dhcp-local-server group DHCP_SVLAN reconfigure clear-on-abort set system services dhcp-local-server group DHCP_SVLAN reconfigure attempts 5 set system services dhcp-local-server group DHCP_SVLAN reconfigure timeout 5 set system services dhcp-local-server group DHCP_SVLAN reconfigure token mx104_0 ### system services dhcp-local-server group DHCP_SVLAN overrides client-discover-match incoming-interface set system services dhcp-local-server group DHCP_SVLAN dynamic-profile CLIENTS_SVLAN set system services dhcp-local-server group DHCP_SVLAN access-profile RADIUS_SVLAN set system services dhcp-local-server group DHCP_SVLAN interface demux0.802 set system services dhcp-local-server no-stale-timer-refresh set system services dhcp-local-server stale-timer 30 </code> Увійти