- play_arrow Overview
- play_arrow Migrate Subscribers from BNG to AGF
- play_arrow Configuration Statements and Operational Commands
Configure PPP Support for AGF
This example describes how to configure the Access Gateway Function (AGF) to support a subscriber using Point-to-Point Protocol over Ethernet (PPPoE) for authentication.
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the
[edit] hierarchy level.
set dynamic-profiles autoconf-vlan-demux routing-instances "$junos-routing-instance" interface "$junos-interface-name" any set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options chap set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options pap set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options aaa-options nas-5g-access-options set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options server set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" no-keepalives set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface" set access profile NAS-5G-AGF authentication-order nas-5g set access nas-5g max-outstanding-requests 1000 set access nas-5g request-retry 3 set access nas-5g timeout 30 set access aaa-options NAS-5G-ACCESS-OPTIONS access-profile NAS-5G-AGF set access aaa-options NAS-5G-ACCESS-OPTIONS aaa-context AMF-RI set access aaa-options NAS-5G-ACCESS-OPTIONS subscriber-context UE-RI-1 set access domain map DOMAIN1.COM aaa-routing-instance AMF-RI set access domain map DOMAIN1.COM access-profile nas-5g-agf set access domain map DOMAIN1.COM target-routing-instance UE-RI-1 set routing-instances UE-RI-1 instance-type virtual-router set routing-instances UE-RI-1 interface xe-2/0/1.3 set routing-instances UE-RI-1 interface lo0.1
Step-by-Step Procedure
Configure the dynamic profile for the Point-to-Point Protocol (PPP) subscriber.
content_copy zoom_out_map[edit] user@host# set dynamic-profiles autoconf-vlan-demux routing-instances "$junos-routing-instance" interface "$junos-interface-name" any user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options chap user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options pap user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" ppp-options aaa-options nas-5g-access-options user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface" user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" pppoe-options server user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" no-keepalives user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface" user@host# set dynamic-profiles autoconf-vlan-demux interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
Set the access authentication method for the subscriber group to use Non-Access Stratum (NAS) signaling.
content_copy zoom_out_map[edit] user@host# set access profile NAS-5G-AGF authentication-order nas-5g
Configure the following options for NAS signaling between the AGF and the AMF.
Maximum number of outstanding request—The number of unanswered request messages from the AMF.
Number of retries—The number of attempts for a registration or deregistration request .
Timeout—The duration that the AGF waits for a response from the AMF.
content_copy zoom_out_map[edit] user@host# set access nas-5g max-outstanding-requests 1000 user@host# set access nas-5g request-retry 3 user@host# set access nas-5g timeout 30
Define the profile with a set of AAA options for the PPP subscriber by performing the following steps:
Create the access profile (
access-profile) for the subscriber group.- Specify the logical-system:routing-instance (LS:RI) that the subscriber session uses for AAA (RADIUS) interactions.
- Specify the LS:RI where the subscriber interface is placed. In this case, we are using the default routing instance.
content_copy zoom_out_map[edit] user@host# set access aaa-options NAS-5G-ACCESS-OPTIONS access-profile NAS-5G-AGF user@host# set access aaa-options NAS-5G-ACCESS-OPTIONS aaa-context AMF-RI user@host# set access aaa-options NAS-5G-ACCESS-OPTIONS subscriber-context UE-RI-1
Alternatively, you can create a domain map and apply the domain map to the access profile.
content_copy zoom_out_map[edit] user@host# set access domain map DOMAIN1.COM aaa-routing-instance AMF-RI user@host# set access domain map DOMAIN1.COM access-profile NAS-5G-AGF user@host# set access domain map DOMAIN1.COM target-routing-instance UE-RI-1
Configure the routing instance.
content_copy zoom_out_map[edit] user@host# set routing-instances UE-RI-1 instance-type virtual-router user@host# set routing-instances UE-RI-1 interface xe-2/0/1.3 user@host# set routing-instances UE-RI-1 interface lo0.1
For more information on PPP Subscribers, see PPP Subscriber Access Networks Overview
