Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

address-protection

Syntax

Hierarchy Level

Description

Prevent IPv4 addresses and IPv6 prefixes from being assigned to more than one subscriber session when you use AAA to supply IPv4 addresses.

For IPv4:

If enabled, the router checks the following attributes received from external servers:

  • Framed-IP-Address

  • Framed-Pool

The router then takes one of the following actions:

  • If an address matches an address in an address pool, the address is taken from the pool, provided it is available.

  • If the address is already in use, it is rejected as unavailable.

For IPv6:

If enabled, the router checks the following attributes received from external servers:

  • Framed-IPv6-Prefix

  • Framed-IPv6-Pool

The router then takes one of the following actions:

  • If a prefix matches a prefix in an address pool, the prefix is taken from the pool, provided it is available.

  • If the prefix is already in use, it is rejected as unavailable.

  • If the prefix length requested from the external server does not exactly match the pool’s prefix length, the authentication request is denied. If configured, the Acct-Stop message includes the cause for termination.

Options

reassign-on-match

Enable reassignment of an address from an existing subscriber to a new subscriber requesting that address. The address in use must not be part of a locally configured pool and address protection must be enabled. The request from the new subscriber is still rejected, but the existing subscriber is sent a disconnect request to begin the logout process. This enables the new subscriber to renegotiate and be assigned that IP address.

If the requested address is in a locally configured pool, the existing subscriber is not disconnected.

Note:

This option is not supported for IPv6.

  • Default: Rejects the address request from the new subscriber; the existing subscriber remains intact with the IP address.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.2.

reassign-on-match option added in Junos OS Release 18.4R1.

Related Documentation