Storage and Reporting of Interface Descriptions to Uniquely Identify Subscribers
Interface Description Storage and Reporting Overview
You can configure Junos OS to store subscriber access interface descriptions and report the interface description through RADIUS. This capability enables you to uniquely identify subscribers on a particular logical or physical interface. When you enable storing of the interface descriptions, RADIUS requests include the interface description in VSA 26-63, if the subscriber’s access interface has been configured with an interface description. All interface descriptions must be statically configured using the Junos OS CLI. Storing and reporting of interface descriptions is supported for DHCP, PPP, and authenticated dynamic VLANS, and applies to any client session that either authenticates or uses the RADIUS accounting service. The description can contain letters, numbers, and hyphens (-), and can be up to 64 characters long.
- Interface Description Precedence
- Example: Reporting Interface Descriptions on Non-Underlying Logical Interfaces
- Reporting Interface Descriptions on Underlying Logical Interfaces
- Example: PPP over an Underlying VLAN Demux Interface
- Example: Reporting Interface Descriptions on Dynamic VLANs
Interface Description Precedence
The interface description sent in the VSA depends on the configured interface. Two configuration models apply across topologies and protocols for subscriber management.
Subscriber logical interface directly over a physical interface (non-underlying logical interfaces).
Subscriber logical interface over an underlying logical interface and physical interface.
In both models, Junos OS selects the interface description to report based on order of precedence. Interfaces not configured with interface descriptions are excluded when selecting an interface by precedence. If no interface description is configured on any of the static interfaces in the subscriber interface hierarchy, VSA 26-63 is not sent in any of the RADIUS messages.
For aggregated Ethernet physical interfaces, the interface description on the aggregated Ethernet interface, for example AE0 or AE1, serves as the physical interface description.
If the subscriber’s access is a combination of dynamic and static interfaces, Junos OS uses the description on the static interface.
Example: Reporting Interface Descriptions on Non-Underlying Logical Interfaces
This topic shows an example of subscriber access with non-underlying logical interfaces. In this case, the logical interface can be a VLAN or a VLAN demux interface. This example shows a DHCP subscriber logical interface over a VLAN without a demux interface. For non-underlying interfaces, Junos OS selects which interface description to report based on the following order of precedence:
Logical interface description
Physical interface description
Based on the order of precedence that Junos OS uses to select the interface description for non-underlying interfaces, Junos OS reports subscriber_ifl_descr as the interface description.
system {
services {
dhcp-local-server {
group LSG1 {
authentication {
password $ABC123;
username-include {
user-prefix rich;
}
}
}
interface ge-1/0/0.100;
}
}
}
}
interfaces {
ge-1/0/0 {
description subscriber_ifd_descr;
vlan-tagging;
unit 100 {
description subscriber_ifl_descr;
vlan-id 100;
family inet {
unnumbered-address lo0.0 preferred-source-address 198.51.100.20;
}
}
}
}
Reporting Interface Descriptions on Underlying Logical Interfaces
Underlying logical interfaces can apply to both DHCP and PPP.
For DHCP, Junos OS selects which interface description to report based on the following order of precedence:
Underlying logical interface description
Underlying physical interface description
For DHCP, Junos OS does not report the IP demux logical interface description.
For PPP over an underlying VLAN or VLAN demux interface, Junos OS selects which interface description to report based on the following order of precedence:
PPP interface description
Underlying VLAN without a demux interface or VLAN demux logical interface description
Underlying physical interface description
Example: PPP over an Underlying VLAN Demux Interface
The following example shows a PPP subscriber over an underlying VLAN demux interface. This configuration includes three possible interface descriptions. Based on the order of precedence that Junos OS uses to select the interface description for PPP, the interface description is reported as subscriber_ppp_ifl_descr_0.
interfaces {
ge-1/0/0 {
description subscriber_ifd_descr;
hierarchical-scheduler maximum-hierarchy-levels 2;
flexible-vlan-tagging;
}
demux0 {
unit 0 {
vlan-tags outer 1 inner 1;
description subscriber_under_ifl_descr_1_1;
demux-options {
underlying-interface ge-1/0/0;
}
family pppoe {
duplicate-protection;
}
}
unit 1 {
vlan-tags outer 1 inner 2;
description subscriber_under_ifl_descr_1_2;
demux-options {
underlying-interface ge-1/0/0;
}
family pppoe {
duplicate-protection;
}
}
}
pp0 {
unit 0 {
description subscriber_ppp_ifl_descr_0;
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface demux0.0;
server;
}
}
unit 1 {
description subscriber_ppp_ifl_descr_1;
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface demux0.1;
server;
}
}
}
}
Example: Reporting Interface Descriptions on Dynamic VLANs
If you create dynamic VLANs with authentication, Junos OS reports the interface description on the physical interface. In the following example, dynamic VLANs created over the ge-1/2/0 interface are authenticated with an interface description of ge-1/2/0-bos-mktg-group.
ge-1/2/0 {
description ge-1/2/0-bos-mktg-group;
flexible-vlan-tagging;
auto-configure {
vlan-ranges {
dynamic-profile vlan-prof {
accept inet;
ranges {
any;
}
}
authentication {
password $ABC123;
username-include {
user-prefix rich;
}
}
}
}
}
Interface Description Storage and Reporting Configuration
To enable or disable storage and reporting of interface descriptions:
Enable storing and reporting of interface descriptions.
[edit access] user@host# set report-interface-descriptions
Disable storing and reporting of interface descriptions per RADIUS message type.
[edit access profile profile-name radius attributes] user@host# set exclude interface-description [ access-request | accounting-start | accounting-stop ]