ON THIS PAGE
Example: Configuring Static LNS MLPPP Subscribers
This example shows how to configure static L2TP network server (LNS) multilink (MLPPP) subscribers.
Requirements
This example uses the following hardware and software components:
MX Series with MPC2s installed
Junos OS Release 13.3 or later
Before you configure static L2TP network server (LNS) multilink (MLPPP) subscribers, be sure you have:
Enabled the inline service (
si) interface for LNS subscribers. See Enabling Inline Service Interfaces for PPPoE and LNS Subscribers.Configured the inline service (
si) interface for LNS subscribers. See Configuring Inline Service Interface for PPPoE and LNS Subscribers.
Overview
An MLPPP subscriber consists of two IFLs (logical interfaces), a member link, and a bundle. For static MLPPP subscribers, you configure the member link and bundle statically. For static LNS MLPPP subscribers, you configure both member link and bundle IFLs manually. After you configure the subscriber’s interface using the family mlppp setting, before the member link IFL can start LCP (link control protocol) negotiation for an LNS, you must also fully configure the member link’s bundle IFL. Figure 1 shows how the different types of traffic traverse through a network where the MX Series device is acting as the LNS to terminate MLPPP bundles.
Topology
The following three domains are shown passing traffic through the LNS network:
PPP domain—Contains data and voice traffic
MLPPP domain—Contains data traffic only
L2TP domain—Contains all types of traffic
Configuration
To configure static L2TP network server (LNS) multilink (MLPPP) subscribers, perform these tasks:
- CLI Quick Configuration
- Configuring a Tunnel Group with Inline Service Interface and L2TP Access Profile Attributes
- Configuring a Static LNS Member Link IFL
- Configuring a Static Inline Services MLPPP Bundle IFL
- Results
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
[edit] set access profile ce-l2tp-profile1 client ce-lac-1 user-group-profile ce-lac-1-gp set access profile ce-l2tp-profile1 client ce-lac-1 l2tp lcp-renegotiation set access profile ce-l2tp-profile1 client ce-lac-1 l2tp maximum-sessions-per-tunnel 2000 set access profile ce-l2tp-profile1 client ce-lac-1 l2tp shared-secret “password” set access profile ce-l2tp-profile1 client ce-lac-1 l2tp multilink set services l2tp tunnel-group lns1 l2tp-access-profile ce-l2tp-profile1 set services l2tp tunnel-group lns1 aaa-access-profile ce-authenticator set services l2tp tunnel-group lns1 local-gateway address 10.1.1.2 set services l2tp tunnel-group lns1 service-interface si-1/0/0 [edit] set interfaces si-1/0/0.1 set interfaces si-1/0/0.1 dial-options l2tp-interface-id not used dedicated set interfaces si-1/0/0.1 family mlppp bundle si-5/1/0.100 set interfaces si-1/0/0.1 family inet unnumbered-address lo0.0 set interfaces si-1/0/0.2 set interfaces si-1/0/0.2 dial-options l2tp-interface-id not used dedicated set interfaces si-1/0/0.2 family mlppp bundle si-5/1/0.101 set interfaces si-1/0/0.2 family inet [edit] set interfaces si-5/0/0 unit 100 set interfaces si-5/0/0 unit 100 encapsulation multilink-ppp set interfaces si-5/0/0 unit 100 mrru 1500 set interfaces si-5/0/0 unit 100 fragment-threshold 640 set interfaces si-5/0/0 unit 100 short-sequence set interfaces si-5/0/0 unit 100 ppp-options dynamic-profile l2l3-service-prof
Configuring a Tunnel Group with Inline Service Interface and L2TP Access Profile Attributes
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy.
To configure a tunnel group with inline service interface (si) and L2TP access profile attributes for static LNS MLPPP subscribers:
Create the access profile.
[edit access]user@host#set profile ce-l2tp-profile1Configure an L2TP (LAC) access client.
[edit access profile ce-l2tp-profile1]user@host#set client ce-lac-1Associate a group profile containing PPP attributes to apply for the PPP sessions being tunneled from this LAC client.
[edit access profile ce-l2tp-profile1 client ce-lac1ce-lac1]user@host#set user-group-profile ce-lac-1-gpConfigure the following L2TP access profile attributes for this example:
Link control protocol (LCP) with the PPP client.
Maximum number of sessions allowed in a tunnel from the client (LAC).
Tunnel password used to authenticate the client (LAC).
L2TP client is MLPPP-capable for static subscribers. The
multilinkstatement determines whether MLPPP is supported for subscribers coming in from the LAC peer.
[edit access profile ce-l2tp-profile1 client ce-lac1ce-lac1]user@host#set l2tp lcp-renegotiationset l2tp maximum-sessions-per-tunnel 2000set l2tp shared-secret passwordset l2tp multilinkNote:Do not specify a dynamic profile name in the L2TP access client profile for static LNS MLPPP subscribers.
Create the tunnel group.
[edit services l2tp]user@host#set tunnel-group lns1Set the tunnel access profile equal to the setting you defined for the access profile.
[edit services l2tp tunnel-group lns1]user@host#set l2tp-access-profile ce-l2tp-profile1Set the L2TP AAA access profile.
Note:You can specify the L2TP AAA access profile at either the
[edit access]or[edit services]hierarchy levels, using the LNS access client profile ortunnel-groupstatements, respectively. An L2TP AAA access profile defined using the[edit access]hierarchy level overrides the L2TP AAA access profile defined for thetunnel-groupusing the[edit services]hierarchy level.[edit services l2tp tunnel-group lns1]user@host#set aaa-access-profile ce-authenticatorSet the local gateway address for the L2TP tunnel.
[edit services l2tp tunnel-group lns1]user@host#set local-gateway address 10.1.1.2Specify the inline services interface (
si) for the static LNS MLPPP subscribers.[edit services l2tp tunnel-group lns1]user@host#set service-interface si-1/0/0If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Configuring a Static LNS Member Link IFL
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy.
To configure the static LNS member link IFL, you specify the static bundle using the family mlppp statement.
You must also configure the family inet statement in the subscriber (si) interface. The family inet setting enables the L2TP long route to be installed and supported for the lookup engine to steer control packets to the Routing Engine; and also enables mixed mode support, if required.
The following example shows that both PPP and MLPPP subscribers can log in successfully using the si-1/0/0.1 interface, whereas only MLPPP subscribers can log in successfully using the si-1/0/0.2 interface.
Create the
si-1/0/0.1andsi-1/0/0.2interfaces.[edit interfaces]user@host#set si-1/0/0.1set si-1/0/0.2For the
si-1/0/0.1interface, set the L2TP dial options to specify that the logical interface can host one session at a time (dedicated).[edit interfaces si-1/0/0.1]user@host#set dial-options l2tp-interface-id not used dedicatedEnable MLPPP support and configure the static bundle inline interface (IFL).
[edit interfaces si-1/0/0.1]user@host#set family mlppp bundle si-5/1/0.100Enable LNS support and mixed mode support.
[edit interfaces si-1/0/0.1]user@host#set family inet unnumbered-address lo0.0For the
si-1/0/0.2interface, set the L2TP dial options to specify that the logical interface can host one session at a time (dedicated).[edit interfaces si-1/0/0.2]user@host#set dial-options l2tp-interface-id not used dedicatedEnable MLPPP support and configure the static bundle inline interface (IFL).
[edit interfaces si-1/0/0.2]user@host#set family mlppp bundle si-5/1/0.101Enable LNS long route support.
[edit interfaces si-1/0/0.2]user@host#set family inetIf you are done configuring the device, commit the configuration.
[edit] user@host# commit
Configuring a Static Inline Services MLPPP Bundle IFL
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy.
To configure the static inline services (si) interface MLPPP bundle IFL, you specify the encapsulation multilink-ppp statement within the si interface. The si interface anchors the bundle interface.
You can also set these optional MLPPP parameters: MRRU, short sequence, and fragment-threshold. The following example shows how to configure the static (si) interface MLPPP bundle IFL.
Create the static (
si) interface MLPPP bundle IFLsi-5/0/0with a unit of 100.[edit interfaces]user@host#set si-5/0/0 unit 100Configure the
encapsulation multilink-pppstatement to enable MLPPP bundling for thesi-5/0/0.100interface.[edit interfaces si-5/0/0.100]user@host#set encapsulation multilink-pppConfigure the following MLPPP options for this example:
mrru—Specifies the maximum received reconstructed unit value ranging from 1500 through 4500 bytes.fragment-threshold—Applies to all packets and forwarding classes, ranging from 128 through 16,320 bytes.short-sequence—Determines the header format for the MLPPP. Default islong-sequence.
[edit interfaces si-5/0/0.100]user@host#set mrru 1500set fragment-threshold 640set short-sequenceEnable support for static (
si) interface IFL dynamic services by configuring theppp-options dynamic profilesetting.[edit interfaces si-5/0/0.100]user@host#set ppp-options dynamic-profile l2l3-service-profIf you are done configuring the device, commit the configuration.
[edit] user@host# commit
Results
From configuration mode, confirm your configuration by entering the show access, show services, and show interfaces commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
user@host# show access profile ce-l2tp-profile1
access profile {
ce-l2tp-profile1 {
client ce-lac-1 {
user-group-profile ce-lac-1-gp;
l2tp {
interface-id not-used;
lcp-renegotiation;
maximum-sessions-per-tunnel 2000;
shared-secret "$9$2wgUHQF/9pB";
multilink;
}
}
}
}user@host# show services l2tp tunnel-group lns1
services l2tp {
tunnel-group lns1 {
l2tp-access-profile ce-l2tp-profile1;
aaa-access-profile ce-authenticator;
local-gateway {
address 10.1.1.2;
}
service-interface si-1/0/0;
}
}user@host# show interfaces si-1/0/0
interfaces {
si-1/0/0 {
unit 1 {
dial-options {
l2tp-interface-id not-used;
dedicated;
}
family mlppp {
bundle si-5/1/0.100;
}
family inet {
unnumbered-address lo0.0;
}
}
unit 2 {
dial-options {
l2tp-interface-id not-used;
dedicated;
}
family mlppp {
bundle si-5/1/0.101;
}
family inet;
}
}
}user@host# show interfaces si-5/1/0
interfaces {
si-5/1/0 {
unit 100 {
encapsulation multilink-ppp;
mrru 1500;
fragment-threshold 640;
short-sequence;
ppp-options {
dynamic-profile l2l3-service-prof;
}
}
}
}Verification
Confirm that the configuration is working properly.
- Verifying the Inline Services Interface Information
- Verifying the Bundle IFL Information
- Verifying the Member Link IFL Information
- Verifying the Subscriber Information
Verifying the Inline Services Interface Information
Purpose
Verify that the inline services (si) interface is configured.
Action
user@host> show interfaces si-1/0/0 extensive
Physical interface: si-1/0/0, Enabled, Physical link is Up
Interface index: 143, SNMP ifIndex: 569, Generation: 146
Type: Adaptive-Services, Link-level type: Adaptive-Services, MTU: 9192,
Clocking: Unspecified, Speed: 10000mbps
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: Unspecified, Hardware address: Unspecified
Alternate link address: Unspecified
Last flapped : Never
Statistics last cleared: Never
Traffic statistics:
Input bytes : 6068 0 bps
Output bytes : 1072104 352 bps
Input packets: 126 0 pps
Output packets: 12185 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,
Policed discards: 0, Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0,
Resource errors: 0
Meaning
The (si) interface is enabled with its physical link up and running with Point-to-Point interface flags set. It is shared between LNS subscribers, LNS MLPPP member links, and MX Series MLPPP bundles.
Verifying the Bundle IFL Information
Purpose
Verify that the bundle IFL information is correct for MLPPP over LNS subscribers.
Action
user@host> show interfaces si-5/1/0.1073756926 extensive
Logical interface si-5/1/0.1073756926 (Index 102) (SNMP ifIndex 607)
(Generation 167)
Flags: Up Point-To-Point SNMP-Traps 0x84000 Encapsulation: Multilink-PPP
Last flapped: 2011-04-08 14:13:21 PDT (00:41:48 ago)
Bandwidth: 10000mbps
Bundle links information:
Active bundle links 1
Removed bundle links 0
Disabled bundle links 0
Bundle options:
MRRU 1504
Remote MRRU 1504
Drop timer period 0
Inner PPP Protocol field compression disabled
Sequence number format long (24 bits)
Fragmentation threshold 500
Links needed to sustain bundle 1
Interleave fragments Enabled
Multilink classes 0
Link layer overhead 4.0 %
Bundle status:
Received sequence number 0xffffff
Transmit sequence number 0xffffff
Packet drops 0 (0 bytes)
Fragment drops 0 (0 bytes)
MRRU exceeded 0
Fragment timeout 0
Missing sequence number 0
Out-of-order sequence number 0
Out-of-range sequence number 0
Packet data buffer overflow 0
Fragment data buffer overflow 0
Statistics Frames fps Bytes bps
Bundle:
Multilink:
Input : 3 0 270 0
Output: 3 0 285 0
Network:
Input : 3 0 252 0
Output: 3 0 276 0
IPV6 Transit Statistics Packets Bytes
Network:
Input : 0 0
Output: 0 0
Link:
si-1/0/0.1073756925
Up time: 00:06:37
Input : 126 0 9596 0
Output: 126 0 1226 0
Multilink detail statistics:
Bundle:
Fragments:
Input : 0 0 0 0
Output: 0 0 0 0
Non-fragments:
Input : 0 0 0 0
Output: 0 0 0 0
LFI:
Input : 0 0 0 0
Output: 0 0 0 0
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
Protocol inet, MTU: 1500, Generation: 154, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Primary
Destination: Unspecified, Local: 80.80.80.1, Broadcast: Unspecified, Generation: 150Meaning
Due to the particulars of implementation, the following error counts associated with a bundle always display 0: packet drops (bytes), fragment drops (bytes), fragment timeout, missing sequence number, out-of-order sequence number, out-of-range sequence number, packet data buffer overflow and fragment data buffer overflow, and MRRU exceeded.
Verifying the Member Link IFL Information
Purpose
Verify that the member link IFL information is correct for subscribers.
Action
user@host> show interfaces si-1/0/0.1073756925 extensive
Logical interface si-5/1/0.1073756925 (Index 80) (SNMP ifIndex 3286)
Flags: Up Point-To-Point SNMP-Traps 0x4000 Encapsulation: Adaptive-Services
Last flapped: 2011-04-08 14:13:21 PDT (00:41:48 ago)
Traffic statistics:
Input bytes : 228
Output bytes : 0
Input packets: 3
Output packets: 0
Local statistics:
Input bytes : 228
Output bytes : 0
Input packets: 3
Output packets: 0
Transit statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Protocol mlppp, Multilink bundle: si-5/1/0.1073756926
Service interface: si-1/0/0, Dynamic profile: ml-bundle-prof
MTU: 9188, Generation: 15538, Route table: 0
Meaning
Multilink bundle si-5/1/0.1073756926 has been configured using the family mlppp protocol.
Verifying the Subscriber Information
Purpose
Verify that the subscriber information for static MLPPP over LNS is correct.
Action
user@host> show subscribers extensive
Type: L2TP
User Name: user@test.com
IP Address: 10.80.80.10
IP Netmask: 255.255.255.0
Logical System: default
Routing Instance: default
Interface: si-1/0/0.1
Interface type: Static
State: Active
Radius Accounting ID: 1
Session ID: 1
Bundle Session ID: 2
Login Time: 2011-04-11 07:55:59 PDT
Type: MLPPP
User Name: user@test.com
IP Address: 10.80.80.10
IP Netmask: 255.255.255.0
Logical System: default
Routing Instance: default
Interface: si-5/1/0.100
Interface type: Static
State: Active
Radius Accounting ID: 2
Session ID: 2
Underlying Session ID: 1
Login Time: 2011-04-11 07:55:59 PDT
Meaning
Subscriber information for interface si-5/1/0.100 has been configured for MLPPP with interface type of static.