ON THIS PAGE
Example: Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE
This example uses DHCPv6 IA_NA and DHCPv6 prefix delegation in your subscriber access network as follows:
DHCPv6 IA_NA is used to assign a global IPv6 address on the WAN link. The address can come from a local pool or AAA RADIUS.
DHCPv6 prefix delegation is used for host device addressing. The delegated prefix can come from a local pool or from AAA RADIUS. The CPE uses the delegated prefix for subscriber addressing. The CPE can use NDRA or DHCPv6 to allocate IPv6 addresses on the LAN.
Requirements
This example uses the following hardware and software components:
MX Series 3D Universal Edge Router
Junos OS Release 11.4 or later
This configuration example has been tested using the software release listed and is assumed to work on all later releases.
Overview
This design uses DHCPv6 IA_NA and DHCPv6 prefix delegation in your subscriber access network as follows:
The access network is PPPoE.
DHCPv6 IA_NA is used to assign a global IPv6 address on the WAN link. The address comes from a local pool that is specified using AAA RADIUS.
DHCPv6 prefix delegation is used for subscriber LAN addressing. It uses a delegated prefix from a local pool that is specified by AAA RADIUS.
DHCPv4 is used for subscriber LAN addressing.
DHCPv6 subscriber sessions are layered over an underlying PPPoE subscriber session.
Topology
Table 1 describes the configuration components used in this example.
Configuration Component |
Component Name |
Purpose |
|---|---|---|
Dynamic profile |
pppoe-subscriber-profile |
Profile that creates a PPPoE logical interface when the subscriber logs in. |
Interfaces |
ge-0/2/5 |
Interface used for communication with the RADIUS server. |
ge-0/3/0 |
Underlying Ethernet interface. |
|
demux0 |
VLAN demux interface that runs over the underlying Ethernet interface. |
|
lo0 |
Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces. |
|
Address-assignment pools |
pool v4-pool |
Pool that provides IPv4 addresses for the subscriber LAN. |
pool v6-ia-na-pool |
Pool that provides a global IPv6 address to the CPE WAN link. |
|
pool v6-pd-pool |
Pool that provides a pool of prefixes that are delegated to the CPE and used for assigning IPv6 global addresses on the subscriber LAN. |
Configuration
- Configuring a DHCPv6 Local Server for DHCPv6 over PPPoE
- Configuring a Dynamic Profile for the PPPoE Logical Interface
- Configuring a Loopback Interface
- Configuring a VLAN Demux Interface over an Ethernet Underlying Interface
- Configuring an Interface for Communication with a RADIUS Server
- Specifying the BNG Router Identifier
- Configuring RADIUS Server Access
- Configuring the RADIUS Server Access Profile
- Configuring Local Address-Assignment Pools
Configuring a DHCPv6 Local Server for DHCPv6 over PPPoE
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set system services dhcp-local-server dhcpv6 group v6-ppp-subscriber interface pp0.0
Step-by-Step Procedure
To layer DHCPv6 above the PPPoE IPv6 family (inet6), associate DHCPv6 with the PPPoE interfaces by adding the PPPoE interfaces to the DHCPv6 local server configuration. Because this example uses a dynamic PPPoE interface, we are using the pp0.0 (PPPoE) logical interface as a wildcard to indicate that a DHCPv6 binding can be made on top of a PPPoE interface.
To configure a DHCPv6 local server:
Create a group for dynamic PPPoE interfaces, assign a name, and add an interface for dynamic PPPoE logical interfaces.
The group feature groups a set of interfaces and then applies a common DHCP configuration to the named interface group.
user@host# set system services dhcp-local-server dhcpv6 group v6-ppp-subscriber interface pp0.0
Commit the configuration.
user@host# commit
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit]
user@host# show
system {
services {
dhcp-local-server {
dhcpv6 {
group v6-ppp-subscriber {
interface pp0.0;
}
}
}
}
}
Configuring a Dynamic Profile for the PPPoE Logical Interface
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance interface $junos-interface-name set interfaces pp0 unit $junos-interface-unit family inet unnumbered-address "$junos-loopback-interface" set interfaces pp0 unit $junos-interface-unit family inet6 unnumbered-address "$junos-loopback-interface" set interfaces pp0 unit $junos-interface-unit pppoe-options underlying-interface "$junos-underlying-interface" set interfaces pp0 unit $junos-interface-unit pppoe-options server set interfaces pp0 unit $junos-interface-unit ppp-options pap set interfaces pp0 unit $junos-interface-unit ppp-options chap set interfaces pp0 unit $junos-interface-unit keepalives interval 30
Step-by-Step Procedure
Create a dynamic profile for the PPPoE logical interface. This dynamic profile supports both IPv4 and IPv6 sessions on the same logical interface.
To configure the dynamic profile:
Create and name the dynamic profile.
Include the
dynamic-profilesstatement at the[edit]hierarchy level and specifypppoe-subscriber-profileas the profile name.user@host# set dynamic-profiles pppoe-subscriber-profile
Add a routing instance to the profile and add an interface to the routing instance.
Include the
routing-instancesstatement at the[edit dynamic-profiles pppoe-subscriber-profile]hierarchy level and specify$junos-routing-instanceas the routing instance name variable. Also include theinterfacestatement at the[edit dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance]hierarchy level and specify$junos-interface-nameas the interface variable.user@host# set dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance user@host# set dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance interface $junos-interface-name
Configure a PPPoE logical interface (pp0) that is used to create logical PPPoE interfaces for the IPv4 and IPv6 subscribers.
Include the
interfacesstatement at the[edit dynamic-profiles pppoe-subscriber-profile]hierarchy level and specifypp0as the interface name.user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0
Configure the logical interface.
Include the
unitstatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0]hierarchy level and specify$junos-interface-unitas the predefined variable to represent the logical unit number for thepp0interface.The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.
user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit $junos-interface-unit
Configure the underlying interface.
Include the
underlying-interfacestatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options]hierarchy level and specify$junos-underlying-interfaceas the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface.The variable is dynamically replaced with the actual name of the underlying interface, which is supplied by the network when the subscriber logs in.
user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface $junos-underlying-interface
Configure the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.
Include the
serverstatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options]hierarchy level.user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server
Configure the IPv4 family for the pp0 interface.
Include the
unnumbered-addressstatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" family inet]hierarchy level and specify the unnumbered address to dynamically apply loopback interfaces.Because the example uses routing instances, specify the predefined variable
$junos-loopback-interface.user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address $junos-loopback-interface
Configure the IPv6 family for the pp0 interface.
Include the
unnumbered-addressstatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options family inet6]hierarchy level and specify the unnumbered address to dynamically create loopback interfaces.Because the example uses routing instances without router advertisement, specify the predefined variable
$junos-loopback-interface.user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options family inet6 unnumbered-address $junos-loopback-interface
Configure one or more PPP authentication protocols for the pp0 interface.
Include the
ppp-optionsstatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit"]hierarchy level and specifychapandpapas the authentication protocols.user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap
Enable keepalives and set an interval for keepalives.
Include the
intervalstatement at the[edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" keepalives]hierarchy level and specify30seconds.We recommend an interval of 30 seconds.
user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit keepalives interval 30
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit dynamic-profiles pppoe-subscriber-profile]
user@host# show
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
unnumbered-address "$junos-loopback-interface";
}
family inet6 {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring a Loopback Interface
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set interfaces lo0 unit 0 family inet address 10.0.0.1/32 primary set interfaces lo0 unit 0 family inet address 10.0.0.1/32 preferred set interfaces lo0 unit 0 family inet6 address 2001:0::1/128 primary set interfaces lo0 unit 0 family inet6 address 2001:0::1/128 preferred
Step-by-Step Procedure
To configure a loopback interface:
Create the loopback interface.
Include the
unitstatement at the[edit interfaces lo0]hierarchy level and specify0as the logical interface number.Include the
addressstatement at the[edit interfaces lo0 unit 0 family inet]hierarchy level and specify10.0.0.1/32as the IPv4 address.user@host# set interfaces lo0 unit 0 family inet address 10.0.0.1/32
Configure the interface IPv4 address to be the primary and preferred address.
Include the
primaryandpreferredstatements at the[edit interfaces lo0 unit 0 family inet address 10.0.0.1/32]hierarchy level.user@host# set interfaces lo0 unit 0 family inet address 10.0.0.1/32 primary preferred
Configure the interface IPv6 address to be the primary and preferred address.
Include the
addressstatement at the[edit interfaces lo0 unit 0 family inet6]hierarchy level and specify2001:0::1/128as the IPv6 address.Include the
primaryandpreferredstatements at the[edit interfaces lo0 unit 0 family inet6 address 2001:0::1/128]hierarchy level.user@host# set interfaces lo0 unit 0 family inet6 address 2001:0::1/128 primary preferred
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit interfaces lo0]
user@host# show
unit 0 {
family inet {
address 10.0.0.1/32 {
primary;
preferred;
}
}
family inet6 {
address 2001:0::1/128 {
primary;
preferred;
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring a VLAN Demux Interface over an Ethernet Underlying Interface
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set interfaces ge-0/3/0 hierarchical-scheduler maximum-hierarchy-levels 2 set interfaces ge-0/3/0 flexible-vlan-tagging set interfaces ge-0/3/0 encapsulation flexible-ethernet-services set interfaces demux0 unit 1 vlan-tags outer 1 set interfaces demux0 unit 1 vlan-tags inner 1 set interfaces demux0 unit 1 demux-options underlying-interface ge-0/3/0 set interfaces demux0 unit 1 family pppoe dynamic-profile pppoe-subscriber-profile set interfaces demux0 unit 1 family pppoe duplicate-protection set interfaces demux0 unit 1 proxy-arp
Step-by-Step Procedure
To configure a VLAN demux interface over an Ethernet underlying interface:
Configure the underlying Ethernet interface.
user@host# set interfaces ge-0/3/0 flexible-vlan-tagging user@host# set interfaces ge-0/3/0 encapsulation flexible-ethernet-services user@host# set interfaces ge-0/3/0 hierarchical-scheduler maximum-hierarchy-levels 2
Create the VLAN demux interface and specify a unit number.
user@host# set interfaces demux0 unit 1
Configure the VLAN tags.
user@host# set interfaces demux0 unit 1 vlan-tags outer 1 inner 1
Specify the underlying Ethernet interface.
user@host# set interfaces demux0 unit 1 demux-options underlying-interface ge-0/3/0
Specify the dynamic profile.
user@host# set interfaces demux0 unit 1 family pppoe dynamic-profile pppoe-subscriber-profile
Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on the same VLAN interface.
user@host# set interfaces demux0 unit 1 family pppoe duplicate-protection
(Optional) Specify that you want the demux interface to use proxy ARP.
user@host# set interfaces demux0 unit 1 proxy-arp
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit interfaces]
user@host# show
ge-0/3/0 {
hierarchical-scheduler maximum-hierarchy-levels 2;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
}
demux0 {
unit 1 {
proxy-arp;
vlan-tags outer 1 inner 1;
demux-options {
underlying-interface ge-0/3/0;
}
family pppoe {
duplicate-protection;
dynamic-profile pppoe-subscriber-profile;
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring an Interface for Communication with a RADIUS Server
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set interfaces ge-0/2/5 unit 0 family inet address 10.9.0.9 set interfaces ge-0/2/5 gigether-options no-auto-negotiation
Step-by-Step Procedure
To configure the interface:
Create the interface, specify a logical interface unit number, and configure the IPv4 address.
user@host# set interfaces ge-0/2/5 unit 0 family inet address 10.9.0.9
Specify that Gigabit Ethernet options are not automatically negotiated.
user@host# set interfaces ge-0/2/5 gigether-options no-auto-negotiation
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit interfaces ge-0/2/5]
user@host# show
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 10.9.0.9/32;
}
}
If you are done configuring the device, enter commit from configuration mode.
Specifying the BNG Router Identifier
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set routing-options router-id 10.0.0.0
We strongly recommend that you configure the BNG router ID, thereby avoiding unpredictable behavior if the interface address on a loopback interface changes.
Step-by-Step Procedure
Configure the router ID of the BNG.
user@host# set routing-options router-id 10.0.0.0
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit routing-options] user@host# show router-id 10.0.0.0;
If you are done configuring the device, enter commit from configuration mode.
Configuring RADIUS Server Access
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set access radius-server 10.9.0.9 secret "$9$lXRv87GUHm5FYgF/CA1I" set access radius-server 10.9.0.9 timeout 45 set access radius-server 10.9.0.9 retry 4 set access radius-server 10.9.0.9 source-address 10.0.0.1
Step-by-Step Procedure
To configure RADIUS servers:
Create a RADIUS server configuration and specify the address of the server.
user@host# set access radius-server 10.9.0.9
Configure the required secret (password) for the server.
Secrets enclosed in quotation marks can contain spaces.
user@host# set access radius-server 10.9.0.9 secret "$9$lXRv87GUHm5FYgF/CA1I"
Configure the source address that the BNG uses when it sends RADIUS requests to the RADIUS server.
user@host# set access radius-server 10.9.0.9 source-address 10.0.0.1
(Optional) Configure the number of times that the router attempts to contact a RADIUS accounting server.
You can configure the router to retry from 1 through 16 times. The default setting is 3 retry attempts.
user@host# set access radius-server 10.9.0.9 retry 4
(Optional) Configure the length of time that the local router or switch waits to receive a response from a RADIUS server.
By default, the router or switch waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.
user@host# set access radius-server 10.9.0.9 timeout 45
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit access]
user@host# show
radius-server {
10.9.0.9 {
secret "$9$lXRv87GUHm5FYgF/CA1I"; ## SECRET-DATA
timeout 45;
retry 4;
source-address 10.0.0.1;
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring the RADIUS Server Access Profile
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set access profile Access-Profile set access profile Access-Profile authentication-order radius set access profile Access-Profile radius authentication-server 10.9.0.9 set access profile Access-Profile radius accounting-server 10.9.0.9 set access profile Access-Profile accounting order radius set access profile Access-Profile accounting order none set access profile Access-Profile accounting update-interval 120 set access profile Access-Profile accounting statistics volume-time
Step-by-Step Procedure
To configure a RADIUS server access profile:
Create a RADIUS server access profile.
user@host# set access profile Access-Profile
Specify the order in which authentication methods are used.
user@host# set access profile Access-Profile authentication-order radius
Specify the address of the RADIUS server used for authentication and the server used for accounting.
user@host# set access profile Access-Profile radius authentication-server 10.9.0.9 user@host# set access profile Access-Profile radius accounting-server 10.9.0.9
Configure RADIUS accounting values for the access profile.
user@host# set access profile Access-Profile accounting order [ radius none ] user@host# set access profile Access-Profile accounting update-interval 120 user@host# set access profile Access-Profile accounting statistics volume-time
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit access]
user@host# show
profile Access-Profile {
authentication-order radius;
radius {
authentication-server 10.9.0.9;
accounting-server 10.9.0.9;
}
accounting {
order [ radius none ];
update-interval 120;
statistics volume-time;
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring Local Address-Assignment Pools
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set access address-assignment pool v4-pool family inet network 10.16.0.1/32 set access address-assignment pool v4-pool family inet range v4-range-0 low 10.16.0.1 set access address-assignment pool v4-pool family inet range v4-range-0 high 10.31.255.255 set access address-assignment pool v4-pool family inet dhcp-attributes maximum-lease-time 99999 set access address-assignment pool v6-ia-na-pool family inet6 prefix 1000:0000::/64 set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 1000::1/128 set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 1000::ffff:ffff/128 set access address-assignment pool v6-pd-pool family inet6 prefix 2012::/48 set access address-assignment pool v6-pd-pool family inet6 range v6-pd prefix-length 64
Step-by-Step Procedure
Configure three address-assignment pools for DHCPv4, DHCPv6 IA_NA, and DHCPv6 prefix delegation.
To configure the address-assignment pools:
Configure the address-assignment pool for DHCPv4.
[edit] user@host# set access address-assignment pool v4-pool user@host# set access address-assignment pool v4-pool family inet network 10.16.0.1 user@host# set access address-assignment pool v4-pool family inet range v4-range-0 low 10.16.0.1 user@host# set access address-assignment pool v4-pool family inet range v4-range-0 high 10.31.255.255 user@host# set access address-assignment pool v4-pool family inet dhcp-attributes maximum-lease-time 99999
Configure the address-assignment pool for DHCPv6 IA_NA.
[edit] user@host# set access address-assignment pool v6-ia-na-pool user@host# set access address-assignment pool v6-ia-na-pool family inet6 prefix 1000:0000::/64 user@host# set access address-assignment pool v6-ia-na-pool range v6-range-0 low 1000::1/128 user@host# set access address-assignment pool v6-ia-na-pool range v6-range-0 high 1000::ffff:ffff/128
Configure the address-assignment pool for DHCPv6 prefix delegation.
[edit] user@host# set access address-assignment pool v6-pd-pool user@host# set access address-assignment pool v6-pd-pool family inet6 prefix 2012::/48 user@host# set access address-assignment pool v6-pd-pool family inet6 range v6-pd prefix-length 64
(Optional) Enable duplicate prefix protection.
user@host# set access address-protection
Results
From configuration mode, confirm your configuration
by entering the show command.
[edit access]
user@host# show
address-assignment {
pool v4-pool {
family inet {
network 10.16.0.1/32;
range v4-range-0 {
low 10.16.0.1;
high 10.31.255.255;
}
dhcp-attributes {
maximum-lease-time 99999;
}
}
}
pool v6-ia-na-pool {
family inet6 {
prefix 1000:0000::/64 ;
range v6-range-0 {
low 1000::1/128;
high 1000::ffff:ffff/128;
}
}
}
pool v6-pd-pool {
family inet6 {
prefix 2012::/48;
range v6-pd prefix-length 64;
}
}
address-protection;
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
- Verifying Active Subscriber Sessions
- Verifying Both IPv4 and IPv6 Addresses in Correct Routing Instance
- Verifying Dynamic Subscriber Sessions
- Verifying DHCPv6 Address Pools Used for DHCPv6 Prefix Delegation
- Verifying DHCPv6 Address Bindings
- Verifying PPP Options Negotiated with the Remote Peer
- Results
Verifying Active Subscriber Sessions
Purpose
Verify active subscriber sessions.
Action
From operational mode, enter the show subscribers
summary command.
user@host> show subscribers summary Subscribers by State Active: 2 Total: 2 Subscribers by Client Type DHCP: 1 PPPoE: 1 Total: 2
Meaning
The fields under Subscribers by State show
the number of active subscribers.
The fields under Subscribers by Client Type show
the number of active DHCP and PPPoE subscriber sessions.
Verifying Both IPv4 and IPv6 Addresses in Correct Routing Instance
Purpose
Verify that the subscriber has both an IPv4 and an IPv6 address and is placed in the correct routing instance.
Action
From operational mode, enter the show subscribers command.
user@host> show subscribers Interface IP Address/VLAN ID User Name LS:RI pp0.1073741825 10.16.0.2 SBRSTATICUSER default:default pp0.1073741825 1000::1 default:default
Meaning
The Interface field shows that two subscriber
sessions are running on the same interface. The IP Address field shows that one session is assigned an IPv4 address, and the
second session is assigned an IPv6 address by DHCPv6 IA_NA.
The LS:RI field shows that the subscriber is placed
in the correct routing instance and that traffic can be sent and received.
Verifying Dynamic Subscriber Sessions
Purpose
Verify dynamic PPPoE and DHCPv6 subscriber sessions. In this sample configuration, the DHCPv6 subscriber session should be layered over the underlying PPPoE subscriber session.
Action
From operational mode, enter the show subscribers
detail command.
user@host> show subscribers detail Type: PPPoE User Name: SBRSTATICUSER IP Address: 10.16.0.2 IP Netmask: 255.0.0.0 Logical System: default Routing Instance: default Interface: pp0.1073741825 Interface type: Dynamic Dynamic Profile Name: pppoe-subscriber-profile MAC Address: 00:01:02:00:00:01 State: Active Radius Accounting ID: 2 Session ID: 2 Login Time: 2011-12-08 09:11:41 PST Type: DHCP IPv6 Address: 1000::1 Logical System: default Routing Instance: default Interface: pp0.1073741825 Interface type: Static MAC Address: 00:01:02:00:00:01 State: Active Radius Accounting ID: 3 Session ID: 3 Underlying Session ID: 2 Login Time: 2011-12-08 09:12:11 PST DHCP Options: len 42 00 08 00 02 0b b8 00 01 00 0a 00 03 00 01 00 01 02 00 00 01 00 06 00 02 00 03 00 03 00 0c 00 00 00 00 00 00 00 00 00 00 00 00
Meaning
When a subscriber has logged in and started both an IPv4 and an IPv6 session, the output shows the active underlying PPPoE session and the active DHCPv6 session.
The Session ID field for the PPPoE session is 2.
The Underlying Session ID for the DHCP session is 2, which
shows that the PPPoE session is the underlying session.
Verifying DHCPv6 Address Pools Used for DHCPv6 Prefix Delegation
Purpose
Verify the delegated address pool used for DHCPv6 prefix delegation and the length of the IPv6 prefix that was delegated to the CPE.
Action
From operational mode, enter the show subscribers
extensive command.
user@host> show subscribers extensive Type: PPPoE User Name: SBRSTATICUSER IP Address: 10.16.0.2 IP Netmask: 255.0.0.0 Logical System: default Routing Instance: default Interface: pp0.1073741825 Interface type: Dynamic Dynamic Profile Name: pppoe-subscriber-profile MAC Address: 00:01:02:00:00:01 State: Active Radius Accounting ID: 2 Session ID: 2 Login Time: 2011-12-08 09:11:41 PST IPv6 Delegated Address Pool: v6-na-pool Type: DHCP IPv6 Address: 1000::1 Logical System: default Routing Instance: default Interface: pp0.1073741825 Interface type: Static MAC Address: 00:01:02:00:00:01 State: Active Radius Accounting ID: 3 Session ID: 3 Underlying Session ID: 2 Login Time: 2011-12-08 09:12:11 PST DHCP Options: len 42 00 08 00 02 0b b8 00 01 00 0a 00 03 00 01 00 01 02 00 00 01 00 06 00 02 00 03 00 03 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 IPv6 Delegated Address Pool: v6-na-pool IPv6 Delegated Network Prefix Length: 64
Meaning
The IPv6 Delegated Address Pool field shows
the name of the pool that DHCPv6 used to assign the IPv6 address for
this subscriber session.
Verifying DHCPv6 Address Bindings
Purpose
Display the address bindings in the client table on the DHCPv6 local server.
Action
From operational mode, enter the show dhcpv6 server
binding detail command.
user@host> show dhcpv6 server binding detail
Session Id: 580547
Client IPv6 Address: 1000::4/128
Client DUID: LL0x1-00:01:02:00:00:01
State: BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
Lease Expires: 2012-01-05 07:06:04 PST
Lease Expires in: 82943 seconds
Lease Start: 2012-01-04 07:06:04 PST
Last Packet Received: 2012-01-04 07:06:04 PST
Incoming Client Interface: pp0.1073926645
Server Ip Address: 0.0.0.0
Client Pool Name: v6-na-pool-0
Client Id Length: 10
Client Id: /0x00030001/0x00010200/0x0001
Meaning
The Client IPv6 Address field shows the /128 address that was assigned to the CPE WAN link using DHCPv6 IA_NA.
The Client Pool Name field shows the name of the address pool that was used to assign the Client IPv6 Address.
Verifying PPP Options Negotiated with the Remote Peer
Purpose
Verify PPP options negotiated with the remote peer.
Action
From operational mode, enter the show ppp interface interface extensive command.
user@host> show ppp interface pp0.1073741825 extensive
Session pp0.1073926645, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2012-01-04 07:05:33 PST
Last completed: 2012-01-04 07:05:33 PST
Negotiated options:
Authentication protocol: pap, Magic number: 191301485, Local MRU: 1492,
Peer MRU: 65531
Authentication: PAP
State: Grant
Last started: 2012-01-04 07:05:33 PST
Last completed: 2012-01-04 07:05:33 PST
IPCP
State: Opened
Last started: 2012-01-04 07:05:34 PST
Last completed: 2012-01-04 07:05:34 PST
Negotiated options:
Local address: 10.0.0.1, Remote address: 10.16.0.2
IPV6CP
State: Opened
Last started: 2012-01-04 07:05:34 PST
Last completed: 2012-01-04 07:05:34 PST
Negotiated options:
Local interface identifier: 2a0:a50f:fc71:e049,
Remote interface identifier: 201:2ff:fe00:1
Meaning
The output shows the PPP options that were negotiated with the remote peer.
Under IPCP, the Negotiated options field shows the
IPv4 local and remote addresses that were negotiated by IPCP.
Under IPV6CP, the Negotiated options field shows
the IPv6 local and remote interface identifiers that were negotiated
by IPv6CP.
Results
The following is the complete configuration for this example:
dynamic-profiles {
pppoe-subscriber-profile {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
unnumbered-address "$junos-loopback-interface";
}
family inet6 {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
}
}
system {
services {
dhcp-local-server {
dhcpv6 {
group v6-ppp-subscriber {
interface pp0.0;
}
}
}
}
}
interfaces {
ge-0/2/5 {
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 10.9.0.9/32;
}
}
}
ge-0/3/0 {
hierarchical-scheduler maximum-hierarchy-levels 2;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 1;
}
demux0 {
unit 1 {
proxy-arp;
vlan-tags outer 1 inner 1;
demux-options {
underlying-interface ge-0/3/0;
}
family pppoe {
duplicate-protection;
dynamic-profile pppoe-subscriber-profile;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.1/32 {
primary;
preferred;
}
}
family inet6 {
address 2001:0::1/128 {
primary;
preferred;
}
}
}
}
}
routing-options {
router-id 10.0.0.0;
}
access {
radius-server {
10.9.0.9 {
secret "$9$lXRv87GUHm5FYgF/CA1I"; ## SECRET-DATA
timeout 45;
retry 4;
source-address 10.0.0.1;
}
}
profile Access-Profile {
authentication-order radius;
radius {
authentication-server 10.9.0.9;
accounting-server 10.9.0.9;
}
accounting {
order [ radius none ];
update-interval 120;
statistics volume-time;
}
}
address-assignment {
pool v4-pool {
family inet {
network 10.16.0.1/32;
range v4-range-0 {
low 10.16.0.1;
high 10.31.255.255;
}
dhcp-attributes {
maximum-lease-time 99999;
}
}
}
pool v6-ia-na-pool {
family inet6 {
prefix 1000:0000::/64;
range v6-range-0 {
low 1000::1/128;
high 1000::ffff:ffff/128;
}
}
}
pool v6-pd-pool {
family inet6 {
prefix 2012::/48;
range v6-pd prefix-length 64;
}
}
}
address-protection;
}