Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE

Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE

keyboard_arrow_up
close
keyboard_arrow_left
Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Example: Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE

date_range 11-Mar-24
arrow_backward
arrow_forward

This example uses DHCPv6 IA_NA and DHCPv6 prefix delegation in your subscriber access network as follows:

  • DHCPv6 IA_NA is used to assign a global IPv6 address on the WAN link. The address can come from a local pool or AAA RADIUS.

  • DHCPv6 prefix delegation is used for host device addressing. The delegated prefix can come from a local pool or from AAA RADIUS. The CPE uses the delegated prefix for subscriber addressing. The CPE can use NDRA or DHCPv6 to allocate IPv6 addresses on the LAN.

Requirements

This example uses the following hardware and software components:

  • MX Series 3D Universal Edge Router

  • Junos OS Release 11.4 or later

Note:

This configuration example has been tested using the software release listed and is assumed to work on all later releases.

Overview

This design uses DHCPv6 IA_NA and DHCPv6 prefix delegation in your subscriber access network as follows:

  • The access network is PPPoE.

  • DHCPv6 IA_NA is used to assign a global IPv6 address on the WAN link. The address comes from a local pool that is specified using AAA RADIUS.

  • DHCPv6 prefix delegation is used for subscriber LAN addressing. It uses a delegated prefix from a local pool that is specified by AAA RADIUS.

  • DHCPv4 is used for subscriber LAN addressing.

  • DHCPv6 subscriber sessions are layered over an underlying PPPoE subscriber session.

Topology

Figure 1: PPPoE Subscriber Access Network with DHCPv6 IA_NA and DHCPv6 Prefix DelegationPPPoE Subscriber Access Network with DHCPv6 IA_NA and DHCPv6 Prefix Delegation

Table 1 describes the configuration components used in this example.

Table 1: Configuration Components Used in Dual Stack with DHCPv6 IA_NA and DHCPv6 Prefix Delegation

Configuration Component

Component Name

Purpose

Dynamic profile

pppoe-subscriber-profile

Profile that creates a PPPoE logical interface when the subscriber logs in.

Interfaces

ge-0/2/5

Interface used for communication with the RADIUS server.

ge-0/3/0

Underlying Ethernet interface.

demux0

VLAN demux interface that runs over the underlying Ethernet interface.

lo0

Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces.

Address-assignment pools

pool v4-pool

Pool that provides IPv4 addresses for the subscriber LAN.

pool v6-ia-na-pool

Pool that provides a global IPv6 address to the CPE WAN link.

pool v6-pd-pool

Pool that provides a pool of prefixes that are delegated to the CPE and used for assigning IPv6 global addresses on the subscriber LAN.

Configuration

Configuring a DHCPv6 Local Server for DHCPv6 over PPPoE

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set system services dhcp-local-server dhcpv6 group v6-ppp-subscriber interface pp0.0

Step-by-Step Procedure

To layer DHCPv6 above the PPPoE IPv6 family (inet6), associate DHCPv6 with the PPPoE interfaces by adding the PPPoE interfaces to the DHCPv6 local server configuration. Because this example uses a dynamic PPPoE interface, we are using the pp0.0 (PPPoE) logical interface as a wildcard to indicate that a DHCPv6 binding can be made on top of a PPPoE interface.

To configure a DHCPv6 local server:

  1. Create a group for dynamic PPPoE interfaces, assign a name, and add an interface for dynamic PPPoE logical interfaces.

    The group feature groups a set of interfaces and then applies a common DHCP configuration to the named interface group.

    content_copy zoom_out_map
    user@host# set system services dhcp-local-server dhcpv6 group v6-ppp-subscriber interface pp0.0

  2. Commit the configuration.

    content_copy zoom_out_map
    user@host# commit

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit] 
user@host#  show
system {
    services {
        dhcp-local-server {
            dhcpv6 {
                group v6-ppp-subscriber {
                    interface pp0.0;
                }
            }
        }
    }
}

Configuring a Dynamic Profile for the PPPoE Logical Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance interface $junos-interface-name 
set interfaces pp0 unit $junos-interface-unit family inet unnumbered-address "$junos-loopback-interface"
set interfaces pp0 unit $junos-interface-unit family inet6 unnumbered-address "$junos-loopback-interface"
set interfaces pp0 unit $junos-interface-unit pppoe-options underlying-interface "$junos-underlying-interface"
set interfaces pp0 unit $junos-interface-unit pppoe-options server
set interfaces pp0 unit $junos-interface-unit ppp-options pap
set interfaces pp0 unit $junos-interface-unit ppp-options chap
set interfaces pp0 unit $junos-interface-unit keepalives interval 30

Step-by-Step Procedure

Create a dynamic profile for the PPPoE logical interface. This dynamic profile supports both IPv4 and IPv6 sessions on the same logical interface.

To configure the dynamic profile:

  1. Create and name the dynamic profile.

    Include the dynamic-profiles statement at the [edit] hierarchy level and specify pppoe-subscriber-profile as the profile name.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile

  2. Add a routing instance to the profile and add an interface to the routing instance.

    Include the routing-instances statement at the [edit dynamic-profiles pppoe-subscriber-profile] hierarchy level and specify $junos-routing-instance as the routing instance name variable. Also include the interface statement at the [edit dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance] hierarchy level and specify $junos-interface-name as the interface variable.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance
user@host# set dynamic-profiles pppoe-subscriber-profile routing-instances $junos-routing-instance interface $junos-interface-name

  3. Configure a PPPoE logical interface (pp0) that is used to create logical PPPoE interfaces for the IPv4 and IPv6 subscribers.

    Include the interfaces statement at the [edit dynamic-profiles pppoe-subscriber-profile] hierarchy level and specify pp0 as the interface name.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0

  4. Configure the logical interface.

    Include the unit statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0] hierarchy level and specify $junos-interface-unit as the predefined variable to represent the logical unit number for the pp0 interface.

    The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit $junos-interface-unit

  5. Configure the underlying interface.

    Include the underlying-interface statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options] hierarchy level and specify $junos-underlying-interface as the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface.

    The variable is dynamically replaced with the actual name of the underlying interface, which is supplied by the network when the subscriber logs in.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface $junos-underlying-interface

  6. Configure the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.

    Include the server statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options] hierarchy level.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server

  7. Configure the IPv4 family for the pp0 interface.

    Include the unnumbered-address statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" family inet] hierarchy level and specify the unnumbered address to dynamically apply loopback interfaces.

    Because the example uses routing instances, specify the predefined variable $junos-loopback-interface.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address $junos-loopback-interface

  8. Configure the IPv6 family for the pp0 interface.

    Include the unnumbered-address statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options family inet6] hierarchy level and specify the unnumbered address to dynamically create loopback interfaces.

    Because the example uses routing instances without router advertisement, specify the predefined variable $junos-loopback-interface.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" pppoe-options family inet6 unnumbered-address $junos-loopback-interface

  9. Configure one or more PPP authentication protocols for the pp0 interface.

    Include the ppp-options statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit"] hierarchy level and specify chap and pap as the authentication protocols.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap 
user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" ppp-options pap

  10. Enable keepalives and set an interval for keepalives.

    Include the interval statement at the [edit dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit" keepalives] hierarchy level and specify 30 seconds.

    We recommend an interval of 30 seconds.

    content_copy zoom_out_map
    user@host# set dynamic-profiles pppoe-subscriber-profile interfaces pp0 unit "$junos-interface-unit keepalives interval 30

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit dynamic-profiles pppoe-subscriber-profile] 
user@host#  show
routing-instances {
    "$junos-routing-instance" {
        interface "$junos-interface-name";
    }
}
interfaces {
    pp0 {
        unit "$junos-interface-unit" {
            ppp-options {
                chap;
                pap;
            }
            pppoe-options {
                underlying-interface "$junos-underlying-interface";
                server;
            }
            keepalives interval 30;
            family inet {
                unnumbered-address "$junos-loopback-interface";
            }
            family inet6 {
                unnumbered-address "$junos-loopback-interface";
            }
        }
    }
}

If you are done configuring the device, enter commit from configuration mode.

Configuring a Loopback Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set interfaces lo0 unit 0 family inet address 10.0.0.1/32 primary
set interfaces lo0 unit 0 family inet address 10.0.0.1/32 preferred
set interfaces lo0 unit 0 family inet6 address 2001:0::1/128 primary
set interfaces lo0 unit 0 family inet6 address 2001:0::1/128 preferred

Step-by-Step Procedure

To configure a loopback interface:

  1. Create the loopback interface.

    Include the unit statement at the [edit interfaces lo0] hierarchy level and specify 0 as the logical interface number.

    Include the address statement at the [edit interfaces lo0 unit 0 family inet] hierarchy level and specify 10.0.0.1/32 as the IPv4 address.

    content_copy zoom_out_map
    user@host# set interfaces lo0 unit 0 family inet address 10.0.0.1/32

  2. Configure the interface IPv4 address to be the primary and preferred address.

    Include the primary and preferred statements at the [edit interfaces lo0 unit 0 family inet address 10.0.0.1/32] hierarchy level.

    content_copy zoom_out_map
    user@host# set interfaces lo0 unit 0 family inet address 10.0.0.1/32 primary preferred

  3. Configure the interface IPv6 address to be the primary and preferred address.

    Include the address statement at the [edit interfaces lo0 unit 0 family inet6] hierarchy level and specify 2001:0::1/128 as the IPv6 address.

    Include the primary and preferred statements at the [edit interfaces lo0 unit 0 family inet6 address 2001:0::1/128] hierarchy level.

    content_copy zoom_out_map
    user@host# set interfaces lo0 unit 0 family inet6 address 2001:0::1/128 primary preferred

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit interfaces lo0]
user@host# show 
unit 0 {
    family inet {
        address 10.0.0.1/32 {
            primary;
            preferred;
        }
    }
    family inet6 {
        address 2001:0::1/128 {
            primary;
            preferred;
        }
    }
}

If you are done configuring the device, enter commit from configuration mode.

Configuring a VLAN Demux Interface over an Ethernet Underlying Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set interfaces ge-0/3/0 hierarchical-scheduler maximum-hierarchy-levels 2
set interfaces ge-0/3/0 flexible-vlan-tagging
set interfaces ge-0/3/0 encapsulation flexible-ethernet-services
set interfaces demux0 unit 1 vlan-tags outer 1
set interfaces demux0 unit 1 vlan-tags inner 1
set interfaces demux0 unit 1 demux-options underlying-interface ge-0/3/0
set interfaces demux0 unit 1 family pppoe dynamic-profile pppoe-subscriber-profile
set interfaces demux0 unit 1 family pppoe duplicate-protection
set interfaces demux0 unit 1 proxy-arp

Step-by-Step Procedure

To configure a VLAN demux interface over an Ethernet underlying interface:

  1. Configure the underlying Ethernet interface.

    content_copy zoom_out_map
    user@host# set interfaces ge-0/3/0 flexible-vlan-tagging
user@host# set interfaces ge-0/3/0 encapsulation flexible-ethernet-services
user@host# set interfaces ge-0/3/0 hierarchical-scheduler maximum-hierarchy-levels 2

  2. Create the VLAN demux interface and specify a unit number.

    content_copy zoom_out_map
    user@host# set interfaces demux0 unit 1

  3. Configure the VLAN tags.

    content_copy zoom_out_map
    user@host# set interfaces demux0 unit 1 vlan-tags outer 1 inner 1

  4. Specify the underlying Ethernet interface.

    content_copy zoom_out_map
    user@host# set interfaces demux0 unit 1 demux-options underlying-interface ge-0/3/0

  5. Specify the dynamic profile.

    content_copy zoom_out_map
    user@host# set interfaces demux0 unit 1 family pppoe dynamic-profile pppoe-subscriber-profile

  6. Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on the same VLAN interface.

    content_copy zoom_out_map
    user@host# set interfaces demux0 unit 1 family pppoe duplicate-protection

  7. (Optional) Specify that you want the demux interface to use proxy ARP.

    content_copy zoom_out_map
    user@host# set interfaces demux0 unit 1 proxy-arp

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit interfaces]
user@host# show
ge-0/3/0 {
    hierarchical-scheduler maximum-hierarchy-levels 2;
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
}
demux0 {
    unit 1 {
        proxy-arp;
        vlan-tags outer 1 inner 1;
        demux-options {
            underlying-interface ge-0/3/0;
        }
        family pppoe {
            duplicate-protection;
            dynamic-profile pppoe-subscriber-profile;
        }
    }
}

If you are done configuring the device, enter commit from configuration mode.

Configuring an Interface for Communication with a RADIUS Server

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set interfaces ge-0/2/5 unit 0 family inet address 10.9.0.9
set interfaces ge-0/2/5 gigether-options no-auto-negotiation

Step-by-Step Procedure

To configure the interface:

  1. Create the interface, specify a logical interface unit number, and configure the IPv4 address.

    content_copy zoom_out_map
    user@host# set interfaces ge-0/2/5 unit 0 family inet address 10.9.0.9

  2. Specify that Gigabit Ethernet options are not automatically negotiated.

    content_copy zoom_out_map
    user@host# set interfaces ge-0/2/5 gigether-options no-auto-negotiation

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit interfaces ge-0/2/5]
user@host# show 
gigether-options {
    no-auto-negotiation;
}
unit 0 {
    family inet {
        address 10.9.0.9/32;
    }
}

If you are done configuring the device, enter commit from configuration mode.

Specifying the BNG Router Identifier

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set routing-options router-id 10.0.0.0
Best Practice:

We strongly recommend that you configure the BNG router ID, thereby avoiding unpredictable behavior if the interface address on a loopback interface changes.

Step-by-Step Procedure

Configure the router ID of the BNG.

content_copy zoom_out_map
user@host# set routing-options router-id 10.0.0.0

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit routing-options]
user@host# show 
router-id 10.0.0.0;

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set access radius-server 10.9.0.9 secret "$9$lXRv87GUHm5FYgF/CA1I"
set access radius-server 10.9.0.9 timeout 45 
set access radius-server 10.9.0.9 retry 4 
set access radius-server 10.9.0.9 source-address 10.0.0.1

Step-by-Step Procedure

To configure RADIUS servers:

  1. Create a RADIUS server configuration and specify the address of the server.

    content_copy zoom_out_map
    user@host# set access radius-server 10.9.0.9

  2. Configure the required secret (password) for the server.

    Secrets enclosed in quotation marks can contain spaces.

    content_copy zoom_out_map
    user@host# set access radius-server 10.9.0.9 secret "$9$lXRv87GUHm5FYgF/CA1I"

  3. Configure the source address that the BNG uses when it sends RADIUS requests to the RADIUS server.

    content_copy zoom_out_map
    user@host# set access radius-server 10.9.0.9 source-address 10.0.0.1

  4. (Optional) Configure the number of times that the router attempts to contact a RADIUS accounting server.

    You can configure the router to retry from 1 through 16 times. The default setting is 3 retry attempts.

    content_copy zoom_out_map
    user@host# set access radius-server 10.9.0.9 retry 4

  5. (Optional) Configure the length of time that the local router or switch waits to receive a response from a RADIUS server.

    By default, the router or switch waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.

    content_copy zoom_out_map
    user@host# set access radius-server 10.9.0.9 timeout 45

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit access]
user@host# show
radius-server {
    10.9.0.9 {
        secret "$9$lXRv87GUHm5FYgF/CA1I"; ## SECRET-DATA
        timeout 45;
        retry 4;
        source-address 10.0.0.1;
    }
}

If you are done configuring the device, enter commit from configuration mode.

Configuring the RADIUS Server Access Profile

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set access profile Access-Profile
set access profile Access-Profile authentication-order radius
set access profile Access-Profile radius authentication-server 10.9.0.9
set access profile Access-Profile radius accounting-server 10.9.0.9
set access profile Access-Profile accounting order radius
set access profile Access-Profile accounting order none
set access profile Access-Profile accounting update-interval 120
set access profile Access-Profile accounting statistics volume-time

Step-by-Step Procedure

To configure a RADIUS server access profile:

  1. Create a RADIUS server access profile.

    content_copy zoom_out_map
    user@host# set access profile Access-Profile

  2. Specify the order in which authentication methods are used.

    content_copy zoom_out_map
    user@host# set access profile Access-Profile authentication-order radius

  3. Specify the address of the RADIUS server used for authentication and the server used for accounting.

    content_copy zoom_out_map
    user@host# set access profile Access-Profile radius authentication-server 10.9.0.9
user@host# set access profile Access-Profile radius accounting-server 10.9.0.9

  4. Configure RADIUS accounting values for the access profile.

    content_copy zoom_out_map
    user@host# set access profile Access-Profile accounting order [ radius none ]
user@host# set access profile Access-Profile accounting update-interval 120
user@host# set access profile Access-Profile accounting statistics volume-time

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit access]
user@host# show
profile Access-Profile {
    authentication-order radius;
    radius {
        authentication-server 10.9.0.9;
        accounting-server 10.9.0.9;
    }
    accounting {
        order [ radius none ];
        update-interval 120;
        statistics volume-time;
    }
}

If you are done configuring the device, enter commit from configuration mode.

Configuring Local Address-Assignment Pools

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set access address-assignment pool v4-pool family inet network 10.16.0.1/32 
set access address-assignment pool v4-pool family inet range v4-range-0 low 10.16.0.1 
set access address-assignment pool v4-pool family inet range v4-range-0 high 10.31.255.255 
set access address-assignment pool v4-pool family inet dhcp-attributes maximum-lease-time 99999 
set access address-assignment pool v6-ia-na-pool family inet6 prefix 1000:0000::/64  
set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 1000::1/128 
set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 1000::ffff:ffff/128 
set access address-assignment pool v6-pd-pool family inet6 prefix 2012::/48 
set access address-assignment pool v6-pd-pool family inet6 range v6-pd prefix-length 64

Step-by-Step Procedure

Configure three address-assignment pools for DHCPv4, DHCPv6 IA_NA, and DHCPv6 prefix delegation.

To configure the address-assignment pools:

  1. Configure the address-assignment pool for DHCPv4.

    content_copy zoom_out_map
    [edit]
user@host# set access address-assignment pool v4-pool
user@host# set access address-assignment pool v4-pool family inet network 10.16.0.1
user@host# set access address-assignment pool v4-pool family inet range v4-range-0 low 10.16.0.1
user@host# set access address-assignment pool v4-pool family inet range v4-range-0 high 10.31.255.255
user@host# set access address-assignment pool v4-pool family inet dhcp-attributes maximum-lease-time 99999

  2. Configure the address-assignment pool for DHCPv6 IA_NA.

    content_copy zoom_out_map
    [edit]
user@host# set access address-assignment pool v6-ia-na-pool
user@host# set access address-assignment pool v6-ia-na-pool family inet6 prefix 1000:0000::/64 
user@host# set access address-assignment pool v6-ia-na-pool range v6-range-0 low 1000::1/128
user@host# set access address-assignment pool v6-ia-na-pool range v6-range-0 high 1000::ffff:ffff/128

  3. Configure the address-assignment pool for DHCPv6 prefix delegation.

    content_copy zoom_out_map
    [edit]
user@host# set access address-assignment pool v6-pd-pool
user@host# set access address-assignment pool v6-pd-pool family inet6 prefix 2012::/48 
user@host# set access address-assignment pool v6-pd-pool family inet6 range v6-pd prefix-length 64

  4. (Optional) Enable duplicate prefix protection.

    content_copy zoom_out_map
    user@host# set access address-protection

Results

From configuration mode, confirm your configuration by entering the show command.

content_copy zoom_out_map
[edit access]
user@host# show
address-assignment {
    pool v4-pool {
        family inet {
            network 10.16.0.1/32;
            range v4-range-0 {
                low 10.16.0.1;
                high 10.31.255.255;
            }
            dhcp-attributes {
                maximum-lease-time 99999;
            }
        }
    }
    pool v6-ia-na-pool {
        family inet6 {
            prefix 1000:0000::/64 ;
            range v6-range-0 {
                low 1000::1/128;
                high 1000::ffff:ffff/128;
            }
        }
    }
    pool v6-pd-pool {
        family inet6 {
            prefix 2012::/48;
            range v6-pd prefix-length 64;
        }
    }
    address-protection;
}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Active Subscriber Sessions

Purpose

Verify active subscriber sessions.

Action

From operational mode, enter the show subscribers summary command.

content_copy zoom_out_map
user@host> show subscribers summary
Subscribers by State
   Active: 2
   Total: 2

Subscribers by Client Type
   DHCP: 1
   PPPoE: 1
   Total: 2
Meaning

The fields under Subscribers by State show the number of active subscribers.

The fields under Subscribers by Client Type show the number of active DHCP and PPPoE subscriber sessions.

Verifying Both IPv4 and IPv6 Addresses in Correct Routing Instance

Purpose

Verify that the subscriber has both an IPv4 and an IPv6 address and is placed in the correct routing instance.

Action

From operational mode, enter the show subscribers command.

content_copy zoom_out_map
user@host> show subscribers
Interface           IP Address/VLAN ID       User Name            LS:RI
pp0.1073741825      10.16.0.2               SBRSTATICUSER      default:default
pp0.1073741825      1000::1                                    default:default
Meaning

The Interface field shows that two subscriber sessions are running on the same interface. The IP Address field shows that one session is assigned an IPv4 address, and the second session is assigned an IPv6 address by DHCPv6 IA_NA.

The LS:RI field shows that the subscriber is placed in the correct routing instance and that traffic can be sent and received.

Verifying Dynamic Subscriber Sessions

Purpose

Verify dynamic PPPoE and DHCPv6 subscriber sessions. In this sample configuration, the DHCPv6 subscriber session should be layered over the underlying PPPoE subscriber session.

Action

From operational mode, enter the show subscribers detail command.

content_copy zoom_out_map
user@host> show subscribers detail
Type: PPPoE
User Name: SBRSTATICUSER
IP Address: 10.16.0.2
IP Netmask: 255.0.0.0
Logical System: default
Routing Instance: default
Interface: pp0.1073741825
Interface type: Dynamic
Dynamic Profile Name: pppoe-subscriber-profile
MAC Address: 00:01:02:00:00:01
State: Active
Radius Accounting ID: 2
Session ID: 2
Login Time: 2011-12-08 09:11:41 PST

Type: DHCP
IPv6 Address: 1000::1
Logical System: default
Routing Instance: default
Interface: pp0.1073741825
Interface type: Static
MAC Address: 00:01:02:00:00:01
State: Active
Radius Accounting ID: 3
Session ID: 3
Underlying Session ID: 2
Login Time: 2011-12-08 09:12:11 PST
DHCP Options: len 42
00 08 00 02 0b b8 00 01 00 0a 00 03 00 01 00 01 02 00 00 01
00 06 00 02 00 03 00 03 00 0c 00 00 00 00 00 00 00 00 00 00
00 00
Meaning

When a subscriber has logged in and started both an IPv4 and an IPv6 session, the output shows the active underlying PPPoE session and the active DHCPv6 session.

The Session ID field for the PPPoE session is 2. The Underlying Session ID for the DHCP session is 2, which shows that the PPPoE session is the underlying session.

Verifying DHCPv6 Address Pools Used for DHCPv6 Prefix Delegation

Purpose

Verify the delegated address pool used for DHCPv6 prefix delegation and the length of the IPv6 prefix that was delegated to the CPE.

Action

From operational mode, enter the show subscribers extensive command.

content_copy zoom_out_map
user@host> show subscribers extensive
Type: PPPoE
User Name: SBRSTATICUSER
IP Address: 10.16.0.2
IP Netmask: 255.0.0.0
Logical System: default
Routing Instance: default
Interface: pp0.1073741825
Interface type: Dynamic
Dynamic Profile Name: pppoe-subscriber-profile
MAC Address: 00:01:02:00:00:01
State: Active
Radius Accounting ID: 2
Session ID: 2
Login Time: 2011-12-08 09:11:41 PST
IPv6 Delegated Address Pool: v6-na-pool

Type: DHCP
IPv6 Address: 1000::1
Logical System: default
Routing Instance: default
Interface: pp0.1073741825
Interface type: Static
MAC Address: 00:01:02:00:00:01
State: Active
Radius Accounting ID: 3
Session ID: 3
Underlying Session ID: 2
Login Time: 2011-12-08 09:12:11 PST
DHCP Options: len 42
00 08 00 02 0b b8 00 01 00 0a 00 03 00 01 00 01 02 00 00 01
00 06 00 02 00 03 00 03 00 0c 00 00 00 00 00 00 00 00 00 00
00 00
IPv6 Delegated Address Pool: v6-na-pool
IPv6 Delegated Network Prefix Length: 64
Meaning

The IPv6 Delegated Address Pool field shows the name of the pool that DHCPv6 used to assign the IPv6 address for this subscriber session.

Verifying DHCPv6 Address Bindings

Purpose

Display the address bindings in the client table on the DHCPv6 local server.

Action

From operational mode, enter the show dhcpv6 server binding detail command.

content_copy zoom_out_map
user@host> show dhcpv6 server binding detail
Session Id:  580547
     Client IPv6 Address:                      1000::4/128
     Client DUID:                           LL0x1-00:01:02:00:00:01
     State:                                 BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
     Lease Expires:                         2012-01-05 07:06:04 PST
     Lease Expires in:                      82943 seconds
     Lease Start:                           2012-01-04 07:06:04 PST
     Last Packet Received:                  2012-01-04 07:06:04 PST
     Incoming Client Interface:             pp0.1073926645
     Server Ip Address:                     0.0.0.0
     Client Pool Name:                        v6-na-pool-0
     Client Id Length:                      10
     Client Id:                             /0x00030001/0x00010200/0x0001
Meaning

The Client IPv6 Address field shows the /128 address that was assigned to the CPE WAN link using DHCPv6 IA_NA.

The Client Pool Name field shows the name of the address pool that was used to assign the Client IPv6 Address.

Verifying PPP Options Negotiated with the Remote Peer

Purpose

Verify PPP options negotiated with the remote peer.

Action

From operational mode, enter the show ppp interface interface extensive command.

content_copy zoom_out_map
user@host> show ppp interface pp0.1073741825 extensive
  Session pp0.1073926645, Type: PPP, Phase: Network
    LCP
      State: Opened
      Last started: 2012-01-04 07:05:33 PST
      Last completed: 2012-01-04 07:05:33 PST
      Negotiated options:
        Authentication protocol: pap, Magic number: 191301485, Local MRU: 1492,
        Peer MRU: 65531
    Authentication: PAP
      State: Grant
      Last started: 2012-01-04 07:05:33 PST
      Last completed: 2012-01-04 07:05:33 PST
    IPCP
      State: Opened
      Last started: 2012-01-04 07:05:34 PST
      Last completed: 2012-01-04 07:05:34 PST
      Negotiated options:
        Local address: 10.0.0.1, Remote address: 10.16.0.2

    IPV6CP
      State: Opened
      Last started: 2012-01-04 07:05:34 PST
      Last completed: 2012-01-04 07:05:34 PST
      Negotiated options:
        Local interface identifier: 2a0:a50f:fc71:e049,
        Remote interface identifier: 201:2ff:fe00:1
Meaning

The output shows the PPP options that were negotiated with the remote peer.

Under IPCP, the Negotiated options field shows the IPv4 local and remote addresses that were negotiated by IPCP.

Under IPV6CP, the Negotiated options field shows the IPv6 local and remote interface identifiers that were negotiated by IPv6CP.

Results

The following is the complete configuration for this example:

content_copy zoom_out_map
dynamic-profiles {
    pppoe-subscriber-profile {
        routing-instances {
            "$junos-routing-instance" {
                interface "$junos-interface-name";
            }
        }
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    ppp-options {
                        chap;
                        pap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    keepalives interval 30;
                    family inet {
                        unnumbered-address "$junos-loopback-interface";
                    }
                    family inet6 {
                        unnumbered-address "$junos-loopback-interface";
                    }
                }
            }
        }
    }
}
system {
    services {
        dhcp-local-server {
            dhcpv6 {
                group v6-ppp-subscriber {
                    interface pp0.0;
                }
            }
        }
    }
}
interfaces {
    ge-0/2/5 {
        gigether-options {
            no-auto-negotiation;
        }
        unit 0 {
            family inet {
                address 10.9.0.9/32;
            }
        }
    }
    ge-0/3/0 {
        hierarchical-scheduler maximum-hierarchy-levels 2;
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 1;
    }
    demux0 {
        unit 1 {
            proxy-arp;
            vlan-tags outer 1 inner 1;
            demux-options {
                underlying-interface ge-0/3/0;
            }
            family pppoe {
                duplicate-protection;
                dynamic-profile pppoe-subscriber-profile;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.0.0.1/32 {
                    primary;
                    preferred;
                }
            }
            family inet6 {
                address 2001:0::1/128 {
                    primary;
                    preferred;
                }
            }
        }
    }
}
routing-options {
    router-id 10.0.0.0;
}
access {
    radius-server {
        10.9.0.9 {
            secret "$9$lXRv87GUHm5FYgF/CA1I"; ## SECRET-DATA
            timeout 45;
            retry 4;
            source-address 10.0.0.1;
        }
    }
    profile Access-Profile {
        authentication-order radius;
        radius {
            authentication-server 10.9.0.9;
            accounting-server 10.9.0.9;
        }
        accounting {
            order [ radius none ];
            update-interval 120;
            statistics volume-time;
        }
    }
    address-assignment {
        pool v4-pool {
            family inet {
                network 10.16.0.1/32;
                range v4-range-0 {
                    low 10.16.0.1;
                    high 10.31.255.255;
                }
                dhcp-attributes {
                    maximum-lease-time 99999;
                }
            }
        }
        pool v6-ia-na-pool {
            family inet6 {
                prefix 1000:0000::/64;
                range v6-range-0 {
                    low 1000::1/128;
                    high 1000::ffff:ffff/128;
                }
            }
        }
        pool v6-pd-pool {
            family inet6 {
                prefix 2012::/48;
                range v6-pd prefix-length 64;
            }
        }
    }
    address-protection;
}

Related Documentation

arrow_backward PREVIOUS Overview of Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation
NEXT arrow_forward
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top