Security

last person joined: 22 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  MX10 PPPOE Subscriber Managment

    Posted 07-23-2013 01:38

    Hello, I've been trying to setup our MX10 with Steel Belted Radius  to handle subscriber management for NGA connections

    It worked in a test environment but now I have come to implement it I've hit a stumbing block. 

     

    When I try to log the pppoe session is established but the  request doesn't get as far as the radius server now as nothing is appearing when I run wireshark and the log files on the mx shows this. I'm thinking the processrequestlicense may be the problem but I'm not sure

     

    Jul 23 08:25:34 New Process/Dispatch Client Message
    Jul 23 08:25:34 authd_tlv_build_list_from_structusername (0x247a35c) len:0
    Jul 23 08:25:34 authd_tlv_build_list_from_structprofile (0x247a2d4) len:0
    Jul 23 08:25:34 authd_tlv_build_list_from_structpassword (0x247a24c) len:0
    Jul 23 08:25:34 authd_auth_aaa_msg_create: num_of_tlvs:0 tot_num_of_tlv:3
    Jul 23 08:25:34 authd_auth_aaa_msg_create aaa-key: username:() profile:()
    Jul 23 08:25:34 Process Request
    Jul 23 08:25:34 Client request received on conn-id:jpppd Opcode:65, Subcode:0
    Jul 23 08:25:34 authd_auth_send_answer: conn is 2c8d000 result is 0, cookie=9 sub-id=11 rply_len=28 num_tlv_blocks=0, reply code=9
    Jul 23 08:25:34 processRequestlicense not available
    Jul 23 08:25:34 authd_auth_aaa_msg_destroy
    Jul 23 08:25:34 authd_auth_aaa_msg_destructauth_aaa_msg: 0x23cd06c
    Jul 23 08:25:34 authd_write_conn: response is 0x2c8d05c, total len is 28 and sent is 0
    Jul 23 08:25:34 authd_write_conn: response is 0x2c8d05c, wrote 28 bytes

     

    The code I've used is

     

    ###Dynamic Profiles###

    set dynamic-profiles PPPoE-Profile routing-instances "$junos-routing-instance" interface "$junos-interface-name"
    set dynamic-profiles PPPoE-Profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop"
    set dynamic-profiles PPPoE-Profile routing-instances "$junos-routing-instance" routing-options access-internal route $junos-subscriber-ip-address qualified-next-hop "$junos-interface-name"
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" ppp-options chap
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" pppoe-options server
    set dynamic-profiles PPPoE-Profile interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
    set dynamic-profiles svlan-profile interfaces demux0 unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id"
    set dynamic-profiles svlan-profile interfaces demux0 unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id"
    set dynamic-profiles svlan-profile interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
    set dynamic-profiles svlan-profile interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
    set dynamic-profiles svlan-profile interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile PPPoE-Profile


    ###PPPoE Interface###
    set interfaces ge-1/1/1 description "TEST PPPoE"
    set interfaces ge-1/1/1 stacked-vlan-tagging
    set interfaces ge-1/1/1 auto-configure stacked-vlan-ranges dynamic-profile svlan-profile accept pppoe
    set interfaces ge-1/1/1 auto-configure stacked-vlan-ranges dynamic-profile svlan-profile ranges 1-4094,1-4094

     

    ###Radius Config###
    set access profile radius-user authentication-order radius
    set access profile radius-user radius authentication-server 192.168.0.1
    set access profile radius-user radius-server 192.168.0.1 secret "$9$6zvjAtOW87wYo8Xi.mf6/uO1Erv"
    set access profile radius-user radius-server 192.168.0.1 retry 4
    set access profile radius-user radius-server 192.168.0.1 source-address 192.168.0.3
    set access-profile radius-user

     

    ###Domain Maps###
    set access domain map test.org.uk aaa-routing-instance PAN
    set access domain map test.org.uk access-profile radius-user
    set access domain map test.org.uk dynamic-profile PPPoE-Profile
    set access domain map test..org.uk target-routing-instance PAN

    Does anyone have any ideas what could be causing the problems?

     

     

     



  • 2.  RE: MX10 PPPOE Subscriber Managment
    Best Answer

    Posted 07-26-2013 00:29

    Its ok turns out you only get 30day grace on the license so thats why it stopped working