Designating Traffic For The Primary Ip Interface; Using Framed Routes; Inheritance Of Mac Address Validation State For Dynamic Subscriber Interfaces - Juniper JUNOSE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-4-2010 Configuration Manual
For e series broadband services routers - broadband access
Table of Contents
Advertisement
not in the demultiplexer table. In this case, the primary IP interface must be in
autoconfiguration mode.
Packet detection is the only method of dynamically creating subscriber interfaces
on GRE tunnel interfaces; you cannot use DHCP local server or DHCP external server.
Issuing the ip auto-configure ip-subscriber command configures the primary IP
address to enable dynamic configuration of subscriber interfaces. Unlike DHCP
configurations, the router creates the dynamic subscriber interface when it receives
the first packet that contains the subscriber's IP address as the source address.
In addition, a dynamic subscriber interface becomes inactive after a period of time
in which the router receives no packets that contain the subscriber's IP address as
the source address. You can configure the period of time by issuing the ip
inactivity-timer command.
To configure dynamic creation of subscriber interfaces on GRE tunnel interfaces, see
"Configuring Dynamic Subscriber Interfaces" on page 622.
Designating Traffic for the Primary IP Interface
When dynamic creation of subscriber interfaces is enabled on the primary IP interface
(by means of the ip auto-configure ip-subscriber command), you can use the ip
source-prefix command to specify the source address of traffic that is destined for
the primary IP interface instead of the subscriber interface. If the DHCP server (for
DHCP server configurations) or the router (for packet detection configurations) then
assigns a subscriber an IP address matching this source prefix, the router does not
create a dynamic subscriber interface for that address.
Using Framed Routes
You can use the ip use-framed-routes ip-subscriber command to enable a primary
IP interface to use framed routes as source IP addresses when creating dynamic
subscriber interfaces. The framed routes are applied to the dynamic subscriber
interface during configuration so traffic from the subsets can traverse the interface.
By applying framed routes in this fashion, you can extend the per-subscriber interface
management to any subnetworks behind the dynamic subscriber interface. RADIUS
includes the Framed-Route attribute [22] in Access-Accept messages to specify the
route in the following format:
Inheritance of MAC Address Validation State for Dynamic Subscriber Interfaces
A dynamic IP subscriber interface inherits the MAC address validation state (enabled
or disabled) configured for its parent static primary IP interface.
MAC address validation binds a MAC source address for an interface to a given IP
source address. When the IP-MAC binding is established, the router forwards ingress
packets on the interface when the packet's MAC source address and IP source address
match, and drops ingress packets when the packet's MAC source address and IP
source address do not match. MAC address validation thereby prevents spoofing on
Framed-Route = ipAddress/mask nextHop
Chapter 25: Configuring Subscriber Interfaces
Dynamic Creation of Subscriber Interfaces
613
Advertisement
Table of Contents
Troubleshooting
