Configuring Duplicate Ipv6 Prefix Check; Propagation Of Lag Subscriber Information To Aaa And Radius - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual
Software for e series broadband services routers broadband access configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12:
- Configuration manual (750 pages)
Table of Contents
Advertisement
JunosE 11.3.x Broadband Access Configuration Guide
Related
Documentation
Configuring Duplicate IPv6 Prefix Check
Related
Documentation
Propagation of LAG Subscriber Information to AAA and RADIUS
90
In some network environments where the same customer logs in from multiple locations,
terminating sessions with duplicate IPv6 prefixes might result in breaking subscriber
setup. The duplicate IPv6 prefix-check capability is disabled by default.
If a duplicate prefix is detected by AAA before a subscriber is granted access, the
subscriber is denied access. However in some cases, when two subscribers having the
same IPv6 prefix log in simultaneously, the duplicate might be detected only after access
is granted to both subscribers. AAA terminates the duplicate subscriber session
immediately upon detecting the duplicate IPv6 prefix.
NOTE: AAA cannot detect duplicates of overlapping IPv6 prefixes.
Configuring Duplicate IPv6 Prefix Check on page 90
Configuring Standard RADIUS IPv6 Attributes for IPv6 Neighbor Discovery Router
Advertisements and DHCPv6 Prefix Delegation
You can enable detection of duplicates of IPv6 Neighbor Discovery router advertisement
prefixes and DHCPv6 delegated prefixes.
To enable detection of duplicate IPv6 prefixes:
From Global Configuration mode, enable the prefix-checking capability.
host1(config)#aaa duplicate-prefix-check enable
aaa duplicate-prefix-check
Duplicate IPv6 Prefix Check Overview on page 89
The RADIUS application sends the link aggregation group (LAG) interface ID to the
RADIUS server when the subscriber is connected over LAG in DHCP standalone
authenticate mode. In DHCP standalone authenticate mode, the DHCP local server
enables you to configure AAA-based authentication of standalone mode DHCP clients.
In addition to providing increased security, AAA authentication also provides
RADIUS-based input to IP address pool selection for standalone mode clients. The
RADIUS applications use the LAG interface ID to create the Acct-Session-Id,
Nas-Port-Type, Nas-Port-Id, Nas-Port, and Calling-Station-Id attributes and send them
to the RADIUS server in the Access-Request, Acct-Start, and Acct-Stop messages.
The RADIUS client uses one of the following LAG interface ID formats:
lag lag-name [.subinterface [:vlan]]
or
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
