Jump to content
Калькуляторы

Juniper MX PPPoE

Здравствуйте.

Имеется Juniper MX-204 в качестве PPPoE терминатора. При подключении юзера соединение завершается с ошибкой 734. Radius отдает access accept.

 

Конфиг:

 

system {
    configuration-database {
        max-db-size 104857600;
    }

    services {                          
        telnet;
        subscriber-management {
            enable;
        }
    }
    auto-configuration {
        traceoptions {
            file autoconf.log size 10m files 10;
            level verbose;
            flag all;
        }
    }
    processes {
        general-authentication-service {
            traceoptions {
                file authlog.log size 10m files 10;
                flag radius;
                flag all;
                flag address-assignment;
                flag framework;
                flag local-authentication;
                flag configuration;
            }                           
        }
    }
}
dynamic-profiles {
    PPPoE_Profile {
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    ppp-options {
                        chap;
                        pap;
                      

                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    keepalives interval 60;
                    family inet {
                        filter {
                            input "$junos-input-filter";
                            output "$junos-output-filter";
                        }               
                        unnumbered-address xe-0/1/2.605;
                    }
                }
            }
        }
    }
}
chassis {
    network-services enhanced-ip;
}
services {
    l2tp;
}
access-profile PPPoE_Access;
interfaces {
    xe-0/1/0 {
        flexible-vlan-tagging;
        native-vlan-id 1;
        unit 0 {
            vlan-id 1;
            family inet {
                address 192.168.1.5/24;
            }                           
        }
        unit 105 {
            vlan-id 105;
            family inet {
                address 10.0.0.5/29;
            }
        }
        unit 223 {
            encapsulation ppp-over-ether;
            vlan-id 223;
            pppoe-underlying-options {
                duplicate-protection;
                dynamic-profile PPPoE_Profile;
            }
        }
    }
    xe-0/1/2 {
        flexible-vlan-tagging;
        unit 605 {
            vlan-id 605;
            family inet {
                filter {                
                    input allow_telnet;
                }
                address x.x.x.x/30;
            }
        }
    }
}
routing-options {
    static {
        route 192.168.2.0/24 next-hop 192.168.1.6;
    }
}
protocols {
    ppp {
        traceoptions {
            file ppp.log size 10m files 10;
            level all;
            flag all;
        }
    }
    pppoe {
        traceoptions {
            file pppoe.log size 10m files 10;
            level all;
            flag all;
        }
        service-name-tables pppoe-table {
            service any {
                terminate;
            }
            service empty {
                terminate;
            }
        }
    }
}
access {
    radius-server {
        192.168.2.41 {
            port 1812;
            accounting-port 1813;
            secret "$9$9iT-CORrlMXNbvWb2oGq.Fn/CO1ylK7db"; ## SECRET-DATA
            source-address 192.168.1.5;
        }
    }
    profile PPPoE_Access {
        authentication-order radius;
        domain-name-server {
            8.8.8.8;
        }
        address-assignment {
            pool 1;
        }
        radius {
            authentication-server 192.168.2.41;
            options {
                nas-identifier DS_BRAS;
                calling-station-id-format {
                    nas-identifier;
                    vlan;
                }
                revert-interval 0;
                chap-challenge-in-request-authenticator;
            }
        }
        accounting {
            order radius;
            update-interval 10;
            statistics volume-time;
        }
    }
    address-assignment {
        pool 1 {
            family inet {
                network 100.64.0.0/19;
                range 1 {
                    low 100.64.0.1;
                    high 100.64.8.255;
                }
            }                           
        }
    }
}

 

В чем может быть причина?

Спасибо.

authlog.txt

Edited by d.master

Share this post


Link to post
Share on other sites

On 6/24/2022 at 3:58 PM, d.master said:

В чем может быть причина?

Jun 24 08:35:48.245165 SEQ RecvClientMsg:jpppd-client session-id:98 Opcode:3, Subcode:15 (SESSION_LOGOUT)
Jun 24 08:35:48.245174 Setting terminate ID to 100c2
Jun 24 08:35:48.245186 Decoding incoming attributes
Jun 24 08:35:48.245193 Begin to logout Subscriber
 

 

предположу что у вас не согласуются какие-то параметры ppp. Попробуйте снять дамп согласования сессии , может там будет что-нить видно 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.