Either configure the DHCP server to match the option 82 VLAN tags (and serve up a lease for the "static" IP space), or configure specific VLAN tag combos under the interface (in your case et-0/0/0). For example:
et-0/0/0 { flexible-vlan-tagging; auto-configure { stacked-vlan-ranges { dynamic-profile l2-profile { accept [ dhcp-v4 dhcp-v6 ]; ranges { any } } access-profile access-profile-1; } remove-when-no-subscribers; } unit 10 { vlan-tags outer 2002 inner 200; family inet { address 192.168.200.1/30; } } On Thu, Jul 4, 2019 at 10:10 AM Baldur Norddahl <bal...@gigabit.dk> wrote: > Hello > > I am new to Juniper MX. I successfully managed to configure customer > vlan with dynamic profiles for dhcp users. I attached the important > parts of the configuration at the end of this message. > > In the real network we are using q-in-q double tagged vlans, but to make > thing simple I am working with single tagged vlans for my lab. We have > customers vlan, which is each customer has a unique vlan combination. > > My configuration will first cause a radius server to be queried for the > validity of the vlan. Then the DHCP server is queried and finally the > subscriber is active. This is working now. > > The problem is that I want customers to be able to configure without > using DHCP. Each customer has a static IP configuration. When using DHCP > the customer will always get the same IP address. We then tell the user > that he can optionally use DHCP. Or he can use a static configuration if > he likes that better. > > This is an existing ISP network working as described. We are working to > replace the old BRAS with Juniper MX204. So it would be nice if we can > keep it working like it is today. > > I am a bit stuck on where to go from here. Most of the examples I find > are all assuming DHCP. I am thinking that it should be possible to > supply the customer IP address via Radius instead of DHCP. > > If needed, I could find out which users are using static configuration > without DHCP and then have Radius return something different for those > users. > > Anyone have some advice for me? > > Regards, > > Baldur > > The working DHCP configuration: > > system { > services { > subscriber-management { > maintain-subscriber { > interface-delete; > } > enable; > } > } > dynamic-profile-options { > versioning; > } > } > chassis { > network-services enhanced-ip; > } > access-profile rad; > interfaces { > et-0/0/0 { > flexible-vlan-tagging; > auto-configure { > vlan-ranges { > dynamic-profile DYNINTF-1VLANS-DHCP-INET { > accept any; > ranges { > any; > } > } > authentication { > password 12345678; > username-include { > user-prefix vlan; > vlan-tags; > } > } > access-profile rad; > } > } > lo0 { > unit 0 { > family inet { > address 1.2.3.4/32; > } > } > } > } > forwarding-options { > dhcp-relay { > server-group { > dhcp-group-1 { > 1.2.3.5; > } > } > active-server-group dhcp-group-1; > group dhcp-group-1 { > relay-option-82; > interface et-0/0/0.0; > } > } > } > access { > radius-server { > 1.2.3.6 { > secret "xxx"; ## SECRET-DATA > source-address 1.2.3.4; > } > } > profile rad { > accounting-order radius; > authentication-order radius; > radius { > authentication-server 1.2.3.6; > accounting-server 1.2.3.6; > options { > revert-interval 0; > } > } > accounting { > order radius; > immediate-update; > update-interval 15; > } > } > } > dynamic-profiles { > DYNINTF-1VLANS-DHCP-INET { > interfaces { > "$junos-interface-ifd-name" { > unit "$junos-interface-unit" { > proxy-arp restricted; > vlan-id "$junos-vlan-id"; > family inet { > unnumbered-address lo0.0; > } > } > } > } > } > } > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp