set interfaces xe-x/x/x gigether-options 802.3ad ae1
set interfaces xe-x/x/x gigether-options 802.3ad ae1
set interfaces ae1 flexible-vlan-tagging
set interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile ae-dual-vlan accept pppoe
set interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile ae-dual-vlan ranges any,any
set interfaces ae1 auto-configure vlan-ranges dynamic-profile ae-single-vlan accept pppoe
set interfaces ae1 auto-configure vlan-ranges dynamic-profile ae-single-vlan ranges any
set interfaces ae1 auto-configure remove-when-no-subscribers
set interfaces ae1 encapsulation flexible-ethernet-services
set interfaces ae1 aggregated-ether-options lacp active
二、定义接入模板对PPPoE用户进行认证
set access profile none-auth authentication-order none
set access profile DRcom authentication-order radius
set access profile DRcom radius authentication-server x.x.x.x
set access profile DRcom radius accounting-server x.x.x.x
set access profile DRcom radius options nas-port-id-format nas-identifier
set access profile DRcom radius options nas-port-id-format interface-description
set access profile DRcom radius-server x.x.x.x secret "$9$q.PTFnCu0IQF1hSyKvoJZj.P"
set access profile DRcom radius-server x.x.x.x source-address x.x.x.x
set access profile DRcom accounting order radius
set access profile DRcom accounting accounting-stop-on-failure
set access profile DRcom accounting accounting-stop-on-access-deny
set access profile DRcom accounting immediate-update
set access profile DRcom accounting update-interval 10
set access profile DRcom accounting statistics volume-time
set access domain map default target-routing-instance Internet
三、定义认证及上线用户的VPN实例
set routing-instances Internet routing-options static route x.x.x.x/24 discard
set routing-instances Internet instance-type vrf
set routing-instances Internet access address-assignment pool 1000M_200M family inet network x.x.x.x/24
set routing-instances Internet access address-assignment pool 1000M_200M family inet range 1 low x.x.x.x
set routing-instances Internet access address-assignment pool 1000M_200M family inet range 1 high x.x.x.x
set routing-instances Internet access address-assignment pool 1000M_200M family inet xauth-attributes primary-dns x.x.x.x/32
set routing-instances Internet access address-assignment pool 1000M_200M family inet xauth-attributes secondary-dns x.x.x.x/32
set routing-instances Internet access-profile DRcom
set routing-instances Internet interface lo0.1
set routing-instances Internet route-distinguisher xxxx:100
set routing-instances Internet vrf-import Internet_IM
set routing-instances Internet vrf-export Internet_EX
set routing-instances Internet vrf-target target:xx:100
set routing-instances Internet vrf-table-label
四、定义动态模板动态创建PPPoE接口
set dynamic-profiles pppoe-vrf-phy predefined-variable-defaults input-filter 4m
set dynamic-profiles pppoe-vrf-phy predefined-variable-defaults output-filter 4m
set dynamic-profiles pppoe-vrf-phy routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" no-traps
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length minimum 16
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length maximum 16
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" ppp-options pap
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" pppoe-options server
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" keepalives interval 180
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" family inet filter input "$junos-input-filter"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" family inet filter output "$junos-output-filter"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles pppoe-vrf-ae predefined-variable-defaults input-filter 4m
set dynamic-profiles pppoe-vrf-ae predefined-variable-defaults output-filter 4m
set dynamic-profiles pppoe-vrf-ae routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" no-traps
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length minimum 16
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length maximum 16
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" ppp-options pap
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" pppoe-options server
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" targeted-distribution
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" family inet filter input "$junos-input-filter"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" family inet filter output "$junos-output-filter"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-phy
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-phy
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id"
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-ae
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-ae
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
五、定义限速策略
跟radius授权的报文对应
set firewall policer bw-4m if-exceeding bandwidth-limit 4m
set firewall policer bw-4m if-exceeding burst-size-limit 512k
set firewall policer bw-4m then discard
set firewall policer bw-1000m if-exceeding bandwidth-limit 1g
set firewall policer bw-1000m if-exceeding burst-size-limit 50m
set firewall policer bw-1000m then discard
set firewall policer bw-200m if-exceeding bandwidth-limit 200m
set firewall policer bw-200m if-exceeding burst-size-limit 10m
set firewall family inet filter 4m interface-specific
set firewall family inet filter 4m term 1 then policer bw-4m
set firewall family inet filter 4m term 1 then accept
set firewall family inet filter 200M interface-specific
set firewall family inet filter 200M term 1 then policer bw-200m
set firewall family inet filter 200M term 1 then accept
set firewall family inet filter 1000M interface-specific
set firewall family inet filter 1000M term 1 then policer bw-1000m
set firewall family inet filter 1000M term 1 then accept
