通信人家园

 找回密码
 注册

只需一步,快速开始

短信验证,便捷登录

搜索

军衔等级:

  新兵

注册:2024-2-22
跳转到指定楼层
1#
发表于 2024-11-27 10:55:23 |只看该作者 |倒序浏览
本帖最后由 zjb0702 于 2024-11-27 10:56 编辑

一、定义下联OLT的接口


set interfaces xe-x/x/x gigether-options 802.3ad ae1
set interfaces xe-x/x/x gigether-options 802.3ad ae1
set interfaces ae1 flexible-vlan-tagging
set interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile ae-dual-vlan accept pppoe
set interfaces ae1 auto-configure stacked-vlan-ranges dynamic-profile ae-dual-vlan ranges any,any
set interfaces ae1 auto-configure vlan-ranges dynamic-profile ae-single-vlan accept pppoe
set interfaces ae1 auto-configure vlan-ranges dynamic-profile ae-single-vlan ranges any
set interfaces ae1 auto-configure remove-when-no-subscribers
set interfaces ae1 encapsulation flexible-ethernet-services
set interfaces ae1 aggregated-ether-options lacp active


二、定义接入模板对PPPoE用户进行认证


set access profile none-auth authentication-order none
set access profile DRcom authentication-order radius
set access profile DRcom radius authentication-server x.x.x.x
set access profile DRcom radius accounting-server x.x.x.x
set access profile DRcom radius options nas-port-id-format nas-identifier
set access profile DRcom radius options nas-port-id-format interface-description
set access profile DRcom radius-server x.x.x.x secret "$9$q.PTFnCu0IQF1hSyKvoJZj.P"
set access profile DRcom radius-server x.x.x.x source-address x.x.x.x
set access profile DRcom accounting order radius
set access profile DRcom accounting accounting-stop-on-failure
set access profile DRcom accounting accounting-stop-on-access-deny
set access profile DRcom accounting immediate-update
set access profile DRcom accounting update-interval 10
set access profile DRcom accounting statistics volume-time
set access domain map default target-routing-instance Internet


三、定义认证及上线用户的VPN实例


set routing-instances Internet routing-options static route x.x.x.x/24 discard
set routing-instances Internet instance-type vrf
set routing-instances Internet access address-assignment pool 1000M_200M family inet network x.x.x.x/24
set routing-instances Internet access address-assignment pool 1000M_200M family inet range 1 low x.x.x.x
set routing-instances Internet access address-assignment pool 1000M_200M family inet range 1 high x.x.x.x
set routing-instances Internet access address-assignment pool 1000M_200M family inet xauth-attributes primary-dns x.x.x.x/32
set routing-instances Internet access address-assignment pool 1000M_200M family inet xauth-attributes secondary-dns x.x.x.x/32
set routing-instances Internet access-profile DRcom
set routing-instances Internet interface lo0.1
set routing-instances Internet route-distinguisher xxxx:100
set routing-instances Internet vrf-import Internet_IM
set routing-instances Internet vrf-export Internet_EX
set routing-instances Internet vrf-target target:xx:100
set routing-instances Internet vrf-table-label


四、定义动态模板动态创建PPPoE接口


set dynamic-profiles pppoe-vrf-phy predefined-variable-defaults input-filter 4m
set dynamic-profiles pppoe-vrf-phy predefined-variable-defaults output-filter 4m
set dynamic-profiles pppoe-vrf-phy routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" no-traps
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length minimum 16
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length maximum 16
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" ppp-options pap
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" pppoe-options server
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" keepalives interval 180
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" family inet filter input "$junos-input-filter"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" family inet filter output "$junos-output-filter"
set dynamic-profiles pppoe-vrf-phy interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles pppoe-vrf-ae predefined-variable-defaults input-filter 4m
set dynamic-profiles pppoe-vrf-ae predefined-variable-defaults output-filter 4m
set dynamic-profiles pppoe-vrf-ae routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" no-traps
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length minimum 16
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" ppp-options chap challenge-length maximum 16
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" ppp-options pap
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" pppoe-options server
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" targeted-distribution
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" family inet filter input "$junos-input-filter"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" family inet filter output "$junos-output-filter"
set dynamic-profiles pppoe-vrf-ae interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-phy
set dynamic-profiles phy-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-phy
set dynamic-profiles phy-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags outer "$junos-stacked-vlan-id"
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" vlan-tags inner "$junos-vlan-id"
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-ae
set dynamic-profiles ae-dual-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" no-traps
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-interface-ifd-name"
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe duplicate-protection
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe dynamic-profile pppoe-vrf-ae
set dynamic-profiles ae-single-vlan interfaces demux0 unit "$junos-interface-unit" family pppoe short-cycle-protection


五、定义限速策略
跟radius授权的报文对应


set firewall policer bw-4m if-exceeding bandwidth-limit 4m
set firewall policer bw-4m if-exceeding burst-size-limit 512k
set firewall policer bw-4m then discard
set firewall policer bw-1000m if-exceeding bandwidth-limit 1g
set firewall policer bw-1000m if-exceeding burst-size-limit 50m
set firewall policer bw-1000m then discard
set firewall policer bw-200m if-exceeding bandwidth-limit 200m
set firewall policer bw-200m if-exceeding burst-size-limit 10m


set firewall family inet filter 4m interface-specific
set firewall family inet filter 4m term 1 then policer bw-4m
set firewall family inet filter 4m term 1 then accept
set firewall family inet filter 200M interface-specific
set firewall family inet filter 200M term 1 then policer bw-200m
set firewall family inet filter 200M term 1 then accept
set firewall family inet filter 1000M interface-specific
set firewall family inet filter 1000M term 1 then policer bw-1000m
set firewall family inet filter 1000M term 1 then accept



举报本楼

本帖有 3 个回帖,您需要登录后才能浏览 登录 | 注册
您需要登录后才可以回帖 登录 | 注册 |

手机版|C114 ( 沪ICP备12002291号-1 )|联系我们 |网站地图  

GMT+8, 2024-12-22 00:13 , Processed in 0.405915 second(s), 16 queries , Gzip On.

Copyright © 1999-2023 C114 All Rights Reserved

Discuz Licensed

回顶部