Lanbilling + MX80 + IPoE

Обмен накопленными знаниями и опытом использования АСР LANBilling
nousaibot
Сообщения: 1
Зарегистрирован: 12 июл 2017, 09:49

Lanbilling + MX80 + IPoE

Сообщение nousaibot » 12 июл 2017, 10:28

Есть те у кого реализована схема Lanbilling + MX80 + IPoE, как авторизуете пользователей? (Авторизация по mac, opt82, qnq vlan и тд) поделитесь опытом.
В нашей схеме на данный момент используется связка lanbilling, ISC DHCP Server, MX80 Bras dhcp relay авторизация по mac, планируем перейти с ISC DHCP на LBinet.
У кого нибудь LBinet завелся в качестве dhcp relay?

Адресация тестового стенда:

IP 192.168.169.10/27 (Адрес аплинка)
IP 192.168.168.50/30 (Адрес заведенный в radius)
IP 192.168.168.7 (Billing, DHCP Server, Radius)

IP 192.168.168.33/28 (Шлюз для клиентской подсети 185.35.129.32/28)
IP 192.168.168.1/20 (Серая сеть для неавторизованных пользователей пул 192.168.169.0/20)

set version 13.2R2.4
set dynamic-profiles IPoE-session-profile interfaces demux0 unit "$junos-interface-unit" proxy-arp
set dynamic-profiles IPoE-session-profile interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles IPoE-session-profile interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address
set dynamic-profiles IPoE-session-profile interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
set dynamic-profiles IPoE-session-profile interfaces demux0 unit "$junos-interface-unit" family inet unnumbered-address preferred-source-address 192.168.168.50
set dynamic-profiles INET-SERVICE variables inBW default-value 10000K
set dynamic-profiles INET-SERVICE variables outBW default-value 10000K
set dynamic-profiles INET-SERVICE variables input-filter equals "'INET-' ## $inBW ## '-IN'"
set dynamic-profiles INET-SERVICE variables output-filter equals "'INET-' ## $outBW ## '-OUT'"
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" proxy-arp
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter input "$input-filter"
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter input precedence 50
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter output "$output-filter"
set dynamic-profiles INET-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter output precedence 50
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" proxy-arp
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet demux-source $junos-subscriber-ip-address
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter input LK-IN
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter input precedence 100
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter output accept-all
set dynamic-profiles LK-SERVICE interfaces demux0 unit "$junos-interface-unit" family inet filter output precedence 100
set system host-name test-mx80bras
set system time-zone Europe/Moscow

set system services dhcp-local-server traceoptions file dhcplog
set system services dhcp-local-server traceoptions file size 2m
set system services dhcp-local-server traceoptions file files 2
set system services dhcp-local-server traceoptions flag all
deactivate system services dhcp-local-server traceoptions
set system services dhcp-local-server pool-match-order external-authority
set system services dhcp-local-server pool-match-order ip-address-first
set system services dhcp-local-server authentication password rsecret
set system services dhcp-local-server authentication username-include mac-address
set system services dhcp-local-server group local dynamic-profile IPoE-session-profile
set system services dhcp-local-server group local interface ge-1/0/1.103
deactivate system services dhcp-local-server group local interface ge-1/0/1.103
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system processes general-authentication-service traceoptions file authlog
set system processes general-authentication-service traceoptions file size 2m
set system processes general-authentication-service traceoptions file files 2
set system processes general-authentication-service traceoptions flag address-assignment
set system processes general-authentication-service traceoptions flag framework
set system processes general-authentication-service traceoptions flag local-authentication
set system processes general-authentication-service traceoptions flag radius
set system processes general-authentication-service traceoptions flag configuration
set chassis aggregated-devices ethernet device-count 2
set chassis network-services enhanced-ip
set access-profile LB

set interfaces ge-1/0/0 unit 0 family inet address 192.168.169.10/27
set interfaces ge-1/0/1 vlan-tagging
set interfaces ge-1/0/1 unit 102 vlan-id 102
set interfaces ge-1/0/1 unit 103 demux-source inet
set interfaces ge-1/0/1 unit 103 proxy-arp
set interfaces ge-1/0/1 unit 103 vlan-id 103
set interfaces ge-1/0/1 unit 103 family inet unnumbered-address lo0.0
set interfaces ge-1/0/1 unit 103 family inet unnumbered-address preferred-source-address 192.168.168.50
set interfaces lo0 unit 0 family inet address 192.168.168.50/32
set interfaces lo0 unit 0 family inet address 192.168.168.33/32
set interfaces lo0 unit 0 family inet address 192.168.169.1/32


set forwarding-options dhcp-relay traceoptions file dhcprelay
set forwarding-options dhcp-relay traceoptions file size 2m
set forwarding-options dhcp-relay traceoptions file files 2
set forwarding-options dhcp-relay traceoptions flag packet
set forwarding-options dhcp-relay server-group LB 192.168.168.7
set forwarding-options dhcp-relay server-group ISC_DHCP 192.168.168.7
set forwarding-options dhcp-relay group local active-server-group ISC_DHCP
set forwarding-options dhcp-relay group local authentication password rsecret
set forwarding-options dhcp-relay group local authentication username-include mac-address
set forwarding-options dhcp-relay group local dynamic-profile IPoE-session-profile
set forwarding-options dhcp-relay group local overrides trust-option-82
set forwarding-options dhcp-relay group local interface ge-1/0/1.103

set routing-options interface-routes rib-group inet HTTP-RIB-GROUP
set routing-options static route 0.0.0.0/0 next-hop 192.168.167.1
set routing-options rib-groups HTTP-RIB-GROUP import-rib inet.0
set routing-options rib-groups HTTP-RIB-GROUP import-rib CAPTIVE-PORTAL.inet.0

set firewall family inet filter LK-IN interface-specific
set firewall family inet filter LK-IN term 1 from service-filter-hit
set firewall family inet filter LK-IN term 1 then accept
set firewall family inet filter LK-IN term 2 from destination-address 192.168.168.7/32
set firewall family inet filter LK-IN term 2 then service-filter-hit
set firewall family inet filter LK-IN term 3 from destination-port domain
set firewall family inet filter LK-IN term 3 then service-filter-hit
set firewall family inet filter LK-IN term 3 then accept
set firewall family inet filter LK-IN term 4 from protocol icmp
set firewall family inet filter LK-IN term 4 then service-filter-hit
set firewall family inet filter LK-IN term 4 then accept
set firewall family inet filter LK-IN term 5 from protocol tcp
set firewall family inet filter LK-IN term 5 from destination-port http
set firewall family inet filter LK-IN term 5 then service-filter-hit
set firewall family inet filter LK-IN term 5 then routing-instance CAPTIVE-PORTAL
set firewall family inet filter accept-all interface-specific
set firewall family inet filter accept-all term 1 then service-filter-hit
set firewall family inet filter accept-all term 1 then accept


set firewall policer POLICER-5M filter-specific
set firewall policer POLICER-5M if-exceeding bandwidth-limit 5m
set firewall policer POLICER-5M if-exceeding burst-size-limit 256k
set firewall policer POLICER-5M then discard

set firewall filter INET-5M-IN interface-specific
set firewall filter INET-5M-IN term 1 from service-filter-hit
set firewall filter INET-5M-IN term 1 then accept
set firewall filter INET-5M-IN term 2 then policer POLICER-5M
set firewall filter INET-5M-IN term 2 then service-filter-hit
set firewall filter INET-5M-IN term 2 then accept
set firewall filter INET-5M-IN term ALL then accept
set firewall filter INET-5M-OUT interface-specific
set firewall filter INET-5M-OUT term 1 from service-filter-hit
set firewall filter INET-5M-OUT term 1 then accept
set firewall filter INET-5M-OUT term 2 then policer POLICER-5M
set firewall filter INET-5M-OUT term 2 then service-filter-hit
set firewall filter INET-5M-OUT term 2 then accept
set firewall filter INET-5M-OUT term ALL then accept

set access radius-server 192.168.168.7 secret "пароль"
set access radius-server 192.168.168.7 source-address 192.168.168.50
set access profile LB accounting-order radius
set access profile LB authentication-order radius
set access profile LB radius authentication-server 192.168.168.7
set access profile LB radius accounting-server 192.168.168.7
set access profile LB accounting order radius
set access profile LB accounting immediate-update
set access profile LB accounting update-interval 10
set access profile LB accounting statistics volume-time

set access address-assignment pool Pool1 family inet network 192.168.168.32/28
set access address-assignment pool Pool1 family inet range 1 low 192.168.168.34
set access address-assignment pool Pool1 family inet range 1 high 192.168.168.46
set access address-assignment pool Pool1 family inet dhcp-attributes maximum-lease-time 3600
set access address-assignment pool Pool1 family inet dhcp-attributes domain-name terralink.su
set access address-assignment pool Pool1 family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool Pool1 family inet dhcp-attributes name-server 77.88.8.8
set access address-assignment pool Pool1 family inet dhcp-attributes router 192.168.168.33
set access address-assignment pool Pool1 family inet host staticuser1_example hardware-address "мак адрес"
set access address-assignment pool Pool1 family inet host staticuser1_example ip-address 192.168.168.34
set access address-assignment pool Blocked family inet network 192.168.169.0/20
set access address-assignment pool Blocked family inet range 1 low 192.168.169.2
set access address-assignment pool Blocked family inet range 1 high 192.168.175.254
set access address-assignment pool Blocked family inet dhcp-attributes maximum-lease-time 3600
set access address-assignment pool Blocked family inet dhcp-attributes domain-name terralink.su
set access address-assignment pool Blocked family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool Blocked family inet dhcp-attributes name-server 77.88.8.8
set access address-assignment pool Blocked family inet dhcp-attributes router 192.168.169.1

set routing-instances CAPTIVE-PORTAL instance-type virtual-router
set routing-instances CAPTIVE-PORTAL interface ge-1/0/1.102
set routing-instances CAPTIVE-PORTAL routing-options static route 0.0.0.0/0 next-hop 1.1.1.2
set routing-instances CAPTIVE-PORTAL routing-options static route 0.0.0.0/0 retain
set routing-instances INET forwarding-options dhcp-relay server-group nzr 192.168.169.2
set applications application junos-rsh application-protocol shell
set applications application junos-rsh protocol tcp
set applications application junos-rsh destination-port 514
set applications application exec application-protocol exec
set applications application exec protocol tcp
set applications application exec destination-port 512
set applications application junos-rlogin application-protocol shell
set applications application junos-rlogin protocol tcp
set applications application junos-rlogin destination-port 513
Последний раз редактировалось nousaibot 12 июл 2017, 12:44, всего редактировалось 1 раз.

Вернуться в «LANBilling: обмен опытом»

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 2 гостя