Вы находитесь на странице: 1из 4

set version 20200116.123039_builder.

r1081743
set system host-name TESTE-IPOE
set system root-authentication encrypted-password
"$6$qRnKRDiI$8KeX3yYIS7YxB/RKa8Z1DyauugbLoH2zQ3qHFaBtJndcGjmkCuM.N649bJb6PMDyTx6t0n
mUuHKiZUTgchP7Z0"
set system configuration-database max-db-size 104857600
set system services ssh root-login allow
set system services dhcp-local-server dhcpv6 overrides delete-binding-on-
renegotiation
set system services dhcp-local-server dhcpv6 overrides dual-stack DS
set system services dhcp-local-server dhcpv6 group dhcp6 interface ge-1/1/0.0
set system services dhcp-local-server pool-match-order external-authority
set system services dhcp-local-server pool-match-order ip-address-first
set system services dhcp-local-server duplicate-clients-in-subnet incoming-
interface
set system services dhcp-local-server overrides no-unicast-replies
set system services dhcp-local-server overrides delete-binding-on-renegotiation
set system services dhcp-local-server overrides dual-stack DS
set system services dhcp-local-server group dhcp4 interface ge-1/1/0.0
set system services dhcp-local-server dual-stack-group DS authentication password
JUNIPERIPOE
set system services dhcp-local-server dual-stack-group DS authentication username-
include mac-address
set system services dhcp-local-server dual-stack-group DS dynamic-profile CLIENTS-
IPoE
set system services dhcp-local-server dual-stack-group DS on-demand-address-
allocation
set system services dhcp-local-server dual-stack-group DS classification-key mac-
address
set system services dhcp-local-server dual-stack-group DS protocol-master inet
set system services dhcp-local-server dual-stack-group DS reauthenticate lease-
renewal
set system services dhcp-local-server no-stale-timer-refresh
set system services dhcp-local-server stale-timer 60
set system services subscriber-management enable
set system time-zone America/Sao_Paulo
set system radius-options password-protocol mschap-v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes general-authentication-service traceoptions file radius
set system processes general-authentication-service traceoptions flag all
set system ntp server 200.160.0.8
set chassis fpc 0 pic 0 tunnel-services bandwidth 10g
set chassis network-services enhanced-ip
set access-profile CLIENTS
set interfaces ge-1/1/0 description "xe-0/0/2 - OLT JSG"
set interfaces ge-1/1/0 flexible-vlan-tagging
set interfaces ge-1/1/0 auto-configure vlan-ranges dynamic-profile VLAN-IPoE accept
any
set interfaces ge-1/1/0 auto-configure vlan-ranges dynamic-profile VLAN-IPoE ranges
2-4000
set interfaces ge-1/1/0 auto-configure remove-when-no-subscribers
set interfaces ge-1/1/0 encapsulation flexible-ethernet-services
set interfaces ge-1/1/0 unit 65 vlan-id 62
set interfaces ge-1/1/0 unit 65 family inet address 192.168.4.1/24
set interfaces ge-1/1/2 unit 0 family inet address 10.255.192.2/24
set interfaces lo0 unit 0 family inet address 100.64.0.1/32
set interfaces lo0 unit 0 family inet6 address 2804:1270:beba:cafe::1/128
set access radius-server 35.166.241.25 port 1812
set access radius-server 35.166.241.25 accounting-port 1813
set access radius-server 35.166.241.25 secret
"$9$Y44aUikP5T3ik5F/9B1SreW87db2ZGiYgoG"
set access radius-server 35.166.241.25 timeout 10
set access radius-server 35.166.241.25 retry 5
set access radius-server 35.166.241.25 max-outstanding-requests 1500
set access profile CLIENTS authentication-order radius
set access profile CLIENTS radius authentication-server 35.166.241.25
set access profile CLIENTS radius accounting-server 35.166.241.25
set access profile CLIENTS accounting order radius
set access profile CLIENTS accounting immediate-update
set access profile CLIENTS accounting update-interval 10
set access profile CLIENTS accounting statistics volume-time
set access address-assignment pool NAT0 family inet network 100.64.0.0/24
set access address-assignment pool NAT0 family inet range IPoE-Pool low 100.64.0.2
set access address-assignment pool NAT0 family inet range IPoE-Pool high
100.64.0.254
set access address-assignment pool NAT0 family inet dhcp-attributes maximum-lease-
time 600
set access address-assignment pool NAT0 family inet dhcp-attributes name-server
8.8.8.8
set access address-assignment pool NAT0 family inet dhcp-attributes name-server
8.8.8.4
set access address-assignment pool NAT0 family inet dhcp-attributes router
100.64.0.1
set access address-assignment pool v6-1 family inet6 prefix
2804:1270:beba:cafe::/64
set access address-assignment pool v6-1 family inet6 range 10 low
2804:1270:beba:cafe::2/128
set access address-assignment pool v6-1 family inet6 range 10 high
2804:1270:beba:cafe::ffff/128
set access address-assignment pool v6-1 family inet6 dhcp-attributes maximum-lease-
time 600
set access address-assignment pool v6-1 family inet6 dhcp-attributes dns-server
2001:4860:4860::8844
set access address-assignment pool v6-1 family inet6 dhcp-attributes dns-server
2001:4860:4860::8888
set routing-options static route 0.0.0.0/0 next-hop 10.255.192.1
set protocols pppoe traceoptions file log_pppoe
set protocols pppoe traceoptions level notice
set protocols pppoe traceoptions flag all
set dynamic-profiles VLAN-IPoE routing-instances "$junos-routing-instance"
interface "$junos-interface-name" any
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" actual-transit-statistics
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-source inet
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-source inet6
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" proxy-arp
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" vlan-id "$junos-vlan-id"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" demux-options underlying-interface "$junos-underlying-interface"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" keepalives interval 30
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles VLAN-IPoE interfaces "$junos-interface-ifd-name" unit "$junos-
interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
proxy-arp
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
family inet unnumbered-address lo0.0
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
family inet unnumbered-address preferred-source-address 100.64.0.1
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
family inet6 unnumbered-address lo0.0
set dynamic-profiles CLIENTS-IPoE interfaces demux0 unit "$junos-interface-unit"
family inet6 unnumbered-address preferred-source-address 2804:1270:beba:cafe::1
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" max-advertisement-interval 900
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" min-advertisement-interval 300
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" managed-configuration
set dynamic-profiles CLIENTS-IPoE protocols router-advertisement interface "$junos-
interface-name" other-stateful-configuration
set dynamic-profiles IPV4 variables Bandwidth-IN default-value 32k
set dynamic-profiles IPV4 variables Bandwidth-IN mandatory
set dynamic-profiles IPV4 variables Bandwidth-OUT default-value 32k
set dynamic-profiles IPV4 variables Bandwidth-OUT mandatory
set dynamic-profiles IPV4 variables Burst-IN default-value 2m
set dynamic-profiles IPV4 variables Burst-OUT default-value 2m
set dynamic-profiles IPV4 variables Policer-IN uid
set dynamic-profiles IPV4 variables Policer-OUT uid
set dynamic-profiles IPV4 variables Filter-IN uid
set dynamic-profiles IPV4 variables Filter-OUT uid
set dynamic-profiles IPV4 interfaces pp0 unit "$junos-interface-unit" family inet
filter input "$Filter-IN"
set dynamic-profiles IPV4 interfaces pp0 unit "$junos-interface-unit" family inet
filter output "$Filter-OUT"
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" interface-
specific
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10 then
policer "$Policer-IN"
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10 then
accept
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" interface-
specific
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10 then
policer "$Policer-OUT"
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10 then
accept
set dynamic-profiles IPV4 firewall policer "$Policer-IN" logical-interface-policer
set dynamic-profiles IPV4 firewall policer "$Policer-IN" if-exceeding bandwidth-
limit "$Bandwidth-IN"
set dynamic-profiles IPV4 firewall policer "$Policer-IN" if-exceeding burst-size-
limit "$Burst-IN"
set dynamic-profiles IPV4 firewall policer "$Policer-IN" then discard
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" logical-interface-policer
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" if-exceeding bandwidth-
limit "$Bandwidth-OUT"
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" if-exceeding burst-size-
limit "$Burst-OUT"
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" then discard
set dynamic-profiles IPV6 variables Bandwidth-IN-V6 default-value 32k
set dynamic-profiles IPV6 variables Bandwidth-IN-V6 mandatory
set dynamic-profiles IPV6 variables Bandwidth-OUT-V6 default-value 32k
set dynamic-profiles IPV6 variables Bandwidth-OUT-V6 mandatory
set dynamic-profiles IPV6 variables Burst-IN-V6 default-value 2m
set dynamic-profiles IPV6 variables Burst-OUT-V6 default-value 2m
set dynamic-profiles IPV6 variables Policer-IN-V6 uid
set dynamic-profiles IPV6 variables Policer-OUT-V6 uid
set dynamic-profiles IPV6 variables Filter-IN-V6 uid
set dynamic-profiles IPV6 variables Filter-OUT-V6 uid
set dynamic-profiles IPV6 interfaces pp0 unit "$junos-interface-unit" family inet6
filter input "$Filter-IN-V6"
set dynamic-profiles IPV6 interfaces pp0 unit "$junos-interface-unit" family inet6
filter output "$Filter-OUT-V6"
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" interface-
specific
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term 10 then
policer "$Policer-IN-V6"
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term 10 then
accept
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6" interface-
specific
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6" term 10
then policer "$Policer-OUT-V6"
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6" term 10
then accept
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" logical-interface-
policer
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" if-exceeding bandwidth-
limit "$Bandwidth-IN-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" if-exceeding burst-
size-limit "$Burst-IN-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" then discard
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" logical-interface-
policer
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" if-exceeding
bandwidth-limit "$Bandwidth-OUT-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" if-exceeding burst-
size-limit "$Burst-OUT-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" then discard