Packet-Triggered абоненты

@MX BNG
пример конфигурации
Версия v0.1 (21.01.2019)

Содержание
Цель..............................................................................................................................................................................2
Топология ....................................................................................................................................................................2
Железо и софт .............................................................................................................................................................3
Конфигурация – физический интерфейс...................................................................................................................3
Конфигурация – динамический профиль (для сессии) ...........................................................................................4
Конфигурация – динамический профиль (для сервиса) .........................................................................................5
Конфигурация – Радиус ..............................................................................................................................................6
Проверка......................................................................................................................................................................6
Полная конфигурация MX BNG ................................................................................................................................14
Полная конфигурация EX4550..................................................................................................................................20

1
Цель
Зафиксировать рабочую конфигурация MX BNG для packet-triggered абонентов (directly-
connected и non-directly-connected).

Топология

Radius

Vlan 30
192.168.30.2
192.168.30.1

MX80
EX4550 xe-0/0/0 xe-0/0/0
BNG
Vlan 10
192.168.10.1

192.168.20.1 xe-0/0/1 192.168.40.1

xe-0/0/2

10g 10g
Vlan 40
Vlan 20

192.168.20.2 192.168.10.2 192.168.40.2

iXia port1 iXia port2

Uplink
192.168.10.2 (vlan 10) – directly connected subscriber
192.168.20.2 (vlan 20) – non-directly connected subscriber

Абонент во влане 10 имеет Layer2 связность с MX (=влан 10 проходит через EX4550 на уровне
Layer2 и терминируется на MX). Абонент во влане 20 не имеет Layer2 связности с MX (=влан 20
терминируется на EX4550).
Настройки маршрутизации:

matvey@ex4550-3# show routing-options static

...
/* -- route to Uplink */
route 192.168.40.0/24 next-hop 192.168.30.1;

matvey@mx80-27# show routing-options static

...
/* -- non-directly connected subscribers */
route 192.168.20.0/24 next-hop 192.168.30.2;

2
Железо и софт
matvey@mx80-27# run show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis G6846 MX80-P
Midplane REV 03 711-044315 CABR1821 MX80-P
PEM 0 Rev 05 740-028288 XH07739 AC Power Entry Module
PEM 1 Rev 03 740-028288 UE00180 AC Power Entry Module
Routing Engine BUILTIN BUILTIN Routing Engine
TFEB 0 BUILTIN BUILTIN Forwarding Engine Processor
QXM 0 REV 06 711-028408 CABP0309 MPC QXM
FPC 0 BUILTIN BUILTIN MPC BUILTIN
MIC 0 BUILTIN BUILTIN 4x 10GE XFP
PIC 0 BUILTIN BUILTIN 4x 10GE XFP
Xcvr 0 NON-JNPR T15F10289 XFP-10G-SR
Xcvr 1 REV 01 740-011571 C728XJ037 XFP-10G-SR
FPC 1 BUILTIN BUILTIN MPC BUILTIN
MIC 0 REV 24 750-028392 YR8017 3D 20x 1GE(LAN) SFP
PIC 0 BUILTIN BUILTIN 10x 1GE(LAN) SFP
PIC 1 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Fan Tray Fan Tray

matvey@mx80-27# run show version

Hostname: mx80-27
Model: mx80-p
Junos: 18.3R1-S1.4

Конфигурация – физический интерфейс

matvey@mx80-27# show interfaces xe-0/0/0
description "-- to EX";
flexible-vlan-tagging;
mtu 9000;
encapsulation flexible-ethernet-services;
gigether-options {
no-flow-control;
}
unit 10 {
demux {
inet {
address source; // смотрим на source IP адрес
auto-configure {
address-ranges {
dynamic-profile PKTS-DYN-PROFILE-2 {
network 192.168.10.0/24 { // влан 10, ждем абонентов из 192.168.10.x
range R1 {
low 192.168.10.2/32;
high 192.168.10.254/32;
}
}
}
3
 authentication {
password juniper;
username-include {
source-address; // имя абонента = source IP адрес
}
}
}
}
}
}
vlan-id 10;
family inet {
unnumbered-address lo0.0 preferred-source-address 192.168.10.1;
}
}
unit 30 {
demux {
inet {
address source; // смотрим на source IP адрес
auto-configure {
address-ranges {
dynamic-profile PKTS-DYN-PROFILE-2 {
network 192.168.20.0/24 { // влан 20, ждем абонентов из 192.168.20.x
range R1 {
low 192.168.20.2/32;
high 192.168.20.254/32;
}
}
}
authentication {
password juniper;
username-include {
source-address; // имя абонента = source IP адрес
}
}
}
}
}
}
vlan-id 30;
family inet {
address 192.168.30.1/30;
}
}

Заметим, что применяемый динамический профиль (PKTS-DYN-PROFILE-2) – один и тот же

в обоих случаях (для влана 10 и для влана 20).

Конфигурация – динамический профиль (для сессии)

Packet-triggered абоненты создаются как саб-интерфейсы интерфейса demux0:

matvey@mx80-27# show dynamic-profiles PKTS-DYN-PROFILE-2

4
 interfaces {
demux0 { // demux0, и это единственный вариант
unit "$junos-interface-unit" {
actual-transit-statistics;
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-demux-ip-address; // правильная переменная именно такая
}
unnumbered-address lo0.0 preferred-source-address 192.168.10.1;
}
}
}
}

matvey@mx80-27# show interfaces lo0

description "-- loopback";
unit 0 {
family inet {
address 192.177.0.49/32 {
preferred;
}
address 127.0.0.1/32;
address 192.168.10.1/32; // дополнительный адрес на лупбэке
}
}

Конфигурация – динамический профиль (для сервиса)

Динамический профиль для сервиса RATE-LIMIT – совершенно стандартный (т.е. никакой
packet-triggered специфики в нем нет).

matvey@mx80-27# show dynamic-profiles RATE-LIMIT

variables {
var-bw mandatory;
var-burst equals "round($var-bw*6/80)";
inter-ff-in uid;
inter-ff-out uid;
inter-plr uid;
}
interfaces {
demux0 {
unit "$junos-underlying-interface-unit" {
family inet {
filter {
input "$inter-ff-in" precedence 100;
output "$inter-ff-out" precedence 100;
}
}
}
}
5
 }
firewall {
family inet {
filter "$inter-ff-in" {
interface-specific;
term 1 {
then {
policer "$inter-plr";
service-accounting;
accept;
}
}
term 2 {
then accept;
}
}
filter "$inter-ff-out" {
interface-specific;
term 1 {
then {
policer "$inter-plr";
service-accounting;
accept;
}
}
term 2 {
then accept;
}
}
}
policer "$inter-plr" {
logical-interface-policer;
if-exceeding {
bandwidth-limit "$var-bw";
burst-size-limit "$var-burst";
}
then discard;
}
}

Конфигурация – Радиус
Авторизуем абонентов с любым логином и паролем, дополнительно навешивая на
абонентскую сессию сервис RATE-LIMIT с ограничением скорости 50 mbps.

root@freeradius-5:/etc/freeradius# cat users

DEFAULT Auth-Type := Accept
ERX-Service-Activate:1 += "RATE-LIMIT( 50000000 )",
ERX-Service-Statistics:1 += time-volume

Проверка

6
 Проверку выполняем с помощью трафик-генератора.

Создаем два потока трафика:

1) Source IP address = 192.168.10.2 (влан 10), Destination IP address = 192.168.40.2
2) Source IP address = 192.168.20.2 (влан 20), Destination IP address = 192.168.40.2

Скорость каждого потока – 100 mbps

Запускаем оба потока.

Диагностика с трафик-генератора: генерируем 100 mbps, через абонентcкие сессии проходит
50 mbps. Результат ожидаемый, т.к. у нас на сессиях висит сервис RATE-LIMIT с полосой 50 mbps:

7
Диагностика с MX BNG:

matvey@mx80-27# run set cli timestamp

Jan 21 14:00:45
CLI timestamp set to: %b %d %T

matvey@mx80-27# run show subscribers

Jan 21 14:00:47
Interface IP Address/VLAN ID User Name LS:RI
demux0.3221225474 192.168.10.2 192.168.10.2 default:default
demux0.3221225475 192.168.20.2 192.168.20.2 default:default

matvey@mx80-27# run show subscribers detail

Jan 21 14:00:56
Type: DYN-IP
User Name: 192.168.10.2
IP Address: 192.168.10.2
Logical System: default
Routing Instance: default
Interface: demux0.3221225474
Interface type: Dynamic
Underlying Interface: xe-0/0/0.10
Interface description: -- to EX
Dynamic Profile Name: PKTS-DYN-PROFILE-2
Dynamic Profile Version: 1
MAC Address: 00:11:01:00:00:01
State: Active
Radius Accounting ID: 5
Session ID: 5
PFE Flow ID: 10
VLAN Id: 10
Login Time: 2019-01-21 13:58:05 CET
Service Sessions: 1

Type: DYN-IP
User Name: 192.168.20.2
IP Address: 192.168.20.2
Logical System: default
Routing Instance: default
Interface: demux0.3221225475
Interface type: Dynamic
Underlying Interface: xe-0/0/0.30
Interface description: -- to EX
Dynamic Profile Name: PKTS-DYN-PROFILE-2
Dynamic Profile Version: 1
MAC Address: 3c:8a:b0:10:11:41
State: Active
Radius Accounting ID: 6
Session ID: 6
PFE Flow ID: 12
VLAN Id: 30
Login Time: 2019-01-21 13:58:05 CET
Service Sessions: 1
8
matvey@mx80-27# run show subscribers extensive | no-more
Jan 21 14:01:20
Type: DYN-IP
User Name: 192.168.10.2
IP Address: 192.168.10.2
Logical System: default
Routing Instance: default
Interface: demux0.3221225474
Interface type: Dynamic
Underlying Interface: xe-0/0/0.10
Interface description: -- to EX
Dynamic Profile Name: PKTS-DYN-PROFILE-2
Dynamic Profile Version: 1
MAC Address: 00:11:01:00:00:01
State: Active
Radius Accounting ID: 5
Session ID: 5
PFE Flow ID: 10
VLAN Id: 10
Login Time: 2019-01-21 13:58:05 CET
Service Sessions: 1
Accounting interval: 600

Service Session ID: 7

Service Session Name: RATE-LIMIT
Service Session Version: 1
State: Active
Family: inet
Service session type: Service-Profile
IPv4 Input Filter Name: inter-ff-in_UID1004-demux0.3221225474-in
IPv4 Output Filter Name: inter-ff-out_UID1005-demux0.3221225474-out
Service Activation time: 2019-01-21 13:58:05 CET
Accounting interval service: 600
Dynamic configuration:
inter-ff-in: inter-ff-in_UID1004
inter-ff-out: inter-ff-out_UID1005
inter-plr: inter-plr_UID1003
var-burst: 3750000
var-bw: 50000000

Type: DYN-IP
User Name: 192.168.20.2
IP Address: 192.168.20.2
Logical System: default
Routing Instance: default
Interface: demux0.3221225475
Interface type: Dynamic
Underlying Interface: xe-0/0/0.30
Interface description: -- to EX
Dynamic Profile Name: PKTS-DYN-PROFILE-2
Dynamic Profile Version: 1
MAC Address: 3c:8a:b0:10:11:41
9
State: Active
Radius Accounting ID: 6
Session ID: 6
PFE Flow ID: 12
VLAN Id: 30
Login Time: 2019-01-21 13:58:05 CET
Service Sessions: 1
Accounting interval: 600

Service Session ID: 8

Service Session Name: RATE-LIMIT
Service Session Version: 1
State: Active
Family: inet
Service session type: Service-Profile
IPv4 Input Filter Name: inter-ff-in_UID1004-demux0.3221225475-in
IPv4 Output Filter Name: inter-ff-out_UID1005-demux0.3221225475-out
Service Activation time: 2019-01-21 13:58:05 CET
Accounting interval service: 600
Dynamic configuration:
inter-ff-in: inter-ff-in_UID1004
inter-ff-out: inter-ff-out_UID1005
inter-plr: inter-plr_UID1003
var-burst: 3750000
var-bw: 50000000

matvey@mx80-27# run show interfaces demux0.3221225474 extensive | match Filter

Jan 21 14:01:51
Input Filters: inter-ff-in_UID1004-demux0.3221225474-in (100)
Output Filters: inter-ff-out_UID1005-demux0.3221225474-out (100)

matvey@mx80-27# run show interfaces demux0.3221225475 extensive | match Filter

Input Filters: inter-ff-in_UID1004-demux0.3221225475-in (100)
Output Filters: inter-ff-out_UID1005-demux0.3221225475-out (100)

matvey@mx80-27# run show network-access aaa subscribers

Jan 21 14:02:03
Username Logical system/Routing instance Client type Session-ID
192.168.10.2 default:default dyn-ip 5
192.168.20.2 default:default dyn-ip 6

matvey@mx80-27# run show network-access aaa subscribers session-id 5

Jan 21 14:02:43
Logical system/Routing instance Client type Session-ID Session uptime Accounting
default:default dyn-ip 5 00:04:38 on/volume+time
Service name Service type Quota Accounting
RATE-LIMIT(50000000) -na- -na- on/volume+time

matvey@mx80-27# run show network-access aaa subscribers session-id 6

Jan 21 14:02:46
Logical system/Routing instance Client type Session-ID Session uptime Accounting
default:default dyn-ip 6 00:04:41 on/volume+time
Service name Service type Quota Accounting
10
RATE-LIMIT(50000000) -na- -na- on/volume+time

matvey@mx80-27# run show network-access aaa subscribers session-id 5 detail

Jan 21 14:03:04
Type: dyn-ip
Username: 192.168.10.2
Stripped username: 192.168.10.2
AAA Logical system/Routing instance: default:default
Target Logical system/Routing instance: default:default
Access-profile: RADIUS
Session ID: 5
Accounting Session ID: 5
Multi Accounting Session ID: 0
IP Address: 192.168.10.2
Authentication State: AuthStateActive
Accounting State: Acc-Start-Sent
Converted to time accounting: no
Provisioning Type: None
Service name: RATE-LIMIT(50000000)
Service State: SvcActive
Service Family: inet
Service Activation Source: Radius at login
Session ID: 0
Session uptime: 00:04:59
Accounting status: on/volume+time
Service accounting session ID: 5:7-1548075485
Service accounting state: Acc-Start-Sent
Service converted to time accounting: no
Accounting interim interval: 600
Service session type: Service-Profile

matvey@mx80-27# run show network-access aaa subscribers session-id 6 detail

Type: dyn-ip
Username: 192.168.20.2
Stripped username: 192.168.20.2
AAA Logical system/Routing instance: default:default
Target Logical system/Routing instance: default:default
Access-profile: RADIUS
Session ID: 6
Accounting Session ID: 6
Multi Accounting Session ID: 0
IP Address: 192.168.20.2
Authentication State: AuthStateActive
Accounting State: Acc-Start-Sent
Converted to time accounting: no
Provisioning Type: None
Service name: RATE-LIMIT(50000000)
Service State: SvcActive
Service Family: inet
Service Activation Source: Radius at login
Session ID: 0
Session uptime: 00:05:09
Accounting status: on/volume+time
11
 Service accounting session ID: 6:8-1548075485
Service accounting state: Acc-Start-Sent
Service converted to time accounting: no
Accounting interim interval: 600
Service session type: Service-Profile

matvey@mx80-27# run show subscribers summary

Jan 21 14:03:27

Subscribers by State
Active: 2
Total: 2

Subscribers by Client Type

Dyn-IP: 2
Total: 2

matvey@mx80-27# run show firewall

Jan 21 14:04:26

Filter: __default_bpdu_filter__

Filter: inter-ff-in_UID1004-demux0.3221225474-in
Counters:
Name Bytes Packets
__junos-dyn-service-counter 2387951370 2383185
Policers:
Name Bytes Packets
inter-plr_UID1003-filter-demux0.3221225474-in 2268879702 2264351

Filter: inter-ff-out_UID1005-demux0.3221225474-out
Counters:
Name Bytes Packets
__junos-dyn-service-counter 0 0
Policers:
Name Bytes Packets
inter-plr_UID1003-filter-demux0.3221225474-out 0 0

Filter: inter-ff-in_UID1004-demux0.3221225475-in
Counters:
Name Bytes Packets
__junos-dyn-service-counter 2389491444 2384722
Policers:
Name Bytes Packets
inter-plr_UID1003-filter-demux0.3221225475-in 2268830604 2264302

Filter: inter-ff-out_UID1005-demux0.3221225475-out
Counters:
Name Bytes Packets
__junos-dyn-service-counter 0 0
Policers:
Name Bytes Packets
inter-plr_UID1003-filter-demux0.3221225475-out 0 0
12
matvey@mx80-27# run show system license
Jan 21 14:07:50
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
subscriber-accounting 1 1 0 permanent
subscriber-authentication 0 1 0 permanent
subscriber-address-assignment 0 1 0 permanent
subscriber-vlan 0 1 0 permanent
subscriber-ip 0 1 0 permanent
service-dc 0 1 0 permanent
service-accounting 0 1 0 permanent
service-qos 0 1 0 permanent
service-ancp 0 1 0 permanent
service-cbsp 0 1 0 permanent
scale-subscriber 2 16000 0 permanent
scale-l2tp 0 1000 0 permanent
scale-mobile-ip 0 1000 0 permanent
…
matvey@mx80-27# run show route protocol access-internal
Jan 21 14:21:29

inet.0: 13 destinations, 13 routes (12 active, 0 holddown, 1 hidden)

+ = Active Route, - = Last Active, * = Both

192.168.10.2/32 *[Access-internal/12] 00:23:24

Private unicast
192.168.20.2/32 *[Access-internal/12] 00:23:24
Private unicast

Packet-triggered сессии могут быть сброшены/отключены:

1) по абсолютному тайм-ауту
2) по тайм-ауту отсутствия трафика для сессии
3) через Radius CoA
4) через CLI

В данном тестировании воспользуемся последним вариантом (через CLI):

matvey@mx80-27# run show subscribers

Jan 21 14:27:46
Interface IP Address/VLAN ID User Name LS:RI
demux0.3221225474 192.168.10.2 192.168.10.2 default:default
demux0.3221225475 192.168.20.2 192.168.20.2 default:default

matvey@mx80-27# run clear network-access aaa subscriber username 192.168.10.2

Jan 21 14:27:57

matvey@mx80-27# run clear network-access aaa subscriber username 192.168.20.2

matvey@mx80-27# run show subscribers

Jan 21 14:28:04
Total subscribers: 0, Active Subscribers: 0
13
Полная конфигурация MX BNG
matvey@mx80-27# show | no-more
version 18.3R1-S1.4;
system {
commit synchronize;
configuration-database {
max-db-size 50000000;
}
login {
user remote {
uid 2000;
class super-user;
}
}
root-authentication {
encrypted-password <skipped>
}
host-name mx80-27;
domain-name poc-nl.jnpr.net;
backup-router 172.30.177.1 destination 172.30.176.0/20;
time-zone Europe/Amsterdam;
authentication-order radius;
name-server {
172.30.207.10;
172.30.207.13;
}
radius-server {
172.30.176.9 {
secret <skipped>
retry 3;
}
172.30.177.4 {
secret <skipped>
retry 3;
}
}
dynamic-profile-options {
versioning;
}
services {
ftp;
ssh {
client-alive-interval 120;
}
telnet;
xnm-clear-text;
netconf {
ssh;
}
web-management {
http;

14
 }
subscriber-management {
enable;
}
}
syslog {
user * {
any emergency;
}
host 172.30.189.13 {
any notice;
authorization info;
interactive-commands info;
}
host 172.30.189.14 {
any notice;
authorization info;
interactive-commands info;
}
file messages {
any notice;
authorization info;
}
}
compress-configuration-files;
ntp {
boot-server 172.30.207.10;
server 172.30.207.10;
}
}
dynamic-profiles {
PKTS-DYN-PROFILE-2 {
interfaces {
demux0 {
unit "$junos-interface-unit" {
actual-transit-statistics;
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-demux-ip-address;
}
unnumbered-address lo0.0 preferred-source-address 192.168.10.1;
}
}
}
}
}
RATE-LIMIT {
variables {
var-bw mandatory;
var-burst equals "round($var-bw*6/80)";
15
 inter-ff-in uid;
inter-ff-out uid;
inter-plr uid;
}
interfaces {
demux0 {
unit "$junos-underlying-interface-unit" {
family inet {
filter {
input "$inter-ff-in" precedence 100;
output "$inter-ff-out" precedence 100;
}
}
}
}
}
firewall {
family inet {
filter "$inter-ff-in" {
interface-specific;
term 1 {
then {
policer "$inter-plr";
service-accounting;
accept;
}
}
term 2 {
then accept;
}
}
filter "$inter-ff-out" {
interface-specific;
term 1 {
then {
policer "$inter-plr";
service-accounting;
accept;
}
}
term 2 {
then accept;
}
}
}
policer "$inter-plr" {
logical-interface-policer;
if-exceeding {
bandwidth-limit "$var-bw";
burst-size-limit "$var-burst";
}
then discard;
}
16
 }
}
}
chassis {
network-services enhanced-ip;
}
access-profile RADIUS;
interfaces {
xe-0/0/0 {
description "-- to EX";
flexible-vlan-tagging;
mtu 9000;
encapsulation flexible-ethernet-services;
gigether-options {
no-flow-control;
}
unit 10 {
demux {
inet {
address source;
auto-configure {
address-ranges {
dynamic-profile PKTS-DYN-PROFILE-2 {
network 192.168.10.0/24 {
range R1 {
low 192.168.10.2/32;
high 192.168.10.254/32;
}
}
}
authentication {
password juniper;
username-include {
source-address;
}
}
}
}
}
}
vlan-id 10;
family inet {
unnumbered-address lo0.0 preferred-source-address 192.168.10.1;
}
}
unit 30 {
demux {
inet {
address source;
auto-configure {
address-ranges {
dynamic-profile PKTS-DYN-PROFILE-2 {
network 192.168.20.0/24 {
17
 range R1 {
low 192.168.20.2/32;
high 192.168.20.254/32;
}
}
}
authentication {
password juniper;
username-include {
source-address;
}
}
}
}
}
}
vlan-id 30;
family inet {
address 192.168.30.1/30;
}
}
}
xe-0/0/1 {
description "-- to iXia";
flexible-vlan-tagging;
mtu 9000;
encapsulation flexible-ethernet-services;
gigether-options {
no-flow-control;
}
unit 40 {
vlan-id 40;
family inet {
address 192.168.40.1/24;
}
}
}
fxp0 {
unit 0 {
family inet {
address 172.30.177.49/24;
}
}
}
lo0 {
description "-- loopback";
unit 0 {
family inet {
address 192.177.0.49/32 {
preferred;
}
address 127.0.0.1/32;
address 192.168.10.1/32;
18
 }
family iso {
address 49.0177.0000.0000.0049.00;
}
}
}
}
snmp {
location "AMS, EPOC location=2.04";
contact "emea-poc@juniper.net";
community public {
authorization read-only;
clients {
172.30.0.0/16;
0.0.0.0/0 restrict;
}
}
community private {
authorization read-write;
clients {
172.30.0.0/16;
0.0.0.0/0 restrict;
}
}
trap-options {
source-address 172.30.177.49;
}
}
routing-options {
static {
route 172.16.0.0/12 {
next-hop 172.30.177.1;
no-readvertise;
}
/* -- non-directly connected subscribers */
route 192.168.20.0/24 next-hop 192.168.30.2;
}
router-id 192.177.0.49;
autonomous-system 100;
}
access {
radius-server {
172.30.189.41 {
port 1812;
accounting-port 1813;
secret "$9$JVUi.QF/0BEP5BEcyW8ZUj"; ## SECRET-DATA
timeout 5;
retry 3;
source-address 172.30.177.49;
}
}
profile RADIUS {
accounting-order radius;
19
 authentication-order radius;
radius {
authentication-server 172.30.189.41;
accounting-server 172.30.189.41;
options {
nas-port-id-delimiter :;
calling-station-id-delimiter :;
calling-station-id-format {
nas-identifier;
interface-description;
}
accounting-session-id-format decimal;
coa-dynamic-variable-validation;
}
}
accounting {
order radius;
inactive: immediate-update;
coa-immediate-update;
update-interval 10;
statistics volume-time;
}
service {
accounting-order radius;
}
}
report-interface-descriptions;
}

Полная конфигурация EX4550

matvey@ex4550-3# show | no-more
version 15.1R6.7;
groups {
access {
interfaces {
<ge-*> {
mtu 4484;
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
<xe-*> {
mtu 4484;
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
20
 }
}
trunk {
interfaces {
<ge-*> {
mtu 4484;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
<xe-*> {
mtu 4484;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
}
}
}
system {
host-name ex4550-3;
domain-name poc-nl.jnpr.net;
backup-router 172.30.179.1 destination 172.30.176.0/20;
time-zone Europe/Amsterdam;
authentication-order radius;
ports {
console log-out-on-disconnect;
}
root-authentication {
encrypted-password <skipped>
}
name-server {
172.30.207.10;
172.30.207.13;
}
radius-server {
172.30.176.9 {
secret <skipped>
retry 3;
}
172.30.179.4 {
secret <skipped>
retry 3;
21
 }
}
login {
user remote {
uid 2000;
class super-user;
}
}
services {
ftp;
ssh {
client-alive-interval 120;
}
telnet;
xnm-clear-text;
netconf {
ssh;
}
web-management {
http;
}
}
syslog {
user * {
any emergency;
}
host 172.30.189.13 {
any notice;
authorization info;
interactive-commands info;
}
host 172.30.189.14 {
any notice;
authorization info;
interactive-commands info;
}
file messages {
any notice;
authorization info;
}
}
compress-configuration-files;
commit synchronize;
ntp {
boot-server 172.30.207.10;
server 172.30.207.10;
}
}
interfaces {
xe-0/0/0 {
description "-- to MX";
mtu 9216;
ether-options {
22
 no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vl10 vl30 ];
}
}
}
}
xe-0/0/2 {
description "-- to iXia";
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vl10 vl20 ];
}
}
}
}
lo0 {
unit 0 {
family inet {
address 192.179.0.177/32 {
preferred;
}
address 127.0.0.1/32;
}
family iso {
address 49.0179.0000.0000.0177.00;
}
}
}
me0 {
unit 0 {
family inet {
address 172.30.179.177/24;
}
}
}
vlan {
unit 20 {
family inet {
address 192.168.20.1/24;
}
}
unit 30 {
23
 family inet {
address 192.168.30.2/30;
}
}
}
}
snmp {
location "AMS, EPOC location=1.07";
contact "emea-poc@juniper.net";
community public {
authorization read-only;
clients {
172.30.0.0/16;
0.0.0.0/0 restrict;
}
}
community private {
authorization read-write;
clients {
172.30.0.0/16;
0.0.0.0/0 restrict;
}
}
trap-options {
source-address 172.30.179.177;
}
}
routing-options {
static {
route 172.16.0.0/12 {
next-hop 172.30.179.1;
no-readvertise;
}
/* -- route to Uplink */
route 192.168.40.0/24 next-hop 192.168.30.1;
}
router-id 192.179.0.177;
autonomous-system 100;
}
vlans {
vl10 {
vlan-id 10;
}
vl20 {
vlan-id 20;
l3-interface vlan.20;
}
vl30 {
vlan-id 30;
l3-interface vlan.30;
}
}

24