Access Interface Configuration
Table: global.access.interface.config
Although there is no correct way to configure subscriber management, it makes most sense to proceed from mandatory configurations and profiles to optional ones. First and foremost, among these mandatory configuration items is the access interface configuration which is the anchor point for almost all further access configurations.
The interface configuration assigns the access type, access profile ([Access Profile Configuration]), AAA profile ([AAA Profile Configuration]) and further optional attributes to the matching physical interface (IFP) and VLAN.
Multiple interface configurations per IFP with disjoint VLAN ranges are supported.
The way that the interface configuration relates to all subscriber management configuration tasks is shown in the picture below.
Note that there can be more than one interface configured for subscriber management and each interface can reference the same profiles.
There are four major configuration tasks for the access interface:
-
Configure the physical interface name (IFP) and VLAN range
-
Configure the mandatory access type (PPPoE or IPoE)
-
Configure the mandatory access profile
-
Configure the mandatory AAA profile
-
Configure optional attributes like service profile or session limit
Configuring Access Interfaces
Access interfaces can be configured without VLAN tags (untagged) and with one (single tagged) or two (double tagged) VLAN tags.
supervisor@switch: cfg> set access interface <cr> double-tagged Double tagged access single-tagged Single tagged access untagged Untagged access supervisor@switch: cfg> set access interface untagged ifp-0/0/0 <cr> aaa-profile-name AAA profile name access-profile-name Access profile name access-type Access service type max-subscribers-per-mac Restrict maximum subscribers per MAC address max-subscribers-per-vlan Restrict maximum subscribers per VLAN service-profile-name Service profile name vlan-profile-enable Enable VLAN profiles
The following example shows an untagged access interface.
supervisor@switch: cfg> show config access interface untagged ifp-0/0/0 { "rtbrick-config:untagged": { "interface-name": "ifp-0/0/0", "access-type": "PPPoE", "access-profile-name": "pppoe-dual", "service-profile-name": "service-profile1", "aaa-profile-name": "aaa-radius", "vlan-profile-enable": "true", "max-subscribers-per-vlan": 1, "max-subscribers-per-mac": 1 } }
Attribute | Description | ||
---|---|---|---|
access-type |
The mandatory access type attribute define the access protocol used for this interface. Values: PPPoE or IPoE |
||
access-profile-name |
The name of the mandatory access profile ([Access Profile Configuration]). |
||
aaa-profile-name |
The name of the mandatory AAA profile ([AAA Profile Configuration]). |
||
service-profile-name |
This option allows to assign a optional service profile ([Service Profile Configuration]) which can be dynamically overwritten via RADIUS. |
||
max-subscribers-per-vlan |
This option defines the maximum number of subscribers per IFP and VLAN. A value of 1 will implicitly set the VLAN mode to 1:1 where any value grater than 1 means N:1. Default: 1 Range: 1 - 65535
|
||
max-subscribers-per-mac |
Maximum number of subscribers per IFP, VLAN and MAC. This option must be less or equal to the max-subscribers-per-vlan. Default: 1 Range: 1 - 65535 |
||
vlan-profile-enable |
If enabled, incoming PPPoE sessions (PPPoE PADI/PADR) are not honored unless matching vlan-profile is found
in the table Default: false |
||
gateway-ifl |
This options selects the IPoE gateway IFL (unnumbered source IFL) which is typically a loopback interface used as gateway for IPoE subscribers. |
Configuring Untagged Interfaces
supervisor@switch: cfg> set access interface untagged <interface-name> Name of the physical interface supervisor@switch: cfg> set access interface untagged ifp-0/0/0 <cr> aaa-profile-name AAA profile name access-profile-name Access profile name access-type Access service type max-subscribers-per-mac Restrict maximum subscribers per MAC address max-subscribers-per-vlan Restrict maximum subscribers per VLAN service-profile-name Service profile name vlan-profile-enable Enable VLAN profiles supervisor@switch: cfg> set access interface untagged ifp-0/0/0 access-type PPPoE supervisor@switch: cfg> set access interface untagged ifp-0/0/0 access-profile-name pppoe-dual supervisor@switch: cfg> set access interface untagged ifp-0/0/0 aaa-profile-name aaa-radius supervisor@switch: cfg> commit supervisor@switch: cfg> show config access interface untagged ifp-0/0/0 { "rtbrick-config:untagged": { "interface-name": "ifp-0/0/0", "access-type": "PPPoE", "access-profile-name": "pppoe-dual", "aaa-profile-name": "aaa-radius" } }
Untagged interfaces are not supported on Broadcom QMX and QAX platforms. |
Configuring Single VLAN Tagged Interfaces
The VLAN range 128 - 4000 includes VLAN 128, 4000 and VLAN identifiers between.
supervisor@switch: cfg> set access interface single-tagged <interface-name> Name of the physical interface supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 <outer-vlan-min> Outer VLAN min supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 <outer-vlan-max> Outer VLAN max supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 <cr> aaa-profile-name AAA profile name access-profile-name Access profile name access-type Access service type max-subscribers-per-mac Restrict maximum subscribers per MAC address max-subscribers-per-vlan Restrict maximum subscribers per VLAN service-profile-name Service profile name vlan-profile-enable Enable VLAN profiles supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 access-type PPPoE supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 access-profile-name pppoe-dual supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 aaa-profile-name aaa-radius supervisor@switch: cfg> commit supervisor@switch: cfg> show config access interface single-tagged ifp-0/0/0 128 3000 { "rtbrick-config:single-tagged": { "interface-name": "ifp-0/0/0", "outer-vlan-min": 128, "outer-vlan-max": 3000, "inner-vlan-min": 7, "inner-vlan-max": 7, "access-type": "PPPoE", "access-profile-name": "pppoe-dual", "aaa-profile-name": "aaa-radius" } }
Configuring Double VLAN Tagged Interfaces
Setting the min and max VLAN to the same value means an exact match.
Currently RBFS only supports PPPoE subscriber sessions with EtherType 0x8100 (802.1Q); it does not support EtherType 0x88a8 (802.1ad). |
supervisor@switch: cfg> set access interface double-tagged <interface-name> Name of the physical interface supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 <outer-vlan-min> Outer VLAN min supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 <outer-vlan-max> Outer VLAN max supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 <inner-vlan-min> Inner VLAN min supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 <inner-vlan-max> Inner VLAN max supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 <cr> aaa-profile-name AAA profile name access-profile-name Access profile name access-type Access service type max-subscribers-per-mac Restrict maximum subscribers per MAC address max-subscribers-per-vlan Restrict maximum subscribers per VLAN service-profile-name Service profile name vlan-profile-enable Enable VLAN profiles supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 access-type PPPoE supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 access-profile-name pppoe-dual supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 aaa-profile-name aaa-radius supervisor@switch: cfg> commit supervisor@switch: cfg> show config access interface single-tagged ifp-0/0/0 128 3000 7 7 { "rtbrick-config:double-tagged": { "interface-name": "ifp-0/0/0", "outer-vlan-min": 128, "outer-vlan-max": 3000, "inner-vlan-min": 7, "inner-vlan-max": 7, "access-type": "PPPoE", "access-profile-name": "pppoe-dual", "aaa-profile-name": "aaa-radius" } }