Access Interface Configuration

Table: global.access.interface.config

While there is no single specific way to configure subscriber management, it is ideal to start with mandatory configurations and then move on to optional ones. The access interface configuration is the anchor point for almost all further access configurations. The interface configuration defines the access type and access profile. For more information, see sections Access Profile Configuration, AAA profile AAA Profile Configuration.

Multiple interface configurations per IFP with disjoint VLAN ranges are supported.

The following image illustrates the access interface configurations and how they are associated with the entire subscriber management.

Figure 1. Access Interface Configuration

You can configure multiple interfaces for access and subscriber management, and each interface can reference the same profiles. This allows for efficient and scalable network management.

To configure the access interface, you must complete the following major tasks.

Configure the physical interface name (IFP or LAG) and VLAN range
Configure the mandatory access type (PPPoE or IPoE)
Configure the mandatory access profile
Configure the mandatory AAA profile
Configure optional attributes such as service profile or session limit

Configuring Access Interfaces

Access interfaces can be configured without VLAN tags (untagged VLAN) and with one VLAN tag (single-tagged) or with two VLAN tags (double-tagged).

The following are the command and command options available to configure Access Interface.

supervisor@switch: cfg> set access interface
  <cr>
  double-tagged         Double tagged access
  single-tagged         Single tagged access
  untagged              Untagged access

supervisor@switch: cfg> set access interface untagged ifp-0/0/0
  <cr>
  aaa-profile-name          AAA profile name
  access-profile-name       Access profile name
  access-type               Access service type
  gateway-ifl               IPoE gateway IFL (unnumbered source IFL)
  max-subscribers-per-mac   Restrict maximum subscribers per MAC address
  max-subscribers-per-vlan  Restrict maximum subscribers per VLAN
  pppoe-pado-delay          Optional PPPoE PADO delay in seconds <1-255>
  redundancy-session-id     Redundancy session id for this interface <1-4294967295>
  service-profile-name      Service profile name
  vlan-profile-enable       Enable VLAN profiles

Example:

In the following example configuration, the untagged access interface 'ifp-0/0/0' is configured for PPPoE access type, with the Access Profile set to 'pppoe-dual', Service Profile set to 'service-profile1', and AAA Profile set to 'aaa-radius'. The option 'vlan-profile-enable' is enabled by setting it to 'true', and the parameters 'max-subscribers-per-vlan' and 'max-subscribers-per-mac' are both assigned the value of '1'.

supervisor@switch: cfg> show config access interface untagged ifp-0/0/0
{
  "rtbrick-config:untagged": {
    "interface-name": "ifp-0/0/0",
    "access-type": "PPPoE",
    "access-profile-name": "pppoe-dual",
    "service-profile-name": "service-profile1",
    "aaa-profile-name": "aaa-radius",
    "vlan-profile-enable": "true",
    "max-subscribers-per-vlan": 1,
    "max-subscribers-per-mac": 1
  }
}

Attribute Description

access-type

Defines the access protocol used for this interface. This is a mandatory attribute.

Values: PPPoE or IPoE

access-profile-name

Specifies the name of the access profile (mandatory). For more information, see Access Profile Configuration.

aaa-profile-name

Specifies the name of the AAA profile (mandatory). For more information, see AAA Profile Configuration.

service-profile-name

This option allows assigning an optional service profile which can be dynamically overwritten via RADIUS. For more information, see Service Profile Configuration .

max-subscribers-per-vlan

This option defines the maximum number of subscribers per IFP and VLAN. A value of '1' will implicitly set the VLAN mode to 1:1 VLAN mode, where any value greater than 1 indicates N:1 VLAN mode.

Default: 1 Range: 1 - 65535

max-subscribers-per-mac

Maximum number of subscribers per IFP, VLAN, and MAC. This option must be less or equal specified for the 'max-subscribers-per-vlan' attribute.

Default: 1 Range: 1 - 65535

vlan-profile-enable

If enabled, incoming PPPoE sessions (PPPoE PADI/PADR) are not honored unless matching vlan-profile is found in the table global.vlan.profile of the PPPoE daemon. For more information about VLAN profiles, see PPPoE VLAN Profiles.

Default: false

gateway-ifl

This options selects the IPoE gateway IFL (unnumbered source IFL) which is typically a loopback interface used as a gateway for IPoE subscribers.

pppoe-pado-delay

(Optional) Specifies the PPPoE PADO delay, in seconds. This setting allows you to specify a wait time in seconds after receiving a PPPoE Active Discovery Initiation (PADI) control packet from a PPPoE client before sending a PPPoE Active Discovery Offer (PADO) packet to indicate that it can serve the client request. Range: 1 - 255

The PPPoE PADO delay is used for stateless high availability.

Configuring Untagged Interfaces

The following command and options are used to configure the untagged access interface.

supervisor@switch: cfg> set access interface untagged
  <interface-name>      Name of the physical interface

supervisor@switch: cfg> set access interface untagged ifp-0/0/0
  <cr>
  aaa-profile-name          AAA profile name
  access-profile-name       Access profile name
  access-type               Access service type
  max-subscribers-per-mac   Restrict maximum subscribers per MAC address
  max-subscribers-per-vlan  Restrict maximum subscribers per VLAN
  pppoe-pado-delay          Optional PPPoE PADO delay in seconds <1-255>
  service-profile-name      Service profile name
  vlan-profile-enable       Enable VLAN profiles

supervisor@switch: cfg> set access interface untagged ifp-0/0/0 access-type PPPoE
supervisor@switch: cfg> set access interface untagged ifp-0/0/0 access-profile-name pppoe-dual
supervisor@switch: cfg> set access interface untagged ifp-0/0/0 aaa-profile-name aaa-radius
supervisor@switch: cfg> commit
supervisor@switch: cfg> show config access interface untagged ifp-0/0/0
{
  "rtbrick-config:untagged": {
    "interface-name": "ifp-0/0/0",
    "access-type": "PPPoE",
    "access-profile-name": "pppoe-dual",
    "aaa-profile-name": "aaa-radius"
  }
}

Untagged interfaces are not supported on Broadcom QAX platforms.
The access interface-name can be a physical IFP or lag.

Configuring Single VLAN Tagged Interfaces

You need to define the VLAN identifier range within the range from 128 to 4000 for VLAN tagged interface. The following command and options are used to configure a single VLAN-tagged interface.

supervisor@switch: cfg> set access interface single-tagged
  <interface-name>      Name of the physical interface

supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0
  <outer-vlan-min>      Outer VLAN min

supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128
  <outer-vlan-max>      Outer VLAN max

supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000
  <cr>
  aaa-profile-name          AAA profile name
  access-profile-name       Access profile name
  access-type               Access service type
  max-subscribers-per-mac   Restrict maximum subscribers per MAC address
  max-subscribers-per-vlan  Restrict maximum subscribers per VLAN
  pppoe-pado-delay          Optional PPPoE PADO delay in seconds <1-255>
  service-profile-name      Service profile name
  vlan-profile-enable       Enable VLAN profiles

In the following example, the single tagged access interface ifp-0/0/0 is configured with the Outer VLAN minimum value 128 and the outer VLAN maximum value 3000. The Access Type is defined PPPoE, Access Profile pppoe-dual, and AAA Profile as aaa-radius.

supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 access-type PPPoE
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 access-profile-name pppoe-dual
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 aaa-profile-name aaa-radius
supervisor@switch: cfg> commit
supervisor@switch: cfg> show config access interface single-tagged ifp-0/0/0 128 3000
{
  "rtbrick-config:single-tagged": [
    {
      "interface-name": "ifp-0/0/0",
      "outer-vlan-min": 128,
      "outer-vlan-max": 3000,
      "access-type": "PPPoE",
      "access-profile-name": "pppoe-dual",
      "aaa-profile-name": "aaa-radius"
    }
  ]
}

The access interface-name can be a physical IFP or LAG.

Configuring Double Tagged VLAN Interfaces

When configuring double-tagged VLAN interfaces, setting the minimum and maximum VLAN ID to the same value ensures that only a specific VLAN ID is matched. It indicates that the VLAN interface will specifically recognize and process traffic tagged with that exact VLAN ID.

The following commands and options are used to configure double-tagged VLAN interfaces.

supervisor@switch: cfg> set access interface double-tagged
  <interface-name>      Name of the physical interface

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0
  <outer-vlan-min>      Outer VLAN min

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128
  <outer-vlan-max>      Outer VLAN max

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000
  <inner-vlan-min>      Inner VLAN min

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7
  <inner-vlan-max>      Inner VLAN max

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7
  <cr>
  aaa-profile-name          AAA profile name
  access-profile-name       Access profile name
  access-type               Access service type
  max-subscribers-per-mac   Restrict maximum subscribers per MAC address
  max-subscribers-per-vlan  Restrict maximum subscribers per VLAN
  pppoe-pado-delay          Optional PPPoE PADO delay in seconds <1-255>
  service-profile-name      Service profile name
  vlan-profile-enable       Enable VLAN profiles

In the following example, the double-tagged access interface ifp-0/0/0 is configured with the Outer VLAN minimum value 128 and the outer VLAN maximum value 3000. The configuration also defines the inner VLAN minimum value 7 and Inner VLAN maximum value 7. The Access Type is defined PPPoE, Access Profile pppoe-dual, and AAA Profile aaa-radius.

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 access-type PPPoE
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 access-profile-name pppoe-dual
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 aaa-profile-name aaa-radius
supervisor@switch: cfg> commit
supervisor@switch: cfg> show config access interface single-tagged ifp-0/0/0 128 3000 7 7
{
  "rtbrick-config:double-tagged": {
    "interface-name": "ifp-0/0/0",
    "outer-vlan-min": 128,
    "outer-vlan-max": 3000,
    "inner-vlan-min": 7,
    "inner-vlan-max": 7,
    "access-type": "PPPoE",
    "access-profile-name": "pppoe-dual",
    "aaa-profile-name": "aaa-radius"
  }
}

The access interface-name can be a physical IFP or LAG.

The following example sets a PPPoE PADO delay of 30 seconds for a double-tagged interface ifp-0/0/0.

supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 access-type PPPoE
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 access-profile-name pppoe-default-ds
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 aaa-profile-name aaa-profile
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 pppoe-pado-delay 30

Configuring VLAN Encapsulation on Access Interface

By default, the VLAN encapsulation 0x8100 is used.

In the configuration, the provided subscriber ID is 216454257090494465, and the Subscriber IFL name is "ipoe-0/0/1/216454257090494465". The Outer VLAN and Inner VLAN IDs are both specified as '1'. The IPv6 link local address is provided as "fe80::786b:e7ff:fec0:1", and the MAC address specified is '02:00:00:00:00:01'. The instance name provided is 'default', and the gateway IFL is specified as "lo-0/0/4/1". Proxy ARP is enabled by specifying it as true. The Layer 3 MTU is set to 1500, and the tunnel type is marked as IPoE.

set access interface double-tagged ifp-0/0/1 1 4094 1 4094
set access interface double-tagged ifp-0/0/1 1 4094 1 4094 access-type IPoE
set access interface double-tagged ifp-0/0/1 1 4094 1 4094 outer-vlan-encapsulation <802.1ad\|802.1q>

Example:

{
        "subscriber_id": 216454257090494465,
        "subscriber_ifl_name": "ipoe-0/0/1/216454257090494465",
        "ifp_name": "ifp-0/0/1",
        "tagged": true,
        "outer_vlan_id": 1,
        "inner_vlan_id": 1,
        “outer_vlan_encapsulation” : “802.1ad”,
        "client_mac_address": "02:00:00:00:00:01",
        "instance_name": "default",
        "description": "Subscriber IFL for 02:00:00:00:00:01@ipoe",
        "tunnel_type": "IPoE",
        "ipv6_link_local": "fe80::786b:e7ff:fec0:1",
        "gateway_ifl": "lo-0/0/4/1",
        "enable_proxy_arp": true,
        "l3_mtu": 1500
}