Access Interface Configuration
Table: global.access.interface.config
Although there is no correct way to configure subscriber management, it makes most sense to proceed from mandatory configurations and profiles to optional ones. First and foremost, among these mandatory configuration items is the access interface configuration which is the anchor point for almost all further access configurations.
The interface configuration assigns the access type, access profile Access Profile Configuration, AAA profile AAA Profile Configuration
Multiple interface configurations per IFP with disjoint VLAN ranges are supported.
The way that the interface configuration relates to all subscriber management configuration tasks is shown in the picture below.
Note that there can be more than one interface configured for subscriber management and each interface can reference the same profiles.
There are four major configuration tasks for the access interface:
-
Configure the physical interface name (IFP or LAG) and VLAN range
-
Configure the mandatory access type (PPPoE or IPoE)
-
Configure the mandatory access profile
-
Configure the mandatory AAA profile
-
Configure optional attributes like service profile or session limit
Configuring Access Interfaces
Access interfaces can be configured without VLAN tags (untagged) and with one (single tagged) or two (double tagged) VLAN tags.
supervisor@switch: cfg> set access interface <cr> double-tagged Double tagged access single-tagged Single tagged access untagged Untagged access supervisor@switch: cfg> set access interface untagged ifp-0/0/0 <cr> aaa-profile-name AAA profile name access-profile-name Access profile name access-type Access service type gateway-ifl IPoE gateway IFL (unnumbered source IFL) max-subscribers-per-mac Restrict maximum subscribers per MAC address max-subscribers-per-vlan Restrict maximum subscribers per VLAN pppoe-pado-delay Optional PPPoE PADO delay in seconds <1-255> redundancy-session-id Redundancy session id for this interface <1-4294967295> service-profile-name Service profile name vlan-profile-enable Enable VLAN profiles
The following example shows an untagged access interface.
supervisor@switch: cfg> show config access interface untagged ifp-0/0/0
{
"rtbrick-config:untagged": {
"interface-name": "ifp-0/0/0",
"access-type": "PPPoE",
"access-profile-name": "pppoe-dual",
"service-profile-name": "service-profile1",
"aaa-profile-name": "aaa-radius",
"vlan-profile-enable": "true",
"max-subscribers-per-vlan": 1,
"max-subscribers-per-mac": 1
}
}
| Attribute | Description |
|---|---|
access-type |
The mandatory access type attribute define the access protocol used for this interface. Values: PPPoE or IPoE |
access-profile-name |
The name of the mandatory access profile Access Profile Configuration. |
aaa-profile-name |
The name of the mandatory AAA profile AAA Profile Configuration. |
service-profile-name |
This option allows assigning an optional service profile Service Profile Configuration which can be dynamically overwritten via RADIUS. |
max-subscribers-per-vlan |
This option defines the maximum number of subscribers per IFP and VLAN. A value of 1 will implicitly set the VLAN mode to 1:1, where any value greater than 1 indicates N:1. Default: 1 Range: 1 - 65535 |
max-subscribers-per-mac |
Maximum number of subscribers per IFP, VLAN, and MAC. This option must be less or equal to the max-subscribers-per-vlan. Default: 1 Range: 1 - 65535 |
vlan-profile-enable |
If enabled, incoming PPPoE sessions (PPPoE PADI/PADR) are not honored unless matching vlan-profile is found
in the table Default: false |
gateway-ifl |
This options selects the IPoE gateway IFL (unnumbered source IFL) which is typically a loopback interface used as a gateway for IPoE subscribers. |
pppoe-pado-delay |
Optional PPPoE PADO delay in seconds. This setting allows you to specify a wait time in seconds after receiving a PPPoE Active Discovery Initiation (PADI) control packet from a PPPoE client before sending a PPPoE Active Discovery Offer (PADO) packet to indicate that it can serve the client request. Range: 1 - 255 |
Configuring Untagged Interfaces
supervisor@switch: cfg> set access interface untagged
<interface-name> Name of the physical interface
supervisor@switch: cfg> set access interface untagged ifp-0/0/0
<cr>
aaa-profile-name AAA profile name
access-profile-name Access profile name
access-type Access service type
max-subscribers-per-mac Restrict maximum subscribers per MAC address
max-subscribers-per-vlan Restrict maximum subscribers per VLAN
pppoe-pado-delay Optional PPPoE PADO delay in seconds <1-255>
service-profile-name Service profile name
vlan-profile-enable Enable VLAN profiles
supervisor@switch: cfg> set access interface untagged ifp-0/0/0 access-type PPPoE
supervisor@switch: cfg> set access interface untagged ifp-0/0/0 access-profile-name pppoe-dual
supervisor@switch: cfg> set access interface untagged ifp-0/0/0 aaa-profile-name aaa-radius
supervisor@switch: cfg> commit
supervisor@switch: cfg> show config access interface untagged ifp-0/0/0
{
"rtbrick-config:untagged": {
"interface-name": "ifp-0/0/0",
"access-type": "PPPoE",
"access-profile-name": "pppoe-dual",
"aaa-profile-name": "aaa-radius"
}
}
|
Configuring Single VLAN Tagged Interfaces
The VLAN range 128 - 4000 includes VLAN 128, 4000, and VLAN identifiers between.
supervisor@switch: cfg> set access interface single-tagged
<interface-name> Name of the physical interface
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0
<outer-vlan-min> Outer VLAN min
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128
<outer-vlan-max> Outer VLAN max
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000
<cr>
aaa-profile-name AAA profile name
access-profile-name Access profile name
access-type Access service type
max-subscribers-per-mac Restrict maximum subscribers per MAC address
max-subscribers-per-vlan Restrict maximum subscribers per VLAN
pppoe-pado-delay Optional PPPoE PADO delay in seconds <1-255>
service-profile-name Service profile name
vlan-profile-enable Enable VLAN profiles
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 access-type PPPoE
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 access-profile-name pppoe-dual
supervisor@switch: cfg> set access interface single-tagged ifp-0/0/0 128 3000 aaa-profile-name aaa-radius
supervisor@switch: cfg> commit
supervisor@switch: cfg> show config access interface single-tagged ifp-0/0/0 128 3000
{
"rtbrick-config:single-tagged": [
{
"interface-name": "ifp-0/0/0",
"outer-vlan-min": 128,
"outer-vlan-max": 3000,
"access-type": "PPPoE",
"access-profile-name": "pppoe-dual",
"aaa-profile-name": "aaa-radius"
}
]
}
The access interface-name can be a physical IFP or lag.
|
Configuring Double VLAN Tagged Interfaces
Configuring the minimum and maximum VLAN settings to an identical value results in achieving an exact match.
supervisor@switch: cfg> set access interface double-tagged
<interface-name> Name of the physical interface
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0
<outer-vlan-min> Outer VLAN min
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128
<outer-vlan-max> Outer VLAN max
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000
<inner-vlan-min> Inner VLAN min
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7
<inner-vlan-max> Inner VLAN max
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7
<cr>
aaa-profile-name AAA profile name
access-profile-name Access profile name
access-type Access service type
max-subscribers-per-mac Restrict maximum subscribers per MAC address
max-subscribers-per-vlan Restrict maximum subscribers per VLAN
pppoe-pado-delay Optional PPPoE PADO delay in seconds <1-255>
service-profile-name Service profile name
vlan-profile-enable Enable VLAN profiles
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 access-type PPPoE
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 access-profile-name pppoe-dual
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 128 3000 7 7 aaa-profile-name aaa-radius
supervisor@switch: cfg> commit
supervisor@switch: cfg> show config access interface single-tagged ifp-0/0/0 128 3000 7 7
{
"rtbrick-config:double-tagged": {
"interface-name": "ifp-0/0/0",
"outer-vlan-min": 128,
"outer-vlan-max": 3000,
"inner-vlan-min": 7,
"inner-vlan-max": 7,
"access-type": "PPPoE",
"access-profile-name": "pppoe-dual",
"aaa-profile-name": "aaa-radius"
}
}
The access interface-name can be a physical IFP or lag.
|
The following example sets a PPPoE PADO delay of 30 seconds for a double-tagged interface ifp-0/0/0.
supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 access-type PPPoE supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 access-profile-name pppoe-default-ds supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 aaa-profile-name aaa-profile supervisor@switch: cfg> set access interface double-tagged ifp-0/0/0 201 250 201 250 pppoe-pado-delay 30
Configuring VLAN Encapsulation on Access Interface
By default, the VLAN encapsulation 0x8100 is used. This configuration allows to define the outer VLAN encapsulation for the interface.
set access interface double-tagged ifp-0/0/1 1 4094 1 4094 set access interface double-tagged ifp-0/0/1 1 4094 1 4094 access-type IPoE set access interface double-tagged ifp-0/0/1 1 4094 1 4094 outer-vlan-encapsulation <802.1ad\|802.1q>
Example:
{
"subscriber_id": 216454257090494465,
"subscriber_ifl_name": "ipoe-0/0/1/216454257090494465",
"ifp_name": "ifp-0/0/1",
"tagged": true,
"outer_vlan_id": 1,
"inner_vlan_id": 1,
“outer_vlan_encapsulation” : “802.1ad”,
"client_mac_address": "02:00:00:00:00:01",
"instance_name": "default",
"description": "Subscriber IFL for 02:00:00:00:00:01@ipoe",
"tunnel_type": "IPoE",
"ipv6_link_local": "fe80::786b:e7ff:fec0:1",
"gateway_ifl": "lo-0/0/4/1",
"enable_proxy_arp": true,
"l3_mtu": 1500
}