Juniper PPPoE Setup Guide

Overview

This guide covers PPPoE configuration on Juniper routers (JunOS) for integration with Zal Ultra RADIUS server. Juniper routers are known for their carrier-grade reliability and advanced features in service provider networks.

Supported Platforms:

✅ Juniper MX Series (MX80, MX104, MX204, MX480, MX960)
✅ Juniper SRX Series (SRX300, SRX550, SRX1500, SRX4600)
✅ JunOS 18.x and above

What You'll Learn:

🔧 Access profile configuration
📊 Address pool management
🔐 RADIUS AAA setup
🌐 Dynamic profile configuration
🔄 CoA (Change of Authorization)
🛡️ Security best practices

Architecture

Subscriber (PPPoE Client)
    ↓
Juniper Router (PPPoE Server + RADIUS Client)
    ↓
Zal Ultra (RADIUS Server + Billing System)

Complete Juniper PPPoE Configuration

junos

# ============================================
# Complete Juniper PPPoE Configuration
# For Zal Ultra RADIUS Integration
# ============================================

# Loopback interface (gateway)
set interfaces lo0 unit 0 family inet address 10.10.0.1/32

# Subscriber interface
set interfaces ge-0/0/1 description "PPPoE Subscriber Interface"
set interfaces ge-0/0/1 unit 0 family pppoe dynamic-profile PPPOE-DYNAMIC-PROFILE
set interfaces ge-0/0/1 unit 0 family pppoe duplicate-protection
set interfaces ge-0/0/1 unit 0 family pppoe max-sessions 1000
set interfaces ge-0/0/1 unit 0 family pppoe service-name-table ISP-PPPoE

# Address pools
set access address-assignment pool PPPOE-POOL family inet network 10.10.1.0/24
set access address-assignment pool PPPOE-POOL family inet range RANGE-1 low 10.10.1.2
set access address-assignment pool PPPOE-POOL family inet range RANGE-1 high 10.10.1.254

# RADIUS server (Zal Ultra)
set access radius-server 192.168.1.100 port 1812
set access radius-server 192.168.1.100 accounting-port 1813
set access radius-server 192.168.1.100 secret YourSecretKey123
set access radius-server 192.168.1.100 timeout 3
set access radius-server 192.168.1.100 retry 3
set access radius-server 192.168.1.100 source-address 192.168.1.1
set access radius-server 192.168.1.100 dynamic-request-port 3799

# Access profile
set access profile PPPOE-PROFILE client pppoe-client-profile
set access profile PPPOE-PROFILE ppp authentication-order chap
set access profile PPPOE-PROFILE ppp authentication-order pap
set access profile PPPOE-PROFILE ppp chap default
set access profile PPPOE-PROFILE ppp pap default
set access profile PPPOE-PROFILE ppp keepalive-interval 30
set access profile PPPOE-PROFILE ppp mtu 1492
set access profile PPPOE-PROFILE ppp idle-timeout 0
set access profile PPPOE-PROFILE ppp session-limit-per-username 1
set access profile PPPOE-PROFILE ppp session-limit-per-mac 1
set access profile PPPOE-PROFILE radius authentication-server 192.168.1.100
set access profile PPPOE-PROFILE radius accounting-server 192.168.1.100
set access profile PPPOE-PROFILE radius options nas-identifier ISP-JUNIPER
set access profile PPPOE-PROFILE radius options nas-ip-address 192.168.1.1
set access profile PPPOE-PROFILE radius options include-radius-attribute 6
set access profile PPPOE-PROFILE radius options include-radius-attribute 8
set access profile PPPOE-PROFILE radius options include-radius-attribute 25
set access profile PPPOE-PROFILE radius options coa-dynamic-variable-validation
set access profile PPPOE-PROFILE address-pool PPPOE-POOL

# Dynamic profile
set dynamic-profiles PPPOE-DYNAMIC-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
set dynamic-profiles PPPOE-DYNAMIC-PROFILE interfaces pp0 unit "$junos-interface-unit" ppp-options chap
set dynamic-profiles PPPOE-DYNAMIC-PROFILE interfaces pp0 unit "$junos-interface-unit" ppp-options pap
set dynamic-profiles PPPOE-DYNAMIC-PROFILE interfaces pp0 unit "$junos-interface-unit" keepalives interval 30

# NAT configuration
set security nat source rule-set NAT-RULESET from zone trust
set security nat source rule-set NAT-RULESET to zone untrust
set security nat source rule-set NAT-RULESET rule NAT-RULE match source-address 10.10.0.0/16
set security nat source rule-set NAT-RULESET rule NAT-RULE then source-nat interface

# Security zones
set security zones security-zone trust interfaces pp0.0
set security zones security-zone untrust interfaces ge-0/0/0.0

# Policies
set security policies from-zone trust to-zone untrust policy ALLOW-ALL match source-address any
set security policies from-zone trust to-zone untrust policy ALLOW-ALL match destination-address any
set security policies from-zone trust to-zone untrust policy ALLOW-ALL match application any
set security policies from-zone trust to-zone untrust policy ALLOW-ALL then permit

Verification Commands

junos

# Show PPPoE sessions
show subscribers
show subscribers extensive
show subscribers summary

# Show RADIUS statistics
show access radius-server statistics
show access radius-server 192.168.1.100

# Show address pools
show access address-assignment pool PPPOE-POOL

# Show dynamic profiles
show dynamic-profiles PPPOE-DYNAMIC-PROFILE

# Monitor logs
show log messages | match pppoe
show log messages | match radius

Troubleshooting

Common Issues

Issue 1: User Cannot Connect

junos

# Check RADIUS reachability
ping 192.168.1.100 source 192.168.1.1

# Check configuration
show configuration access

# Monitor RADIUS
monitor start messages

Issue 2: Accounting Not Working

junos

# Check accounting configuration
show configuration access radius-server | display set

# Check statistics
show access radius-server statistics

Best Practices

✅ Use session-limit-per-username 1 to prevent duplicates
✅ Enable duplicate-protection on interface
✅ Set appropriate max-sessions based on capacity
✅ Monitor RADIUS response times
✅ Use CoA for remote management
✅ Configure proper security zones
✅ Enable logging for troubleshooting

📘 PPPoE Overview - MikroTik setup
📗 Cisco PPPoE - Cisco IOS/IOS-XE
📙 vBNG PPPoE - Virtual BNG
🔐 RADIUS Setup - FreeRADIUS

Summary

✅ Juniper PPPoE Setup Complete!

Key Configuration:

✅ Loopback interface for gateway
✅ Address pools for IP assignment
✅ RADIUS server configuration
✅ Access profile with authentication
✅ Dynamic profile for sessions
✅ CoA for remote management
✅ NAT and security zones

Your Juniper router is ready for Zal Ultra! 🚀

Juniper PPPoE Setup Guide ​

Overview ​

Architecture ​

Complete Juniper PPPoE Configuration ​

Verification Commands ​

Troubleshooting ​

Common Issues ​

Best Practices ​

Related Documentation ​

Summary ​

Juniper PPPoE Setup Guide

Overview

Architecture

Complete Juniper PPPoE Configuration

Verification Commands

Troubleshooting

Common Issues

Best Practices

Related Documentation

Summary