version 13.3R4.6;
groups {
    re0 {
        system {
            host-name MX104-RE0;
        }
        interfaces {
            fxp0 {
                description "-- out-of-band management interface";
                unit 0 {
                    family inet {
                        address 192.168.3.74/24;
                    }
                }
            }
        }
    }
    re1 {
        system {
            host-name MX104-RE1;
        }
        interfaces {
            fxp0 {
                description "-- out-of-band management interface";
                unit 0 {
                    family inet {
                        address 192.168.3.75/24;
                    }
                }
            }
        }
    }
    interface-standard {
        interfaces {
            <*> {
                mtu 9100;
                hold-time up 1000 down 0;
                gigether-options {
                    no-flow-control;
                }
            }
        }
    }
}
apply-groups [ re0 re1 ];
dynamic-profiles {
    RATE-LIMIT {
        variables {
            var-bw mandatory;
            var-burst equals "round($var-bw/8)";
            var-ff-in equals "'ff-in-' ## $var-bw";
            var-ff-out equals "'ff-out-' ## $var-bw";
            var-plr equals "'plr-' ## $var-bw";
        }
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    family inet {
                        filter {
                            input "$var-ff-in" shared-name "$junos-interface-set-name" precedence 50;
                            output "$var-ff-out" shared-name "$junos-interface-set-name" precedence 50;
                        }
                    }
                }
            }
        }
        firewall {
            family inet {
                filter "$var-ff-in" {
                    interface-shared;
                    term 1 {
                        then {
                            policer "$var-plr";
                            count COUNTER;
                            accept;
                        }
                    }
                }
                filter "$var-ff-out" {
                    interface-shared;
                    term 1 {
                        then {
                            policer "$var-plr";
                            count COUNTER;
                            accept;
                        }
                    }
                }
            }
            policer "$var-plr" {
                logical-interface-policer;
                if-exceeding {
                    bandwidth-limit "$var-bw";
                    burst-size-limit "$var-burst";
                }
                then discard;
            }
        }
    }
    ACI-PROFILE {
        interfaces {
            interface-set "$junos-interface-set-name" {
                interface "$junos-interface-ifd-name";
                pppoe-underlying-options {
                    max-sessions 10;
                }
            }
        }
    }
    PPPoE-PROFILE-1 {
        interfaces {
            interface-set "$junos-interface-set-name" {
                interface pp0 {
                    unit "$junos-interface-unit";
                }
            }
            pp0 {
                unit "$junos-interface-unit" {
                    ppp-options {
                        chap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    keepalives interval 10;
                    family inet {
                        unnumbered-address lo0.0;
                    }
                }
            }
        }
    }
    VLAN-DEMUX-PROFILE {
        interfaces {
            "$junos-interface-ifd-name" {
                unit "$junos-interface-unit" {
                    description "-- Service IFL";
                    vlan-id "$junos-vlan-id";
                    auto-configure {
                        agent-circuit-identifier {
                            dynamic-profile ACI-PROFILE;
                        }
                    }
                    family pppoe {
                        access-concentrator mx104;
                        duplicate-protection;
                        dynamic-profile PPPoE-PROFILE-1;
                        max-sessions 100;
                    }
                }
            }
        }
    }
}
system {
    time-zone Europe/Moscow;
    arp {
        aging-timer 240;
        purging;
        gratuitous-arp-on-ifup;
        gratuitous-arp-delay 3;
    }
    root-authentication {
        encrypted-password "$1$UVQ1EG6U$tqUwtI0IcS4PueWRlSKlD."; ## SECRET-DATA
    }
    dynamic-profile-options {
        versioning;
    }
    login {
        user va {
            full-name "-- Vladislav Abramov @Juniper";
            uid 2003;
            class super-user;
            authentication {
                encrypted-password "$1$sUJQDKAW$p8i2/fpLPFX9pSRoK11Ff1"; ## SECRET-DATA
            }
        }
        user warrior {
            full-name "-- Matvey Alexandrov @Juniper";
            uid 2001;
            class super-user;
            authentication {
                encrypted-password "$1$uhOE97qw$oYrsgslCll5p/gtJtJsIt1"; ## SECRET-DATA
            }
        }
    }
    services {
        ftp;
        ssh;
        telnet;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
            interactive-commands none;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    commit synchronize;
}
chassis {
    redundancy {
        graceful-switchover;
    }
    alarm {
        management-ethernet {
            link-down ignore;
        }
        ethernet {
            link-down ignore;
        }
    }
    network-services enhanced-ip;
}
access-profile AP1;
interfaces {
    xe-0/0/0 {
        apply-groups interface-standard;
        description "-- L2 access network";
        flexible-vlan-tagging;
        auto-configure {
            vlan-ranges {
                dynamic-profile VLAN-DEMUX-PROFILE {
                    accept pppoe;
                    ranges {
                        any;
                    }
                }
            }
            remove-when-no-subscribers;
        }
        encapsulation flexible-ethernet-services;
    }
    ge-1/0/0 {
        apply-groups interface-standard;
        description "-- TG 10/12";
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
    }
    lo0 {
        unit 0 {
            description "-- loopback";
            family inet {
                address 3.3.3.3/32 {
                    primary;
                }
            }
            family iso {
                address 49.0001.0030.0300.3003.00;
            }
        }
    }
}
routing-options {
    static {
        route 172.17.0.20/32 {
            next-hop 192.168.3.3;
            no-readvertise;
        }
    }
    router-id 3.3.3.3;
    forwarding-table {
        export pp-balance;
    }
}
protocols {
    lldp {
        interface all;
    }
}
policy-options {
    policy-statement nhs {
        term 1 {
            then {
                next-hop self;
            }
        }
    }
    policy-statement pp-balance {
        then {
            load-balance per-packet;
        }
    }
}
access {
    radius-server {
        172.17.0.20 {
            port 1812;
            accounting-port 1813;
            secret "$9$aVUkPF39pu1FntOBIle"; ## SECRET-DATA
            timeout 5;
            retry 3;
            max-outstanding-requests 100;
        }
    }
    domain-name-server-inet {
        8.8.4.4;
    }
    profile AP1 {
        accounting-order radius;
        authentication-order radius;
        radius {
            authentication-server 172.17.0.20;
            accounting-server 172.17.0.20;
            options {
                nas-port-id-delimiter :;
                calling-station-id-delimiter :;
                calling-station-id-format {
                    nas-identifier;
                    interface-description;
                }
                accounting-session-id-format decimal;
                coa-dynamic-variable-validation;
            }
        }
        session-options {
            client-idle-timeout 60;
            client-session-timeout 1440;
        }
        accounting {
            order radius;
            immediate-update;
            coa-immediate-update;
            update-interval 10;
            statistics volume-time;
        }
    }
    address-assignment {
        pool Pool-1 {
            family inet {
                network 192.168.0.0/24;
                range Range-1 {
                    low 192.168.0.101;
                    high 192.168.0.200;
                }
            }
        }
    }
    report-interface-descriptions;
}
