warrior# show | no-more
## Last changed: 2014-04-15 06:47:02 UTC
version 12.3R6.6;
dynamic-profiles {
    IPoE-DHCP {
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    demux-options {
                        underlying-interface "$junos-underlying-interface";
                    }
                    family inet {
                        demux-source {
                            $junos-subscriber-ip-address;
                        }
                        unnumbered-address xe-1/2/0.202;
                    }
                }
            }
        }
    }
    INTERNET {
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    family inet {
                        filter {
                            input divert-to-nat precedence 100;
                        }
                    }
                }
            }
        }
    }
}
system {
    root-authentication {
        encrypted-password "$1$am29UvIB$o7sjSsMNi3MSasBD8z5ui1"; ## SECRET-DATA
    }
    dynamic-profile-options {
        versioning;
    }
    login {
        user warrior {
            uid 2005;
            class super-user;
            authentication {
                encrypted-password "$1$F/hYxupX$HLSjwJ8tvROZRzw6qi4AF/"; ## SECRET-DATA
            }
        }
    }
    services {
        telnet;
        dhcp-local-server {
            pool-match-order {
                ip-address-first;
            }
            authentication {
                password 123;
                username-include {
                    mac-address;
                }
            }
            group 1 {
                dynamic-profile IPoE-DHCP;
                interface xe-1/2/0.202;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
            interactive-commands none;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
chassis {
    fpc 5 {
        pic 0 {
            adaptive-services {
                service-package layer-3;
            }
        }
        pic 1 {
            adaptive-services {
                service-package layer-3;
            }
        }
    }
    network-services enhanced-ip;
}
services {
    service-set NAT-SERVICE {
        nat-rules nat-rule-1;
        next-hop-service {
            inside-service-interface sp-5/0/0.10;
            outside-service-interface sp-5/0/0.20;
        }
    }
    nat {
        pool public-ipv4-pool {
            address 195.34.49.110/32;
            port {
                automatic;
            }
        }
        rule nat-rule-1 {
            match-direction input;
            term 1 {
                from {
                    source-address {
                        192.168.202.0/24;
                    }
                }
                then {
                    translated {
                        source-pool public-ipv4-pool;
                        translation-type {
                            napt-44;
                        }
                    }
                }
            }
        }
    }
}
access-profile Access-Profile-1;
interfaces {
    xe-0/0/0 {
        description "-- iXia";
        mtu 9192;
        gigether-options {
            no-flow-control;
        }
    }
    xe-1/2/0 {
        description "-- Cisco L2 Te1/3";
        flexible-vlan-tagging;
        mtu 9192;
        encapsulation flexible-ethernet-services;
        gigether-options {
            no-flow-control;
        }
        unit 106 {
            description "-- Internet Uplink";
            proxy-arp restricted;
            vlan-id 106;
            family inet {
                address 10.99.99.110/28 {
                    arp 10.99.99.97 mac 00:18:74:2f:73:c0;
                }
            }
        }
        unit 110 {
            description "-- L3 connected";
            vlan-id 110;
            family inet {
                address 192.168.0.2/24;
            }
        }
        unit 111 {
            description "-- Radius Proxy";
            vlan-id 111;
            family inet {
                address 192.168.2.2/24;
            }
        }
        unit 201 {
            vlan-id 201;
            family inet {
                address 10.10.201.1/24;
            }
        }
        unit 202 {
            description "-- IPoE DHCP access";
            demux-source inet;
            vlan-id 202;
            family inet {
                address 192.168.202.1/24;
            }
        }
        unit 203 {
            vlan-id 203;
            family inet {
                address 10.10.203.1/24;
            }
        }
        unit 204 {
            vlan-id 204;
            family inet {
                address 10.10.204.1/24;
            }
        }
        unit 205 {
            vlan-id 205;
            family inet {
                address 10.10.205.1/24;
            }
        }
        unit 206 {
            vlan-id 206;
            family inet {
                address 10.10.206.1/24;
            }
        }
        unit 207 {
            vlan-id 207;
            family inet {
                address 10.10.207.1/24;
            }
        }
        unit 208 {
            vlan-id 208;
            family inet {
                address 10.10.208.1/24;
            }
        }
        unit 209 {
            description "-- FreeBSD Server (VM)";
            vlan-id 209;
            family inet {
                address 10.10.209.1/24;
            }
        }
        unit 210 {
            vlan-id 210;
            family inet {
                address 10.10.210.1/24;
            }
        }
    }
    xe-1/2/1 {
        disable;
    }
    xe-1/3/0 {
        disable;
    }
    xe-1/3/1 {
        disable;
    }
    sp-5/0/0 {
        description "-- Service interface for NAT";
        services-options {
            cgn-pic;
        }
        unit 10 {
            family inet;
            service-domain inside;
        }
        unit 20 {
            family inet;
            service-domain outside;
        }
    }
    fxp0 {
        description "-- management";
        unit 0 {
            family inet {
                address 10.10.0.2/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.1.1.1/32 {
                    primary;
                    preferred;
                }
            }
        }
    }
}
forwarding-options {
    enhanced-hash-key {
        services-loadbalancing {
            family inet {
                layer-3-services {
                    source-address;
                }
            }
        }
    }
}
routing-options {
    static {
        route 172.16.1.0/24 {
            next-hop 192.168.0.1;
            no-readvertise;
        }
        route 0.0.0.0/0 {
            next-hop 10.99.99.97;
            no-readvertise;
        }
    }
    forwarding-table {
        export lb;
    }
}
policy-options {
    policy-statement lb {
        then {
            load-balance per-packet;
        }
    }
}
firewall {
    family inet {
        filter divert-to-nat {
            interface-specific;
            term DHCP {
                from {
                    protocol udp;
                    source-port bootpc;
                }
                then {
                    count dhcp-counter;
                    accept;
                }
            }
            term LOCAL {
                from {
                    source-address {
                        192.168.202.0/24;
                    }
                    destination-address {
                        192.168.202.1/32;
                    }
                }
                then {
                    count local-counter;
                    accept;
                }
            }
            term NAT {
                then {
                    count nat-counter;
                    routing-instance INSIDE;
                }
            }
        }
    }
}
access {
    profile Access-Profile-1 {
        accounting-order radius;
        authentication-order radius;
        radius {
            authentication-server 10.10.209.2;
            accounting-server 10.10.209.2;
            options {
                nas-port-id-delimiter :;
                accounting-session-id-format decimal;
                revert-interval 60;
                client-authentication-algorithm round-robin;
                client-accounting-algorithm direct;
                coa-dynamic-variable-validation;
            }
        }
        radius-server {
            10.10.209.2 {
                secret "$9$45Zi.Qz6AtOQFCu0Byr"; ## SECRET-DATA
                timeout 2;
                retry 3;
                max-outstanding-requests 200;
                source-address 10.10.209.1;
            }
        }
        accounting {
            order radius;
            immediate-update;
            coa-immediate-update;
            update-interval 10;
            statistics volume-time;
        }
    }
    address-assignment {
        pool ipv4-pool {
            family inet {
                network 192.168.202.0/24;
                range R1 {
                    low 192.168.202.2;
                    high 192.168.202.254;
                }
                dhcp-attributes {
                    maximum-lease-time 3600;
                    name-server {
                        8.8.4.4;
                    }
                    router {
                        192.168.202.1;
                    }
                }
            }
        }
    }
    address-protection;
    radius-options {
        request-rate 500;
    }
}
routing-instances {
    INSIDE {
        instance-type virtual-router;
        interface sp-5/0/0.10;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop sp-5/0/0.10;
                route 192.168.202.0/24 next-table inet.0;
            }
        }
    }
}
