version 14.1X50-D35.1;
dynamic-profiles {
    PPPoE-pure {
        routing-instances {
            "$junos-routing-instance" {
                interface "$junos-interface-name";
            }
        }
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    ppp-options {
                        chap;
                        pap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    keepalives interval 10;
                    family inet {
                        unnumbered-address "$junos-loopback-interface";
                    }
                }
            }
        }
    }
    REDIRECT {
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    family inet {
                        service {
                            input {
                                service-set sset-redirect service-filter walled;
                            }
                            output {
                                service-set sset-redirect service-filter skip;
                            }
                        }
                    }
                }
            }
        }
    }
}
system {
    root-authentication {
        encrypted-password "$1$NMzXJKo7$rNtcS5t2moPC7bJB8chdI/"; ## SECRET-DATA
    }
    login {
        user warrior {
            uid 2005;
            class super-user;
            authentication {
                encrypted-password "$1$5XL72K0V$AgxSN2A.EQGl9ohJHWLll/"; ## SECRET-DATA
            }
        }
    }
    services {
        telnet;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
chassis {
    fpc 0 {
        pic 0 {
            inline-services {
                bandwidth 1g;
            }
        }
    }
    network-services enhanced-ip;
}
services {
    captive-portal-content-delivery {
        rule my-redirect-rule {
            match-direction input;
            term 1 {
                then {
                    redirect http://10.10.209.2/index.php;
                }
            }
        }
        profile my-redirect {
            cpcd-rules my-redirect-rule;
        }
        inactive: traceoptions {
            file cpcd.log size 1m files 2 world-readable;
            flag all;
        }
    }
    service-set sset-redirect {
        service-set-options {
            subscriber-awareness;
            routing-engine-services;
        }
        captive-portal-content-delivery-profile my-redirect;
        interface-service {
            service-interface si-0/0/0;
        }
    }
}
access-profile Access-Profile-1;
interfaces {
    si-0/0/0 {
        unit 0 {
            family inet;
        }
    }
    xe-1/2/0 {
        description "-- Cisco L2 Te1/3";
        flexible-vlan-tagging;
        mtu 9192;
        encapsulation flexible-ethernet-services;
        gigether-options {
            no-flow-control;
        }
        unit 201 {
            description "-- PPPoE access";
            vlan-id 201;
            family pppoe {
                access-concentrator MX480;
                duplicate-protection;
                dynamic-profile PPPoE-pure;
                max-sessions 32000;
            }
        }
        unit 208 {
            description "-- Internet Emulation (VM)";
            vlan-id 208;
            family inet {
                address 10.10.208.1/24;
            }
        }
        unit 209 {
            description "-- Radius server & WEB Portal";
            vlan-id 209;
            family inet {
                address 10.10.209.1/24;
            }
        }
    }
    fxp0 {
        description "-- management";
        unit 0 {
            family inet {
                address 10.10.0.2/24;
            }
        }
    }
    lo0 {
        unit 0 {
            description "-- loopback";
            family inet {
                address 1.1.1.1/32 {
                    primary;
                    preferred;
                }
            }
        }
    }
}
firewall {
    family inet {
        service-filter walled {
            term portal {
                from {
                    destination-address {
                        10.10.209.2/32;
                    }
                }
                then {
                    count portal-counter;
                    skip;
                }
            }
            term redirect {
                from {
                    protocol tcp;
                    destination-port 80;
                }
                then {
                    count redirect-counter;
                    service;
                }
            }
            term skip {
                then {
                    count skip-counter;
                    skip;
                }
            }
        }
        service-filter skip {
            term 1 {
                then skip;
            }
        }
    }
}
access {
    profile Access-Profile-1 {
        accounting-order radius;
        authentication-order radius;
        radius {
            authentication-server 10.10.209.2;
            accounting-server 10.10.209.2;
            options {
                nas-port-id-delimiter :;
                nas-port-id-format {
                    nas-identifier;
                    interface-description;
                }
                accounting-session-id-format decimal;
                revert-interval 60;
                client-authentication-algorithm round-robin;
                client-accounting-algorithm direct;
                coa-dynamic-variable-validation;
            }
        }
        radius-server {
            10.10.209.2 {
                secret "$9$45Zi.Qz6AtOQFCu0Byr"; ## SECRET-DATA
                timeout 2;
                retry 3;
                max-outstanding-requests 200;
                source-address 10.10.209.1;
            }
        }
        accounting {
            order radius;
            immediate-update;
            coa-immediate-update;
            update-interval 10;
            statistics volume-time;
        }
    }
    address-assignment {
        pool ipv4-PPPoE-L2TP-pool {
            family inet {
                network 192.168.201.0/24;
                range R201 {
                    low 192.168.201.2;
                    high 192.168.201.254;
                }
                xauth-attributes {
                    primary-dns 8.8.8.8/32;
                    secondary-dns 8.8.4.4/32;
                }
            }
        }
    }
}
