Specifications
•
Configuration support to prevent the LACP MC-LAG system ID from reverting to the
default LACP system ID on ICCP failure—Beginning in Junos OS Release 13.3, you can
configure the prefer-status-control-active statement with the status-control standby
configuration at the [edit interfaces aeX aggregated-ether-options mc-ae] hierarchy
level to prevent the LACP MC-LAG system ID from reverting to the default LACP system
ID on ICCP failure. Use this configuration only if you can ensure that ICCP does not go
down unless the router is down. You must also configure the hold-time down value (at
the [edit interfaces interface-name] hierarchy level) for the interchassis link with the
status-control standby configuration to be higher than the ICCP BFD timeout. This
configuration prevents traffic loss by ensuring that when the router with the
status-controlactive configuration goes down, the router with the status-control standby
configuration does not go into standby mode.
•
Support for rejecting IPv6CP negotiation in the absence of an authorized address
(MX Series)—Starting in Junos OS Release 13.3, you can control the behavior of the
router in a situation where IPv6CP negotiation is initiated for subscriber sessions when
no authorized addresses are available. By default, IPv6CP negotiation is enabled to
proceed for an IPv6-only session when AAA has not provided an appropriate IPv6
address or prefix. In the absence of the address, the negotiation cannot successfully
complete. To prevent endless client negotiation of IPv6CP, include the
reject-unauthorized-ipv6cp statement at the [edit protocols ppp-service] hierarchy
level, which enables the jpppd process to reject the negotiation attempt.
•
Support for ignoring DSL Forum VSAs from directly connected devices (MX
Series)—When CPE devices are directly connected to a BNG, you might want the router
to ignore any DSL Forum VSAs that it receives in PPPoE control packets because the
VSAs can be spoofed by malicious subscribers. Spoofing is particularly serious when
the targeted VSAs are used to authenticate the subscriber, such as Agent-Circuit-Id
[26-1] and Agent-Remote-ID [26-2].
To ignore the DSL Forum VSAs, starting in Junos OS Release 13.3, include the
direct-connect statement for PPPoE interfaces or PPPoE underlying interfaces at the
following hierarchy levels:
•
[edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number family
pppoe]
•
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number
family pppoe]
•
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number
pppoe-underlying-options]
•
[edit interfaces interface-name unit logical-unit-number family pppoe]
•
[edit interfaces interface-name unit logical-unit-number pppoe-underlying-options]
•
[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family pppoe]
•
[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number pppoe-underlying-options]
Copyright © 2015, Juniper Networks, Inc.64
Release Notes: Junos OS Release 13.3R6 for the EX Series, M Series, MX Series, PTX Series, and T Series