cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1850
Views
0
Helpful
1
Replies

Freeradius does not save avpair sent by ASR1002 - Delegated-IPv6-Prefix

gsaracho89
Level 1
Level 1

hello,

I have the following scenario. An ASR1002 with software version 03.13.10.S. The ASR has configured the IPv6 prefixes to assign to the clients, and once it assigns them it sends the avpairs to a Freeradius. The problem is that in the packet capture you can see that the ASR sends it to the avpair in the "accounting-request" packet to the freeradius, but the freeradius does not store it.
What I mean by freeradius not storing, is that after a query is made from a platform to freeradius to see what ipv6 is assigned to each client and does not show it.
This on another router, an ASR9000 works fine, the issue is the ASR1002.

 

 

this is a packet capture on freeradius. The problem is that I don't know if it is something to set in the ASR1002 to store it in freeradius or if it is freeradius itself.

 

RADIUS Protocol
Code: Accounting-Request (4)
Packet identifier: 0xa7 (167)
Length: 560
Authenticator: 991cd55b999e09f0aae58fadfba325e1
Attribute Value Pairs
AVP: t=Acct-Session-Id(44) l=20 val=0/1/0/640_007BB7FE
AVP: t=Vendor-Specific(26) l=24 vnd=ciscoSystems(9)
AVP: t=Vendor-Specific(26) l=26 vnd=ciscoSystems(9)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=Framed-IPv6-Prefix(97) l=20 val=2001:X:X::/64
AVP: t=Framed-Interface-Id(96) l=10 val=218d36286581b516
AVP: t=Framed-IP-Address(8) l=6 val=X.X.X.153
AVP: t=Delegated-IPv6-Prefix(123) l=20 val=2001:X:X:X::/64
AVP: t=User-Name(1) l=10 val=dsl99902
AVP: t=Vendor-Specific(26) l=35 vnd=ciscoSystems(9)
AVP: t=Vendor-Specific(26) l=31 vnd=ciscoSystems(9)
AVP: t=Vendor-Specific(26) l=31 vnd=ciscoSystems(9)
AVP: t=Acct-Session-Time(46) l=6 val=321
AVP: t=Acct-Input-Octets(42) l=6 val=2736962
AVP: t=Acct-Output-Octets(43) l=6 val=2746557
AVP: t=Vendor-Specific(26) l=38 vnd=ciscoSystems(9)
AVP: t=Vendor-Specific(26) l=39 vnd=ciscoSystems(9)
AVP: t=Acct-Input-Packets(47) l=6 val=6797
AVP: t=Acct-Output-Packets(48) l=6 val=6902
AVP: t=Vendor-Specific(26) l=36 vnd=ciscoSystems(9)
AVP: t=Vendor-Specific(26) l=37 vnd=ciscoSystems(9)
AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
AVP: t=Acct-Status-Type(40) l=6 val=Interim-Update(3)
AVP: t=Calling-Station-Id(31) l=14 val=c0c9e3af6747
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=NAS-Port(5) l=6 val=134218368
AVP: t=NAS-Port-Id(87) l=11 val=0/1/0/640
AVP: t=Vendor-Specific(26) l=41 vnd=ciscoSystems(9)
AVP: t=Class(25) l=3 val=30
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=NAS-IP-Address(4) l=6 val=X.X.X.207
AVP: t=PMIP6-Home-HN-Prefix(151) l=10 val=[invalid reserved byte for IPv6 prefix]
AVP: t=Acct-Delay-Time(41) l=6 val=0

 

 

config in ASR1002:

 

aaa authentication login default group tacacs+ local enable line
aaa authentication ppp ADSL group radius local
aaa authentication ppp viaTACACS group tacacs+ local
aaa authentication ppp NINGUNO none
aaa authorization console
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization network ADSL group radius local if-authenticated
aaa authorization network viaTACACS group tacacs+ local if-authenticated
aaa authorization network NINGUNO none
aaa authorization configuration IA_PD group radius
aaa accounting send counters ipv6
aaa accounting delay-start all
aaa accounting update periodic 3
aaa accounting include auth-profile delegated-ipv6-prefix
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa accounting network ADSL
action-type start-stop periodic interval 5
group radius
!

ipv6 dhcp pool DHCPv6Local
prefix-delegation pool ClientesDinamicos lifetime 7200 300
address prefix 2001:X:X::/64 lifetime 7200 300
dns-server 2001:X:X::65
dns-server 2001:X:X::66
sntp address 2001:X:X:X::1
accounting ADSL
!

interface Virtual-Template46
description Servicio PPPoE con IPv6
ip unnumbered Loopback0
ipv6 enable
no ipv6 nd prefix framed-ipv6-prefix
ipv6 nd other-config-flag
ipv6 nd router-preference High
no ipv6 nd ra suppress
ipv6 nd ra lifetime 7200
ipv6 nd ra interval 5
ipv6 dhcp server DHCPv6Local
peer default ip address pool LNS1-POOL
peer default ipv6 pool LinksPE-CE
ppp authentication pap ADSL
ppp authorization ADSL
ppp accounting ADSL
ppp ipcp dns X.X.X.65 X.X.X.65
ppp ipv6cp address unique
!

pool LNS1-POOL and pool LinksPE-CE are defined in the config. 

 

this is an example of the queries to the freeradius database, in the avpair of delegatedipv6prefix nothing is returned:

<DATA>

<ROW>
<radacctid>913607839</radacctid>
<acctsessionid>0/1/0/640_004EB3C1</acctsessionid>
<acctuniqueid>7a73d0dd85554bbb30a9ce57b3804b46</acctuniqueid>
<username>dsl99902</username>
<realm></realm>
<nasipaddress>X.X.X.207</nasipaddress>
<nasportid>0/1/0/640</nasportid>
<nasporttype>Ethernet</nasporttype>
<acctstarttime>2021-05-18 10:33:15</acctstarttime>
<acctupdatetime>2021-05-19 13:14:56</acctupdatetime>
<acctstoptime>NULL</acctstoptime>
<acctinterval>62</acctinterval>
<acctsessiontime>96101</acctsessiontime>
<acctauthentic>RADIUS</acctauthentic>
<connectinfo_start></connectinfo_start>
<connectinfo_stop></connectinfo_stop>
<acctinputoctets>2341181058</acctinputoctets>
<acctoutputoctets>2496301024</acctoutputoctets>
<calledstationid></calledstationid>
<callingstationid>c47154448e08</callingstationid>
<acctterminatecause></acctterminatecause>
<servicetype>Framed-User</servicetype>
<framedprotocol>PPP</framedprotocol>
<framedipaddress>X.X.X.172</framedipaddress>
<framedipv6address></framedipv6address>
<framedipv6prefix>2001:X:X::/64</framedipv6prefix>
<framedinterfaceid>0:3b61:0:3b58</framedinterfaceid>
<delegatedipv6prefix></delegatedipv6prefix>
</ROW>
</DATA>

 

 

if someone can give me some help or guide me where I can focus my analysis, I would appreciate it.

 

Best Regards! 

 

 

 

1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

Hello @gsaracho89 ,

It's been a while since you posted this question. Are you still working on this issue or were you able to resolve it in the meantime?

Best regards,
Peter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco