07-07-2014 09:18 PM
Hello. I cant get Per-session VRF feature working with IPv6 protocol. IPv4 is working fine.
Here is what i've got:
test1 Cleartext-Password := "test"
Framed-Protocol = PPP,
Service-Type == Framed-User,
Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat",
Cisco-AVPair += "ip:vrf-id=NoNAT",
Cisco-AVPair += "ip:ip-unnumbered=Loopback1",
Cisco-AVPair += "ip:addr-pool=real"
Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"
test2 Cleartext-Password := "test"
Framed-Protocol = PPP,
Service-Type == Framed-User,
Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool",
Cisco-AVPair += "lcp:interface-config=ip nat inside"
#sho run interface Loopback0 ip address **** ipv6 address 2001:DB8::20/128 ipv6 enable ! interface Loopback1 vrf forwarding NoNAT ip address ***** ipv6 address 2001:DB8::21/128 ipv6 enable ! ipv6 dhcp pool AAA_dhcpv6_pool prefix-delegation aaa method-list FREERADIUS ! ip local pool pool192_168 192.168.128.0 192.168.255.254 ip local pool real *.*.*.* *.*.*.* ! ipv6 local pool ppp_delegate_56_v6_pool 2001:DB8:3::/48 56 ipv6 local pool ppp_link_v6_pool 2001:DB8:1::/49 64 ! ipv6 local pool ppp_delegate_56_v6_pool_vrf_no_nat 2001:DB8:6::/48 56 ipv6 local pool ppp_link_v6_pool_vrf_no_nat 2001:DB8:4::/49 64 ! interface Virtual-Template1 ip unnumbered Loopback0 ipv6 unnumbered Loopback0 ipv6 enable no ipv6 nd ra suppress ipv6 dhcp server AAA_dhcpv6_pool peer default ip address pool pool192_168 peer default ipv6 pool ppp_link_v6_pool ! non-related config skipped !
User test2 receive IPv4 private address and full IPv6 service: address negotiated on the link and delegation DHCPv6 service.
User test1 receive IPv4 real address only and no IPv6 at all.
Here is the debug, take a look at the bold line:
Jul 8 10:13:41: RADIUS(000000DF): Send Access-Request to 10.0.6.10:1812 id 1645/139, len 207 Jul 8 10:13:41: RADIUS: authenticator B8 8A 07 F3 D8 90 A5 FE - B0 10 9F 51 B2 4F 7E 0A Jul 8 10:13:41: RADIUS: Framed-Protocol [7] 6 PPP [1] Jul 8 10:13:41: RADIUS: User-Name [1] 6 "test" Jul 8 10:13:41: RADIUS: CHAP-Password [3] 19 * Jul 8 10:13:41: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Jul 8 10:13:41: RADIUS: NAS-Port [5] 6 0 Jul 8 10:13:41: RADIUS: NAS-Port-Id [87] 13 "0/1/0/2.301" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 41 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 35 "client-mac-address=5254.0018.9fb1" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 39 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 33 "circuit-id-tag=SNR eth 001,0301" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 39 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 33 "remote-id-tag=f8-f0-82-10-9b-9d" Jul 8 10:13:41: RADIUS: Service-Type [6] 6 Framed [2] Jul 8 10:13:41: RADIUS: NAS-IP-Address [4] 6 10.0.6.21 Jul 8 10:13:41: RADIUS(000000DF): Sending a IPv4 Radius Packet Jul 8 10:13:41: RADIUS(000000DF): Started 5 sec timeout Jul 8 10:13:41: RADIUS: Received from id 1645/139 10.0.6.10:1812, Access-Accept, len 236 Jul 8 10:13:41: RADIUS: authenticator 9C E6 3B 43 A3 58 06 AB - 17 99 AD 06 FF C6 9A 35 Jul 8 10:13:41: RADIUS: Framed-Protocol [7] 6 PPP [1] Jul 8 10:13:41: RADIUS: Service-Type [6] 6 Framed [2] Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 67 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 61 "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 23 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 17 "ip:vrf-id=NoNAT" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 34 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 28 "ip:ip-unnumbered=Loopback1" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 25 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 19 "ip:addr-pool=real" Jul 8 10:13:41: RADIUS: Vendor, Cisco [26] 55 Jul 8 10:13:41: RADIUS: Cisco AVpair [1] 49 "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat" Jul 8 10:13:41: RADIUS(000000DF): Received from id 1645/139 Jul 8 10:13:41: ppp202 PPP SSS: Forwarding request Jul 8 10:13:41: ppp202 PPP: Phase is FORWARDING, Attempting Forward Jul 8 10:13:41: PPP: Bind ppp202 to Virtual-Access2.1 Jul 8 10:13:41: Vi2.1 PPP: Static Bind peer_type[3] Jul 8 10:13:41: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User Jul 8 10:13:41: Vi2.1 CHAP: O SUCCESS id 1 len 4 Jul 8 10:13:41: Vi2.1 PPP: Phase is UP Jul 8 10:13:41: Vi2.1 IPCP: Protocol configured, start CP. state[Initial] Jul 8 10:13:41: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting] Jul 8 10:13:41: Vi2.1 IPCP: O CONFREQ [Starting] id 1 len 10 Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.8 (0x0306B92EC408) Jul 8 10:13:41: Vi2.1 IPCP: Event[UP] State[Starting to REQsent] Jul 8 10:13:41: Vi2.1 PPP: Send Message[Static Bind Response] Jul 8 10:13:41: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 22 Jul 8 10:13:41: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0 Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Says use pool real Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Pool returned *.*.*.11 Jul 8 10:13:41: Vi2.1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want *.*.*.11 Jul 8 10:13:41: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 22 Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.11 (0x0306B92EC50B) Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 8.8.8.8 (0x810608080808) Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 8.8.4.4 (0x830608080404) Jul 8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent] Jul 8 10:13:41: Vi2.1 IPV6CP: I CONFREQ [UNKNOWN] id 1 len 14 Jul 8 10:13:41: Vi2.1 IPV6CP: Interface-Id 11BF:9891:6F31:7C15 (0x010A11BF98916F317C15) Jul 8 10:13:41: Vi2.1 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x0101000E010A11BF98916F317C15) Jul 8 10:13:41: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10 Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.8 (0x0306B92EC408) Jul 8 10:13:41: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd] Jul 8 10:13:41: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 22 Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.11 (0x0306B92EC50B) Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 8.8.8.8 (0x810608080808) Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 8.8.4.4 (0x830608080404) Jul 8 10:13:41: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 22 Jul 8 10:13:41: Vi2.1 IPCP: Address *.*.*.11 (0x0306B92EC50B) Jul 8 10:13:41: Vi2.1 IPCP: PrimaryDNS 8.8.8.8 (0x810608080808) Jul 8 10:13:41: Vi2.1 IPCP: SecondaryDNS 8.8.4.4 (0x830608080404) Jul 8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open] Jul 8 10:13:41: Vi2.1 IPCP: State is Open Jul 8 10:13:41: Vi2.1 Added to neighbor route AVL tree: topoid 2, address *.*.*.11 Jul 8 10:13:41: Vi2.1 IPCP: Install route to *.*.*.11 Jul 8 10:13:41: RADIUS/ENCODE(000000DF):Orig. component type = PPPoE Jul 8 10:13:41: RADIUS(000000DF): Config NAS IP: 10.0.6.21 Jul 8 10:13:41: RADIUS(000000DF): Config NAS IPv6: :: Jul 8 10:13:41: RADIUS(000000DF): sending Jul 8 10:13:41: RADIUS(000000DF): Send Accounting-Request to 10.0.6.10:1813 id 1646/109, len 264
Any suggestions?
07-09-2014 09:03 PM
Fixed one problem and moved into other.
I've added
Cisco-AVPair += "lcp:interface-config=ipv6 unnumbered Loopback1"
to user profile, but stumbled into another problem: router ignores
Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool"
regardless of vrf, even on usual user profile
07-09-2014 09:13 PM
Solved by using
Cisco-AVPair += "lcp:interface-config=peer default ipv6 pool pool_name
Update:
Framed-IPv6-Pool += "ppp_link_v6_pool_vrf_no_nat"
works too
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide