Solved by using

acitycisco · ‎07-07-2014

Hello. I cant get Per-session VRF feature working with IPv6 protocol. IPv4 is working fine.

Here is what i've got:

test1    Cleartext-Password := "test"
        Framed-Protocol = PPP,
        Service-Type == Framed-User,
        Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat",
        Cisco-AVPair += "ip:vrf-id=NoNAT",
        Cisco-AVPair += "ip:ip-unnumbered=Loopback1",
        Cisco-AVPair += "ip:addr-pool=real"
        Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"

test2    Cleartext-Password := "test"
        Framed-Protocol = PPP,
        Service-Type == Framed-User,
        Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool",
        Cisco-AVPair += "lcp:interface-config=ip nat inside"

#sho run


interface Loopback0
 ip address ****
 ipv6 address 2001:DB8::20/128
 ipv6 enable
!
interface Loopback1
 vrf forwarding NoNAT
 ip address *****
 ipv6 address 2001:DB8::21/128
 ipv6 enable
!
ipv6 dhcp pool AAA_dhcpv6_pool
 prefix-delegation aaa method-list FREERADIUS
!
ip local pool pool192_168 192.168.128.0 192.168.255.254
ip local pool real *.*.*.* *.*.*.*
!
ipv6 local pool ppp_delegate_56_v6_pool 2001:DB8:3::/48 56
ipv6 local pool ppp_link_v6_pool 2001:DB8:1::/49 64
!
ipv6 local pool ppp_delegate_56_v6_pool_vrf_no_nat 2001:DB8:6::/48 56
ipv6 local pool ppp_link_v6_pool_vrf_no_nat 2001:DB8:4::/49 64

!

interface Virtual-Template1
 ip unnumbered Loopback0
 ipv6 unnumbered Loopback0
 ipv6 enable
 no ipv6 nd ra suppress
 ipv6 dhcp server AAA_dhcpv6_pool
 peer default ip address pool pool192_168
 peer default ipv6 pool ppp_link_v6_pool

 ! non-related config skipped
!

User test2 receive IPv4 private address and full IPv6 service: address negotiated on the link and delegation DHCPv6 service.

User test1 receive IPv4 real address only and no IPv6 at all.

Here is the debug, take a look at the bold line:

Jul  8 10:13:41: RADIUS(000000DF): Send Access-Request to 10.0.6.10:1812 id 1645/139, len 207
Jul  8 10:13:41: RADIUS:  authenticator B8 8A 07 F3 D8 90 A5 FE - B0 10 9F 51 B2 4F 7E 0A
Jul  8 10:13:41: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul  8 10:13:41: RADIUS:  User-Name           [1]   6   "test"
Jul  8 10:13:41: RADIUS:  CHAP-Password       [3]   19  *
Jul  8 10:13:41: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Jul  8 10:13:41: RADIUS:  NAS-Port            [5]   6   0
Jul  8 10:13:41: RADIUS:  NAS-Port-Id         [87]  13  "0/1/0/2.301"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  41
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=5254.0018.9fb1"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  39
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   33  "circuit-id-tag=SNR eth 001,0301"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  39
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   33  "remote-id-tag=f8-f0-82-10-9b-9d"
Jul  8 10:13:41: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul  8 10:13:41: RADIUS:  NAS-IP-Address      [4]   6   10.0.6.21
Jul  8 10:13:41: RADIUS(000000DF): Sending a IPv4 Radius Packet
Jul  8 10:13:41: RADIUS(000000DF): Started 5 sec timeout
Jul  8 10:13:41: RADIUS: Received from id 1645/139 10.0.6.10:1812, Access-Accept, len 236
Jul  8 10:13:41: RADIUS:  authenticator 9C E6 3B 43 A3 58 06 AB - 17 99 AD 06 FF C6 9A 35
Jul  8 10:13:41: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul  8 10:13:41: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  67
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   61  "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  23
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   17  "ip:vrf-id=NoNAT"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  34
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   28  "ip:ip-unnumbered=Loopback1"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  25
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   19  "ip:addr-pool=real"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  55
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   49  "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"
Jul  8 10:13:41: RADIUS(000000DF): Received from id 1645/139
Jul  8 10:13:41: ppp202 PPP SSS: Forwarding request
Jul  8 10:13:41: ppp202 PPP: Phase is FORWARDING, Attempting Forward
Jul  8 10:13:41: PPP: Bind ppp202 to Virtual-Access2.1
Jul  8 10:13:41: Vi2.1 PPP: Static Bind peer_type[3]
Jul  8 10:13:41: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User
Jul  8 10:13:41: Vi2.1 CHAP: O SUCCESS id 1 len 4
Jul  8 10:13:41: Vi2.1 PPP: Phase is UP
Jul  8 10:13:41: Vi2.1 IPCP: Protocol configured, start CP. state[Initial]
Jul  8 10:13:41: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting]
Jul  8 10:13:41: Vi2.1 IPCP: O CONFREQ [Starting] id 1 len 10
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.8 (0x0306B92EC408)
Jul  8 10:13:41: Vi2.1 IPCP: Event[UP] State[Starting to REQsent]
Jul  8 10:13:41: Vi2.1 PPP: Send Message[Static Bind Response]
Jul  8 10:13:41: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address 0.0.0.0 (0x030600000000)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Start.  Her address 0.0.0.0, we want 0.0.0.0
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Says use pool real
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Pool returned *.*.*.11
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Done.  Her address 0.0.0.0, we want *.*.*.11
Jul  8 10:13:41: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.11 (0x0306B92EC50B)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 8.8.8.8 (0x810608080808)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 8.8.4.4 (0x830608080404)
Jul  8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
Jul  8 10:13:41: Vi2.1 IPV6CP: I CONFREQ [UNKNOWN] id 1 len 14
Jul  8 10:13:41: Vi2.1 IPV6CP:    Interface-Id 11BF:9891:6F31:7C15 (0x010A11BF98916F317C15)
Jul  8 10:13:41: Vi2.1 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x0101000E010A11BF98916F317C15)
Jul  8 10:13:41: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.8 (0x0306B92EC408)
Jul  8 10:13:41: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
Jul  8 10:13:41: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.11 (0x0306B92EC50B)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 8.8.8.8 (0x810608080808)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 8.8.4.4 (0x830608080404)
Jul  8 10:13:41: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.11 (0x0306B92EC50B)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 8.8.8.8 (0x810608080808)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 8.8.4.4 (0x830608080404)
Jul  8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
Jul  8 10:13:41: Vi2.1 IPCP: State is Open
Jul  8 10:13:41: Vi2.1 Added to neighbor route AVL tree: topoid 2, address *.*.*.11
Jul  8 10:13:41: Vi2.1 IPCP: Install route to *.*.*.11
Jul  8 10:13:41: RADIUS/ENCODE(000000DF):Orig. component type = PPPoE
Jul  8 10:13:41: RADIUS(000000DF): Config NAS IP: 10.0.6.21
Jul  8 10:13:41: RADIUS(000000DF): Config NAS IPv6: ::
Jul  8 10:13:41: RADIUS(000000DF): sending
Jul  8 10:13:41: RADIUS(000000DF): Send Accounting-Request to 10.0.6.10:1813 id 1646/109, len 264

Any suggestions?

acitycisco · ‎07-09-2014

Fixed one problem and moved into other.

I've added

Cisco-AVPair += "lcp:interface-config=ipv6 unnumbered Loopback1"

to user profile, but stumbled into another problem: router ignores

Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool"

regardless of vrf, even on usual user profile

acitycisco · ‎07-09-2014

Solved by using

Cisco-AVPair += "lcp:interface-config=peer default ipv6 pool pool_name

Update:

Framed-IPv6-Pool += "ppp_link_v6_pool_vrf_no_nat"

works too

Per-session VRF and IPv6