Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
220
Views
0
Helpful
0
Replies

Can't assign static ip to pppoe subscriber

mrwisthis
Level 1
Level 1

‎12-01-2022 02:18 AM

Hello all,

I have ASR1004 and a freeradius server. I try to assign static ip address to subscriber. I tryed "Framed-IP-Address" and Cisco-avpair "ip:addr=x.x.x.x", but seems Cisco is ignoring them. I also tryed configuring seppared ip pools for each subscriber with only one ip address and set avpair to "ip:addr-pool=xxx", but subscriber gets always ip from the first pool in list.

Here is  my ASR1004 config:

version 17.5
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ASR1004
!
boot-start-marker
boot system flash bootflash:asr1000rpx86-universalk9.17.05.01a.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 xxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa group server radius Opteron
server-private xxx.xxx.xxx.2 key 7 xxxxxxxxxxxxxxxxxxx
!
aaa authentication login default local
aaa authentication ppp PPPoE_LIST group Opteron
aaa authorization network PPPoE_LIST group Opteron
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting session-duration ntp-adjusted
aaa accounting nested
aaa accounting update periodic 1
aaa accounting exec default
action-type start-stop
group radius
!
aaa accounting network default start-stop group Opteron
!
!
aaa nas port extended
!
!
!
!
aaa session-id common
aaa policy interface-config allow-subinterface
!
transport-map type persistent webui webhandler
server
!
transport-map type persistent ssh sshhandler
rsa keypair-name ssh-key
transport interface GigabitEthernet0
connection wait allow interruptible
!
transport-map type console ssh_con
!
clock timezone EET 2 0
clock summer-time EEET recurring last Sun Mar 0:00 last Sun Oct 0:00
!
!
!
!
ip nbar http-services
!
!
!
!
!
ip name-server xxx.xxx.xxx.xxx
ip domain name xxxxx.xxx

ip dhcp relay information option
ip dhcp relay information trust-all
ip dhcp excluded-address xxx.xxx.160.1
ip dhcp excluded-address xxx.xxx.161.1 xxx.xxx.161.10
ip dhcp excluded-address xxx.xxx.160.201 xxx.xxx.160.254
ip dhcp excluded-address xxx.xxx.162.1
!
ip dhcp pool 160
network xxx.xxx.160.0 255.255.255.0
network xxx.xxx.161.0 255.255.255.0 secondary
default-router xxx.xxx.160.1
dns-server xxx.xxx.xxx.xxx
remember
!
!
!
login block-for 100 attempts 15 within 100
login delay 10
login quiet-mode access-class myacl
login on-success log
!
!
!
!
!
!
!
subscriber templating
subscriber authorization enable
virtual-profile if-needed
virtual-profile virtual-template 1
!
!
!
!
!
!
multilink virtual-template 1
multilink bundle-name authenticated
vpdn enable
!
!
!
no virtual-template snmp
!
!
!
!
!
!
!
!
!
license udi pid ASR1004 sn xxxxxxxxxx
license accept end user agreement
license boot level advipservices
memory free low-watermark processor 417477
!
!
!
!
!
!
spanning-tree extend system-id

et-analytics
diagnostic bootup level minimal
!
!
redundancy
mode none
!
!
!
!
!
!
!
!
class-map match-all dscp-inet
match dscp af11
class-map match-all xxxxxxxx
match ip precedence 1
!
policy-map test-client
class dscp-inet
police cir 1048500
conform-action transmit
exceed-action drop
class dscp-bg
police cir 2097000
conform-action transmit
exceed-action drop
policy-map xxxxxxxxxxx_pm
class xxxxxxxxx
police cir 10000000
conform-action set-dscp-transmit af11
exceed-action set-dscp-transmit af11
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
bba-group pppoe global
virtual-template 1
vendor-tag circuit-id service
sessions per-mac limit 1
sessions auto cleanup
!
!
!
interface Null0
no ip unreachables
no ipv6 unreachables
!
interface Loopback0
no ip address
no ip proxy-arp
!
interface Loopback1
no ip address
!
interface TenGigabitEthernet1/1/0
no ip address
no ip proxy-arp
!
interface TenGigabitEthernet1/2/0
no ip address
!
interface TenGigabitEthernet1/2/0.10
encapsulation dot1Q 10
ip address xxx.xxx.x16.8 255.255.255.240
!
interface TenGigabitEthernet1/2/0.692
encapsulation dot1Q 692
ip address xxx.xxx.xxx.27 255.255.255.248
!
interface TenGigabitEthernet1/3/0
no ip address
!
interface TenGigabitEthernet1/3/0.137
encapsulation dot1Q 137
ip address xxx.xxx.160.1 255.255.255.0
!
interface TenGigabitEthernet1/3/0.138
encapsulation dot1Q 138
ip address xxx.xxx.162.1 255.255.255.0
pppoe enable group global
!
interface TenGigabitEthernet1/3/0.140
encapsulation dot1Q 140
ip address xxx.xxx.169.1 255.255.255.0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.99.9 255.255.255.0
negotiation auto
!
interface Virtual-Template1
ip unnumbered TenGigabitEthernet1/3/0.138
no logging event link-status
peer default ip address pool Subs2 Subs3 Subs4 Subs5
keepalive 60
ppp mtu adaptive
ppp authentication chap PPPoE_LIST
!
router ospf 1
router-id xxx.xxx.xxx.xxx
area 0 authentication
passive-interface default
network xxx.xxx.xxx.xxx 0.0.0.7 area 0
network xxx.xxx.xxx.xxx 0.0.0.15 area 0
distribute-list 10 in
!
router rip
version 2
passive-interface default
network xxx.xxx.xxx.xxx
neighbor xxx.xxx.xxx.xxx
distribute-list 10 in
no auto-summary
!
router bgp 21230
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor xxx.xxx.xxx.xxx remote-as 41313

!
address-family ipv4
redistribute connected route-map redis-connected-to-nvt
redistribute static route-map redis-static-to-nvt
neighbor xxx.xxx.xxx.xxx activate
neighbor xxx.xxx.xxx.xxx soft-reconfiguration inbound
neighbor xxx.xxx.xxx.xxx prefix-list peer_export out
neighbor xxx.xxx.xxx.xxx activate
neighbor xxx.xxx.xxx.xxx soft-reconfiguration inbound
neighbor xxx.xxx.xxx.xxx prefix-list peer_export out
exit-address-family
!
iox
ip local pool Subs2 xxx.xxx.162.2
ip local pool Subs3 xxx.xxx.162.3
ip local pool Subs4 xxx.xxx.162.4
ip local pool Subs5 xxx.xxx.162.5 group Opteron
ip http server
ip http access-class ipv4 20
ip http authentication local
ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format
ip as-path access-list 100 permit ^$
ip as-path access-list 100 deny .*
ip tftp source-interface GigabitEthernet0
ip route xxx.xxx.161.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.162.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.163.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.164.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.165.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.166.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.167.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.168.0 255.255.255.0 Null0 tag 100
ip route xxx.xxx.169.0 255.255.255.0 Null0 tag 100
ip ssh version 2
!
!
!
ip prefix-list peer_export seq 5 permit xxx.xxx.160.0/24
ip prefix-list peer_export seq 10 permit xxx.xxx.161.0/24
ip prefix-list peer_export seq 15 permit xxx.xxx.162.0/24
ip prefix-list peer_export seq 20 permit xxx.xxx.163.0/24
ip prefix-list peer_export seq 25 permit xxx.xxx.164.0/24
ip prefix-list peer_export seq 30 permit xxx.xxx.165.0/24
ip prefix-list peer_export seq 35 permit xxx.xxx.166.0/24
ip prefix-list peer_export seq 40 permit xxx.xxx.167.0/24
ip prefix-list peer_export seq 45 permit xxx.xxx.168.0/24
ip prefix-list peer_export seq 50 permit xxx.xxx.169.0/24
ip radius source-interface TenGigabitEthernet1/2/0.10
ip access-list standard 10
1 permit xxx.xxx.xxx.0 0.0.0.15
ip access-list standard 20
10 permit xxx.xxx.xxx.0 0.0.0.255
20 permit xxx.xxx.xxx.0 0.0.0.255
30 permit xxx.xxx.160.0 0.0.0.255
40 permit xxx.xxx.161.0 0.0.0.255
50 permit xxx.xxx.162.0 0.0.0.255
60 permit xxx.xxx.163.0 0.0.0.255
70 permit xxx.xxx.164.0 0.0.0.255
80 permit xxx.xxx.165.0 0.0.0.255
90 permit xxx.xxx.166.0 0.0.0.255
100 permit xxx.xxx.167.0 0.0.0.255
110 permit xxx.xxx.168.0 0.0.0.255
120 permit xxx.xxx.169.0 0.0.0.255
!
route-map to-nvt-out permit 10
match community 21230:10002
!
route-map redis-static-to-nvt permit 10
match tag 100
set local-preference 120
set origin igp
set community 21230:10002
!
route-map redis-connected-to-nvt permit 10
match ip address prefix-list peer_export
set local-preference 120
set origin igp
set community 21230:10002
!
route-map To-xxxxxx permit 10
match ip address prefix-list peer_export
!
snmp-server manager
!
!
!
radius-server attribute 44 extend-with-addr
radius-server attribute 218 mandatory
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 61 extended
radius-server attribute 4 xxx.xxx.xxx.2
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail mac-only
radius-server configure-nas
no radius-server vsa send accounting
no radius-server vsa send authentication
!
radius server Opteron
address ipv4 xxx.xxx.xxx.2 auth-port 1812 acct-port 1813
timeout 1000
retransmit 6
key 7 00091D03100859571928564708171F
!
!
control-plane
!
call admission new-model
call admission limit 1000
call admission cpu-limit 80
call admission pppoe 10 1
!
!
!
!
!
line con 0
stopbits 1
line aux 0
access-class myacl in
line vty 0 4
access-class myacl in
password 7 xxxxxxxxxxxxxxxxxxxxxxx
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
end

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents