cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1154
Views
4
Helpful
15
Replies

Assign ACS url trough PPPoE on ASR1001-X (TR-069)

andy89
Level 1
Level 1

Hi,

we are using the Cisco ASR1001-X as core router on our ISP network. For the management of the CPE I set up a TR-069 ACS server. For testing purposes I configured the ACS URL manually on the CPE, which works fine.

However I'd like our ASR to pass the URL automatically along with the PPPoE request from the CPE which would allow us to integrate automatically all routers installed at our customers. As radius server we use FreeRADIUS.

Is there a way to achieve this on the ASR1001-X?

Appreciate any suggestion.

1 Accepted Solution

Accepted Solutions

andy89
Level 1
Level 1

I have found a solution. With the attribute Reply-Message configured on the Radius server I can pass the ACK/NAK message to the CPE.

Reply-Message := "SRD=50000#SRU=10000#TR069URL=https://myacs.xyz123.com:7547#TR069PROVC=setup#"

 

View solution in original post

15 Replies 15

balaji.bandi
Hall of Fame
Hall of Fame

I was not sure about the request. can you explain more details and show us the what have you done with ACS (cisco ?)

 For the management of the CPE I set up a TR-069 ACS server. For testing purposes I configured the ACS URL manually on the CPE, which works fine.

what URL you configured, 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @andy89 ,

you can use the Radius server to pass a Cisco specific   attribute called AV Pair that you can use to pass some configurations commands during Radius authentication.

Radius Vendor specific attribute is 26. It is followed by two fields one that identifies Cisco as the vendor and one that specifies the AV pair attibute Type length Value TLV.

Hope to help

Giuseppe

 

andy89
Level 1
Level 1

Hi @Giuseppe Larosa,

thanks you for your reply. We did a couple of tests but didn'd get it to work until now. Will try further.

According to our CPE vendor (AVM) the syntax for the ACK/NAK response should look like that:

 

 SRD=xxxx#SRU=yyyy#SRT=zz#LID=line-id#TR069URL=url#TR069PROVC=provisioningcode

 

I guess Line ID (LID) or TR069PROVC shouldn't be needed.

If anyone has managed to make it work I'd appreciate any help.

In ASR you use pool, use dhcp local server and try push dhcp option to CPE about the url ACS

MHM

andy89
Level 1
Level 1

Thanks @MHM Cisco World for the reply. With DHCP opt. 43 it works - tried that earlier in a test setup.

As our CPE is using PPPoE only I'm trying to make it work for PPPoE as well. Would be great if there is a way to pass the TR069 URL to the CPE with FreeRADIUS.

Tried that - without success:

 

+-----+---------------+------------+----+------------------------+
| id  | username      | attribute  | op | value                  |
+-----+---------------+------------+----+------------------------+
| 1 | test@user.fiber | cisco-avpair   | := | TR069URL=https://ouracsurl.net:7547 |

 

 

 

 

 

Cpe is pppoe client 

Asr is pppoe server' and hence it push IP to client via dhcp here ypu can push also url

MHM

Hello @MHM Cisco World ,

>> Asr is pppoe server' and hence it push IP to client via dhcp here ypu can push also url

DHCP should not be involved IP address is provided in IPCP  NCP part of PPP negotiation

Hope to help

Giuseppe

 

friend 

You can use pool of dhcp local to assign IP for pppoe client.

@andy89 instead of radius send pool name let it send dhcp pool name 

MHM

andy89
Level 1
Level 1

Ok, I'll have a more detailed look into that. Currently the ASR retrieves the IP pool from FreeRADIUS.

According to you, could it be possible to add the "TR069URL" attribute in the radreply table (that we use to assign a static IP to a user)?

That is what I have tried before:

+-----+---------------+------------+----+------------------------+
| id  | username      | attribute  | op | value                  |
+-----+---------------+------------+----+------------------------+
| 1 | test@user.fiber | cisco-avpair   | := | TR069URL=https://ouracsurl.net:7547 |

 

Hello @andy89 ,

refer to the following link:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_radatt/configuration/xe-16/sec-usr-radatt-xe-16-book/sec-vsa-rad-discnct.html

Radius attribute = 26  for vendor specific , then Cisco = 9

the AVPair is a string that contains a similar

For example, the following AV pair causes Cisco’s “multiple named ip address pools” feature to be activated during IP authorization (during PPP’s IPCP address assignment):

cisco-avpair= ”ip:addr-pool=first“

If you insert an “*”, the AV pair “ip:addr-pool=first” becomes optional. Note that any AV pair can be made optional.

cisco-avpair= ”ip:addr-pool*first“

 

Hope to help

Giuseppe

 

andy89
Level 1
Level 1

According to this document protocols that can be used with "cisco-avpair" include IP, IPX, VPDN, VOIP, SHELL, RSVP, SIP, AIRNET and OUTBOUND.

The format has to look like this:

 

cisco-avpair = "protocol:attribute=value" (or * instead of = for optional attributes)

 

I went through the list of (string) attributes but coudn't find anything that might be suitable for passing the TR069 URL.

andy89
Level 1
Level 1

According to our CPE vendor it is possible to pass the ACS URL to the CPE by transferring a string like this

 

SRD=50000#SRU=10000#TR069URL=https://myacs.xyz123.com:7547#TR069PROVC=setup#

 

within the PPP-PAP/CHAP authentication message (PAP=Code 2, CHAP=Code 3).

Does anyone have an idea how that could be possible with Cisco IOS?

did you try DHCP ?

MHM

andy89
Level 1
Level 1

Thanks for the reply. According to this document the CPE vendor (AVM) supports it to pass the URL directly with the ACK/NAK response message. As stated in PPP RFC 1334 and 1994 it is possibile to specify a message:

The Message field is zero or more octets, and its contents are implementation dependent. It is intended to be human readable, and MUST NOT affect operation of the protocol. It is recommended that the message contain displayable ASCII characters 32 through 126 decimal. Mechanisms for extension to other character sets are the topic of future research.

message-ppp.png

Here's how the trace should look like:

acs.png

Do you know if it is possible with Cisco IOS to configure the ACK/NAK message?

Review Cisco Networking for a $25 gift card