cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
41702
Views
0
Helpful
152
Comments
xthuijs
Cisco Employee
Cisco Employee

Introduction

This document provides an overview for dual stack sessions for ASR9000 BNG, running ipv4 and ipv6 address stacks next to each other for subscriber sessions.

Dual Stack

Dual stack refers to the concept of running a subsciber session with an IPv4 address as well as an IPv6 address.

Deployment models and general concept

Screen Shot 2014-01-14 at 8.46.52 AM.png

Address Assignment

To unravle the complex terminology associated with address assignment in particular to IPv6 this picture below shows the various address assignment options available.

Screen Shot 2014-01-14 at 8.47.07 AM.png

You can also use the framed-ipv6-address radius attribute to provide an address to the subscriber from radius which then will be advertised

via SLAAC (NA/ND) for both PPPoE and IPoE sessions.

The additional attribute ipv6:ipv6-default-gateway VSA can be used to provide the default router in case no dhcpv6 is used for IPoE sessions.

IPv6 Addressing

When it comes to "prefix delegation" that is having a large IPv6 like subnet that is shared between subscribers who get a subnet from that subnet sort of speak the following addressing example hopefully visualizes how it all ties together

Addressing mapping

Slide1.jpg

Configuration CPE

The following 2 secions provide the configuration for the client side and the WAN side of the CPE

PC client side of the CPE

interface GigabitEthernet0/2

description to switch fa0/15

ip address 192.168.1.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex full

speed 100

media-type rj45

negotiation auto

ipv6 address prefix-from-provider ::1:0:0:0:1/64

ipv6 enable

 

WAN side of the CPE

interface FastEthernet2/0.50

encapsulation dot1Q 50

ipv6 address autoconfig default

ipv6 enable

ipv6 dhcp client pd prefix-from-provider

 

In these examples we are expanding the delegated prefix with a :1/64 and we perceive ourselves to be the ".1" and default gateway.

Configuration DHCPv6 Server

ipv6 unicast-routing

ipv6 dhcp pool dhcpv6

prefix-delegation pool dhcpv6-pool1 lifetime 6000 2000

ipv6 route 2001:60:45:28::/64 2005::1

ipv6 route 2001:DB8:1200::/40 2005::1

ipv6 route 200B::/64 2005::1

ipv6 route 2600:80A::9/128 4000::1

ipv6 local pool dhcpv6-pool1 2001:DB8:1200::/40 48

More info on IOS dhcpv6 server:

http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b8a116.shtml

Operation and Call Flow

Because ASR9000 treats the 2 stacks as a single subscriber, and hence ONE access request and a SINGLE accounting record are generated for both stacks, differences of desired operation exist when it comes to when for isntance to generate an accounting request.

There are 2 key things to consider and of importance:

  • When the first AF comes up, an access-request is generated, the access-accept should contain BOTH ipv4 and ipv6 information for the session although there is no second request for the other AF maybe yet
  • An accounting-start can be generated as soon as the first AF comes up, we can wait for a determined period of time and generate a single accounting start record for BOTH AF's, or we can do a triggered interim accounting record when the second AF comes up.

Call Flows

Dual stack generic call flow

Screen Shot 2014-01-14 at 8.46.33 AM.png

PPPoE DS detailed call flow SLAAC based address assignment

Screen Shot 2014-01-14 at 9.07.40 AM.png

PPPoE DS detailed call flow DHCPv6 based address assignment

Screen Shot 2014-01-14 at 8.57.06 AM.png

IPoE DS detailed callflow IPv4 AF starts first

Screen Shot 2014-01-14 at 8.57.30 AM.png

IPoE DS detailed callflow IPv6 AF starts first

Screen Shot 2014-01-14 at 8.57.36 AM.png

Sample Scenario

Sample Topology for the configuration example

Screen Shot 2014-01-14 at 8.39.37 AM.png

Configuration

hostname bng

logging console   debugging

Radius server configuration.

Radius server is listening on 5.5.5.2 with auth-port on 1645 and accounting-port on 1646

radius-server   host 5.5.5.2 auth-port 1645 acct-port 1646

key 7 010107000A5955

!

COA server or policy-server with ip-address 5.5.5.2 is running

aaa server   radius dynamic-author

client 5.5.5.2 vrf default server-key 7   03165A0F575D72

!

aaa group server   radius RADIUS

server 5.5.5.2 auth-port 1645 acct-port 1646

!

aaa accounting   service default group radius

aaa accounting   subscriber default group radius

aaa   authorization subscriber default group radius

aaa   authentication subscriber default group radius

line console

stopbits 1

!

DHCPv6 address pool is defined locally within BNG box and local pool is used for ipv6 address assignment to IPv6 BNG clients

pool vrf default   ipv6 ipv6_address_pool

address-range 2001::2 2001::7dff

!

 

DHCPv4 server with ip address 20.20.20.2 is deployed externally and this ipv4 address should be reachable from BNG device. Routing protocols should take care of reachability of 20.20.20.2 from BNG device. DHCPv4 proxy is configured as follows.

dhcp ipv4

profile IPoEv4   proxy

helper-address vrf default 20.20.20.2   giaddr 10.10.10.1

!

 

DHCPv4 proxy is enabled on bundle sub-interface

interface   Bundle-Ether1.10 proxy profile IPoEv4

!

 

DHCPv6 server is configured and already configured DHCPv6 address pool is referred within DHCPv6 server configuration. DHCPv6 profile is configured as follows with address pool.

dhcp ipv6

   profile IPoEv6 server

   address-pool ipv6_address_pool

!

 

DHCPv6 address pool is referred on bundle sub-interface.

interface   Bundle-Ether1.10 server profile IPoEv6

!

interface   Bundle-Ether1

bundle   maximum-active links 1

!

Bundle sub-interface with dot1q encapsulation configured with single tag. Subscriber traffic from

CPE should come with single dot1q tag and this vlan tag should match with vlan id 10 configured under bundle sub-interface. In dual-stack IPoE configuration,   “initiator dhcp” is configured ipv4/ipv6 l2 connect mode.

Policy-map type control’s name is referred with service-policy

interface   Bundle-Ether1.10

ipv4   point-to-point

ipv4 unnumbered   Loopback1

ipv6 enable

service-policy   type control subscriber pm-src-mac

encapsulation   dot1q 10

ipsubscriber   ipv4 l2-connected

initiator dhcp

!

ipsubscriber ipv6 l2-connected

initiator dhcp

!

!

Ipv4 address 10.10.10.1 is default-gateway ip address for pool of ipv4 address allocated to dual-stack BNG clients

interface   Loopback1

ipv4 address 10.10.10.1 255.255.255.0

ipv6 enable

!

interface   MgmtEth0/RSP0/CPU0/0

ipv4 address 9.22.11.3 255.255.0.0

!

interface   MgmtEth0/RSP0/CPU0/1

shutdown

!

 

Physical interface gigabit0/0/0/0 is configured as bundle interface.

interface   GigabitEthernet0/0/0/0

bundle id 1 mode on

negotiation auto

transceiver permit pid all

!

interface   GigabitEthernet0/0/0/1

ipv4 address 20.20.20.1 255.255.255.0

transceiver permit pid all

!

interface GigabitEthernet0/0/0/5

ipv4 address 5.5.5.1 255.255.255.0

!

Dual-stack dynamic-template is configured for dual-stack initiation. “ipv6 enabled” under dual-stack template and ipv4 unnumbered

address, ipv4 urpf configured.

dynamic-template

   type ipsubscriber Dual_stack_IPoE

     accounting aaa list default type   session periodic-interval 5

     ipv4 verify unicast source   reachable-via rx

     ipv4 unnumbered Loopback1

     ipv6 enable

!

!

Class-map configured for dual-stack scenario to match DHCPv6 – SOLICIT and DHCPv4 DISCOVER as sign of life packet

class-map type   control subscriber match-any dual_stack_class_map

   match protocol dhcpv4 dhcpv6

   end-class-map
!

 

Class-map “Dual_stack_class_map “ is referred within policy-map.   Even session-start is hit based on DHCPv4/DHCPv6 FSOL, template “Dual_stack_IPoE” is activated.   Subscriber mac-address is used as subscriber identification and it is authorized with AAA server

policy-map type   control subscriber pm-src-mac

event session-start match-all

   class type control subscriber   dual_stack_class_map do-all

     1 activate dynamic-template   Dual_stack_IPoE

     2 authorize aaa list default identifier   source-address-mac password cisco

!

!

end-policy-map

!

end

 

Verification example

”show subscriber session all” command shows ipv4/ipv6 clients session active

RP/0/RSP0/CPU0:bng#show   subscriber session all

Tue Jan 29   12:49:25.237 UTC

Codes: IN -   Initialize, CN - Connecting, CD - Connected, AC - Activated,

       ID - Idle, DN - Disconnecting, ED -   End

Type         Interface               State     Subscriber IP Addr / Prefix

                                                 LNS Address (Vrf)                            

--------------------------------------------------------------------------------

IP:DHCP     BE1.10.ip22             AC       10.10.10.10 (default)

                                                 2001::2 (default)               

     

 

Command “show subscriber session all detail” should show ipv4/ipv6 clients details detailly.

RP/0/RSP0/CPU0:bng#show   subscriber session all deta

Tue Jan 29   12:49:27.752 UTC

Interface:               Bundle-Ether1.10.ip22

Circuit ID:               Unknown

Remote ID:               Unknown

Type:                     IP: DHCP-trigger

IPv4 State:               Up, Tue Jan 29 12:46:32 2013

IPv4   Address:             10.10.10.10, VRF:   default

IPv6 State:               Up, Tue Jan 29 12:46:42 2013

IPv6   Address:            2001::2, VRF: default

IPv6 Interface   ID:       ..d..... (02 00 64 ff fe 01   01 02)

Mac   Address:             0000.6401.0102

Account-Session   Id:       0000001c

Nas-Port:                 Unknown

User name:               0000.6401.0102

Outer VLAN ID:           10

Subscriber   Label:         0x00000055

Created:                 Tue Jan 29 12:46:32 2013

State:                   Activated

Authentication:           unauthenticated

Access-interface:         Bundle-Ether1.10

Policy Executed:

policy-map type   control subscriber pm-src-mac

event Session-Start match-all [at Tue Jan   29 12:46:32 2013]

   class type control subscriber   dual_stack_class_map do-all [Succeeded]

     1 activate dynamic-template   Dual_stack_IPoE [Succeeded]

     2 authorize aaa list default   [Succeeded]

Session   Accounting:      

Acct-Session-Id:         0000001c

Method-list:             default

Accounting started:       Tue Jan 29 12:46:32 2013

Interim accounting:       On, interval 1 mins

   Last successful update: Tue Jan 29   12:48:34 2013

   Next update in:         00:00:06 (dhms)

Last COA request   received: unavailable

”show dhcp ipv4 proxy binding” command is going to show ipoev4 clients created with ip-address and mac-address, interface on which it is created, vrf-name etc

RP/0/RSP0/CPU0:bng#show   dhcp ipv4 proxy binding

Tue Jan 29   12:49:42.955 UTC

 

                                             Lease                                                

 

MAC Address     IP Address     State     Remaining       Interface         VRF     Sublabel

-------------- -------------- ---------   --------- ------------------- ---------   ----------

 

0000.6401.0102 10.10.10.10     BOUND     3409       BE1.10               default   0x55      

 

 

RP/0/RSP0/CPU0:bng#show   dhcp ipv4 proxy binding de

Tue Jan 29   12:49:49.498 UTC

MAC   Address:                 0000.6401.0102

VRF:                         default

 

Server VRF:                 default

IP Address:                 10.10.10.10

Giaddr from   client:         0.0.0.0

Giaddr to   server:           10.10.10.1

Server IP   Address:           20.20.20.2

Server IP   Address to client: 10.10.10.1

ReceivedCircuit   ID:         -

InsertedCircuit   ID:         -

ReceivedRemote   ID:           -

InsertedRemote   ID:           -

ReceivedVSISO:               -

InsertedVSISO:               -

Auth. on   received relay info:FALSE

Profile:                     IPoEv4

State:                       BOUND

Proxy   lease:                 3600 secs   (01:00:00)

Proxy lease   remaining:       3403 secs (00:56:43)

Client ID:                     0x00-0x00-0x64-0x01-0x01-0x02

Access   Interface:           Bundle-Ether1.10

Access VRF:                 default

VLAN Id:                     10

Subscriber   Label:           0x55

Subscriber   Interface:       Bundle-Ether1.10.ip22

“show dhcp ipv6 server binding” is going to show ipv6 address allocated from DHCPv6 local pool

RP/0/RSP0/CPU0:bng#show   dhcp ipv6 server binding

Tue Jan 29   12:50:04.560 UTC

Summary:

Total number of   clients: 1

DUID   : 00030001000064010102

MAC Address: 0000.6401.0102

Client Link Local: fe80::200:64ff:fe01:102

Sublabel: 0x55

   IA ID: 0x0

   STATE: BOUND

   IPv6 Address: 2001::2 (Bundle-Ether1.10)

       lifetime : 600 secs (00:10:00)

       expiration: 399 secs (00:06:39)

RP/0/RSP0/CPU0:bng#

 

Related Information

Configuration example and verification provided by Narendiran Rajaram

Xander Thuijs CCIE #6775

Principal Engineer ASR9000, IOS-XR and NCS6000

Comments
xthuijs
Cisco Employee
Cisco Employee

The config based on a "quick" scan looks like I am not spotting anything obvious.

well, you set the timer on UNCLASS sessions and your event on timer expiry seems to only match on dhcp based sessions, so this event timer expiry will bail for UNCLASS sessions, that is not related to the problem at hand however. (just fyi :)

the debug subscriber manager class-eval and policy will help in verifying the policy execution of this unclassified subscriber and see if a class is triggered and what actions are taken.

That might be most important right now to see what is going on there.

Also what ver are you on? May be best to be on 512 (not sure if this is a lab and easy to upgrade)

regards

xander

gthermaenius
Level 1
Level 1

Hi,

i'm on 5.2.0.

The timer-expiery and idle-timer is by design.. You see if you have a static configured v4 adress on your CPE there is no way you can swap equipment because the session is locked to the old CPE MAC. Since there is no way to handle session mac conflict I had to do it that way and it will take 660sek for the old session to be disconnected.

Anyway, the class-eval and policy debugs are not showing anything. I just spoke to TAC and they said that the feature is not supported.. *arg* just spent 3 days trying to get it working! Kind of sad that I cant give my soho B2B customers static v6 session through the BNG without doing the "ipsubscriber interface" on the access-interface.. I have to through it on you guys.. it's 2014, everything should be v6 :)

Unless you find something else, thanks for taking the time!

 

~~xander response~~

the "maximum replies" we hit again and I have no way of responding to you except for editing your message, apologies.

would you be ok sending me the tac case you had open for this because I'd like to review this. I am currently checking with my dev group to see what the expectation is on that. As far as I know, although I never tried, v6 packet trigger should function, or maybe there is a small hook to be addressed. And you're right, if something has a v4 func, v6 should be natural!! Point taken, will carry that forward.

regards

xander

~~Gunnar response~~

Here you go..

SR 631164239, think this was just for the documentation but anyways. DDTS CSCuq08899 

//Gunnar

~~xander response (2)~~

thanks gunnar! ok so I got conclusion on this also, this will be in 522, the hook is indeed missing for the triggered sessions for v6.

the ddts you have is filed against documentation to have it corrected. apologies for this mishap!

cheers!

xander

jenny4451
Community Member

Hi,

 

We were having POC during past 2 month for ASR 9000 BNG features. All were running fine with 5.1.2. However, we were stucked in PPPoE dual-stack feature. We were having trouble with DHCPv6. We were able to obtain IPV6 address and IPv4 is working fine, but IPV6 is not being routed outside internet. I reviewed bugs mentioned on this forum and it seems like bugs were fixed with 5.1.2. On the contrary, I read from this forum that with PPPoe dual stack works fine with 4.3.x.

I would like to know if the reason why ipv6 is not being routed outside was due to a bug or we need to modify config. We have below config format:

 

dynamic-template  type ppp PPPOE_TEMPLATE
  ppp authentication chap pap
  qos output minimum-bandwidth 20
  accounting aaa list default type session
  ipv4 mtu 1492
  ipv4 unnumbered Loopback1001
  ipv6 nd other-config-flag
  ipv6 nd framed-prefix-pool POOL_V6_WAN_PPPOE
  ipv6 nd managed-config-flag
  ipv6 mtu 1492
  ipv6 enable
  dhcpv6 delegated-prefix-pool POOL_V6_LAN_PD_PPPOE

 

---

policy-map type control subscriber PPPOE_PM_DS_FREERADUIS
 event session-start match-all
  class type control subscriber PPPOE_CM do-all
   10 activate dynamic-template PPPOE_TEMPLATE 
 !
 event session-activate match-all
  class type control subscriber PPPOE_CM do-all
   10 authorize aaa list AUTHOR_LIST format MAC_FORMAT password cisco

---

class-map type control subscriber match-any PPPOE_CM_JA
 match protocol ppp dhcpv6
 end-class-map

smailmilak
Level 4
Level 4

Hi Jenny,

 

1. Do you get an IPv6 address (delegated) on your test PC and framed IPv6 on the modem?

2. If yes, do you see the delegated IPv6 prefix on your Internet gateway router?

Maybe it's just a routing problem.

 

Nan Bai
Cisco Employee
Cisco Employee

Hi xander 

this is Nan from CHINA TAC

i have some questions about CPE configuration . i saw you configured the ip nat inside on the interface of CPE which connected to LAN client. but no ip nat outside command on the interface of CPE which connected to BNG.

it made me confused. I don't think NAT can work without ip nat ouside interface... so i would like to ask if NAT is necessay for BNG solution ? if so how to config NAT on CPE side? if no, how did the pkt from LAN client forward to external network without nat?  

xthuijs
Cisco Employee
Cisco Employee

the beauty of ipv6 is that due to its massive addressing space NAT is not really necessary there.

for the ipv4 you tend to want to do NAT because you want to "hide" the inside network, especially if it is private address space. the outside interface for the ip session is a dialer for pppoe, which is not part of this config example sicne it focussed on the v6 nature of it.

To make this scenario work in a routed mode without NAT, looking at the ipv4 dhcp client side,

then the BNG will need a route that points the inside network 192.168.x.x via its bng sub ipv4 address it hands out to the WAN interface of the CPE. This requires a per user or manual static route on the BNG side.

regards

xander

Hi Xander,

Hope you are doing fine.

We have spotted a bug in 5.2.4 regarding IPCP.

In case of an IPv6-only session, IPCP keeps sending CONFREQs although the PPP client sends PROTREJ. We have opened the SR636153247 and we have been proposed to use ppp ipcp passive.

I have two concerns about this:

  • Is it going to work fine or we are going to have any side effects?
  • It seems that the ppp ipcp passive command has been proposed as the solution of the problem, although we believe it should be a workaround until the bug is fixed, so we are trying to convince Cisco to fix it!! Is my understanding correct or you are willing to fix the bug?

 

Regards,

Dimitris

xthuijs
Cisco Employee
Cisco Employee

using ipcp passive is a great way to resolve this issue indeed since we would not start ipcp unless we see something from the peer.

it is true that a protrej should cause the receiver to stop sending packets for the protocol. so you are correct in that regard, however the passive mode achieves precisely that...

xander

So, if I am not mistaken, you are saying that using IPCP passive is considered as the solution and the bug is not going to be fixed.

If yes, I believe IPCP/IPv6CP passive commands should be default under dynamic (and virtual in IOS-XE) templates, for achieving a behavior as close as possible to the RFC .

Regards,

Dimitris

xthuijs
Cisco Employee
Cisco Employee

I agree with you that this is not the right behavior as it is today, but there is a very viable soluton to it (passive). so if you insist tac will file a ddts and I will fix it, but I am just being honest with you that this is not one that I'll sacrifice nights and weekends over or hold a release up for :).

cheers!

xander
 

Since the workaround works fine, I guess the issue must be documented as soon as possible and then it could be fixed in a lower priority.

Maybe making the passive behavior as the default would be a quick solution that wouldn't need so many sacrifices ;)

Regards,

Dimitris

Hi Alexander,

 

Is it possible to use external Radius for both ipv4 and ipv6. We are trying to configure in this scenario but can find no documentation covering this. We have a Cisco TAC case open but they have referred us to this document which covers external ipv4 and local ipv6 servers.

Regards

 

Brian

xthuijs
Cisco Employee
Cisco Employee

Hi Brian,

if you're asking about whether the radius server can be *reached* via ipv6 transport, then the answer today is no.

So the radius-server needs to have an ipv4 addr for communication between BNG and itself.

If the Q is relating to whether the radius server can provide authorization details for a session to the bng for both v4 and v6 related subscriber services, then the answer is yes.

As a matter of fact when the first authen/author request goes to the radius server when the FSOL (first sign of life, eg padi or discover) is sent, the radius server needs to respond back with BOTH the v4 and v6 information such as what addr or pool to use etc.

Although the FSOL, let's say its a v4 discover is not asking YET about v6, the author data needs to be present in the dbase so that when the v6 solicit comes in, the BNG knows what to do with it.

In other words, there is no separate author/authen for each stack, the first stack either v4 or v6 will require the radius to provide back for BOTH address families.

cheers!

xander

Hi all!

We have working implementation of dualstack on IPoE, and now we are trying to set up dualstack on PPPoE.
On ASR1000 it's working now, but on ASR9000 we have a problem.
If PC set up PPPoE session, it looks good, it can access any resources via IPv4 and v6.
But ADSL modem wich is set up dualstack on ASR1000 without problems can't get LAN IPv6 prefix.
I tried to change software version from 5.2.4SP2 to 5.3.3 without success.
In debug dhcp ipv6 I see this:


RP/0/RSP0/CPU0:Feb 9 08:54:59.208 : dhcpv6d[1084]: DHCPV6 SERVER ERROR: TP3692: dhcpv6_daps_alloc_by_pool: DAPS: daps_ipv6_alloc_by_pool: Failed rc='ip-daps' detected the 'warning' condition 'Warning: Invalid arguments passed'
RP/0/RSP0/CPU0:Feb 9 08:54:59.208 : dhcpv6d[1084]: DHCPV6 ERROR: TP3030: fsm : send_daps_req failed
RP/0/RSP0/CPU0:Feb 9 08:54:59.209 : dhcpv6d[1084]: DHCPV6 INTERNAL: TP380: req_next_addr_pfx_from_daps: client:0x502763f0 (1344758768) fsm:0x500831de (1342714334) num_req:0 iaid:0x0xf (15) rc:'ipv6-new-dhcpv6d' detected the 'warning' condition 'Error: Failed to alloc daps'
RP/0/RSP0/CPU0:Feb 9 08:54:59.209 : dhcpv6d[1084]: DHCPV6 ERROR: TP3031: fsm: sub valid handler failed, client_entry:0x502763f0 (1344758768) fsm:0x500831de (1342714334) reason:13

My config:


dhcp ipv6
profile PPPv6 server
lease 0 0 5
dns-server 2a03:xxxx:1000:10::2 2a03:xxxx:1000:10::3
prefix-pool PPP_LAN_prefix_pool
!
interface subscriber-pppoe profile PPPv6

pool vrf default ipv6 PPP_LAN_prefix_pool
prefix-length 56
prefix-range 2a03:xxxx:fe02:: 2a03:xxxx:fe02:ff00::
!
pool vrf default ipv6 PPP_WAN_prefix_pool
prefix-length 64
prefix-range 2a03:xxxx:ff02:: 2a03:xxxx:ff02:ffff::

dynamic-template
type ppp PPP_TPL
ppp authentication pap ms-chap chap
ppp timeout authentication 10
keepalive 15 3
ppp ipcp dns 217.xx.xxx.19 217.xx.xxx.18
ppp ipcp peer-address pool 1000
accounting aaa list default type session periodic-interval 25
ipv4 unnumbered Bundle-Ether4.3333
ipv6 nd framed-prefix-pool PPP_WAN_prefix_pool
ipv6 nd managed-config-flag
ipv6 enable
dhcpv6 delegated-prefix-pool PPP_LAN_prefix_pool

interface Bundle-Ether4.231
service-policy type control subscriber PPP_policy
pppoe enable bba-group vlan12
encapsulation dot1q 231

pppoe bba-group vlan12
service selection disable
sessions max limit 2

class-map type control subscriber match-any PPPoE
match protocol ppp
end-class-map

policy-map type control subscriber PPP_policy
event session-start match-first
class type control subscriber PPPoE do-until-failure
10 activate dynamic-template PPP_TPL
!
!
event timer-expiry match-first
class type control subscriber AUTH_TIMER_CM do-until-failure
10 disconnect
!
!
event authorization-failure match-first
class type control subscriber PPPoE do-until-failure
10 activate dynamic-template HTTP_UNAUTH_REDIRECT
20 set-timer AUTH_TIMER 5
!
!
event session-activate match-first
class type control subscriber PPPoE do-until-failure
10 authenticate aaa list default
!
!
end-policy-map

Hi again!

I continued to test dualstack on ASR9001 and discovered interesting thing.

All my devices (ASR9001 and ASR1004) provides WAN ipv6 address by SLAAC and LAN prefix by DHCPv6. But ADSL modem by default requests both WAN address and LAN prefix by DHCPv6. After receiving solicit with WAN and LAN  address request ASR1004 proceed with advertising only LAN prefix, and WAN address is provided latter with SLAAC. ASR9001 receiving the same solicit replays back with advertise message with status code unspecific fail and modem can't get IPv6 LAN prefix.

If I manually disable WAN IPv6 address request through DHCP and only prefix delegation request comes in solicit, than all works fine both in ASR9001 and ASR1004.

I tested this on 5.2.4 SP2 and 5.3.3 versions. Is it a bug in DHCpv6 working on ASR9001 or it's normal behaviour?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links