11-29-2017 09:08 PM - edited 03-01-2019 03:20 PM
Dear colleagues, i'm newbie with ASR9k1 and have a question.
Cisco IOS XR Software, Version 6.2.25[Default]
We are migrating from C6506 to ASR9001 routers as a BNG with IPoE access technology. And the 1st trouble is usage of two subnets per vlan:
interface Vlan443 ip address 10.114.114.254 255.255.255.0 secondary ip address 99.99.99.254 255.255.255.0
I don't understand how to do this in BNG configuration, because it using unnumbered ip addressing, and there is point to IP address of any working interface of this router or borrowing IP from any interface of router in dynamic-template. And i can't use double options to configure two or more IPs on access-interface and dyn-template. I tried to configure secondary IP on loopback interface, but it hasn't any positive effect. DHCP relay has assigned address from "secondary" subnet, but subscriber's interface was with "primary" IP and connectivity was fail.
dynamic-template type ipsubscriber DYNTPL_IP_SUB timeout idle 600 traffic inbound ipv4 unnumbered loopback 433 ipv4 access-group ACL_DENY_IN ingress ipv4 access-group ACL_DENY_OUT egress ! interface Loopback433 ipv4 address 10.114.114.254 255.255.255.0 secondary ipv4 address 99.99.99.254 255.255.255.0 ! interface TenGigE0/0/2/1.433 ipv4 point-to-point ipv4 unnumbered Loopback433 arp learning disable service-policy type control subscriber PM_IPoE encapsulation dot1q 433 ipsubscriber ipv4 l2-connected initiator dhcp initiator unclassified-source ! policy-map type control subscriber PM_IPoE event session-start match-first class type control subscriber class-default do-until-failure 10 set-timer TIMER_UNAUTH 1 20 activate dynamic-template DYNTPL_IP_SUB 30 authorize aaa list default format VLAN_MAC password pass
........................................
But for "primary" subnet everything works well: subscribers get service and sessions are starting.
I've made 2nd sub-interface in that vlan with IP from secondary network and removed from loopback as temporary issue, but it isn't beautiful:
interface TenGigE0/0/2/3.433 ipv4 address 10.114.114.254 255.255.255.0 encapsulation dot1q 433 ipv4 access-group ACL_PERMIT_VOIP_IN ingress ipv4 access-group ACL_PERMIT_VOIP_OUT egress
hosts may have not AAA and IPoE Session processing in 10.114.114.0/24.
have you some ideas ? Thank you.
Sergey.
Solved! Go to Solution.
12-01-2017 05:45 AM
Sergey,
The IP addresses on the Loopback interface should cover the whole range of addressed assigned by the DHCP server.
Can you capture this in a file and attach (it's difficult to read long inline session logs):
sh install active summary
sh subscriber session filter interface <subscriber-interface> detail
sh arp <subscriber-interface>
sh im database interface <subscriber-interface> detail
/Aleksandar
11-30-2017 08:50 AM
hi Sergey,
unnumbered is the right approach, with multiple secondary addresses on the Loopback interface. I didn't quite understand this sentence that you wrote:
...DHCP relay has assigned address from "secondary" subnet, but subscriber's interface was with "primary" IP...
Can you elaborate on that?
/Aleksandar
11-30-2017 06:16 PM
Aleksandar, thank you for your reply.
I'm uncorrectly wrote that ips were from different subnets. I shiffed that network, and got incomprehensible results:
Access-interface was upped:
08:45:37.552739 ARP, Reply 99.99.99.254 is-at 78:ba:f9:6e:30:71, length 46 08:45:37.552756 ARP, Reply 10.114.114.254 is-at 78:ba:f9:6e:30:71, length 46 08:45:37.552939 ARP, Reply 99.99.99.254 is-at 78:ba:f9:6e:30:71, length 46 08:45:37.552949 ARP, Reply 10.114.114.254 is-at 78:ba:f9:6e:30:71, length 46
OK, double ips were introduced. Subscriber from 99.99.99.0/24 can get ip settings: IP 99.99.99.252/32, gw= 99.99.99.254 and it will works. Session will start without any problem.
08:55:22.145412 ARP, Request who-has 99.99.99.254 tell 99.99.99.252, length 28 08:55:22.145914 ARP, Reply 99.99.99.254 is-at 78:ba:f9:6e:30:71, length 46 08:55:22.145925 IP 99.99.99.252 > 99.99.99.254: ICMP echo request, id 16231, seq 1, length 64 08:55:22.146584 IP 99.99.99.254 > 99.99.99.252: ICMP echo reply, id 16231, seq 1, length 64
IP:PKT Te0/0/2/1.433.ip37 AC 99.99.99.252 (default)
Than device from 10.114.114.0/24 was attached. External DHCP-server gave settings through ASR DHCP-relay: IP 10.114.114.253/32, GW 10.114.114.254. OK. But connectivity was fail:
09:01:06.281567 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46 09:01:06.289967 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46 09:01:06.389387 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46 09:01:06.874611 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46 09:01:07.881091 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46 09:01:08.885379 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46
The configuration of access-interface and loopback:
interface TenGigE0/0/2/1.433 ipv4 point-to-point ipv4 unnumbered Loopback433 arp learning local <-- I tried to disable arp learning. There was no effect service-policy type control subscriber PM_IPoE encapsulation dot1q 433 ipsubscriber ipv4 l2-connected initiator dhcp initiator unclassified-source ! interface Loopback433 ipv4 address 99.99.99.254 255.255.255.255 <-- I tried /24 netmask. There was no effect ipv4 address 10.114.114.254 255.255.255.255 secondary
I can't understand why the ASR doesn't respond to ARP_requests in secondary network.
Sergey.
12-01-2017 05:45 AM
Sergey,
The IP addresses on the Loopback interface should cover the whole range of addressed assigned by the DHCP server.
Can you capture this in a file and attach (it's difficult to read long inline session logs):
sh install active summary
sh subscriber session filter interface <subscriber-interface> detail
sh arp <subscriber-interface>
sh im database interface <subscriber-interface> detail
/Aleksandar
12-03-2017 08:50 PM
Aleksandar, I made new test config, and we added new attribute to AAA config (src ip of subscriber). It's incredible, but 2nd network started working normally.
show subscriber session all Sun Dec 3 20:27:37.929 TOMSK Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated, ID - Idle, DN - Disconnecting, ED - End Type Interface State Subscriber IP Addr / Prefix LNS Address (Vrf) -------------------------------------------------------------------------------- IP:PKT Te0/0/2/1.459.ip1 AC 99.99.99.251 (default) IP:PKT Te0/0/2/1.459.ip2 AC 10.227.247.253 (default)
aaa attribute format VLAN_MAC_SRCIP
format-string length 253 "0%s.%s.%s" outer-vlan-id client-mac-address-raw addr
I can't find an explanation why it did not work before...
Thank you for your support.
03-18-2023 09:46 AM
Hi,
and you are using this new AAA attribute for authorization (VLAN+MAC+SRC IP)?
07-02-2019 10:59 AM
Hello,
I'm finding myself in a similar situation where I may have to perform prefix stacking while using unnumbered loopback interfaces because we're going to be migrating from PPPoE to IPoE using Geo Redundant BNG via two ASR9006 systems and I need assistance in determining the following.
1. When prefix stacking and using BNG is there a hierarchy for which prefix is used first? For example, is the primary prefix used and then the secondary?
2. Does Cisco recommend and support that type of configuration for BNG?
Thanks,
Alex
07-03-2019 06:59 AM
We do support secondary IPv4 addresses on Loopback that binds to a dynamic template. Quite a number of our customers are using this approach. The primary and all secondary addresses are always inherited by the subscriber interface. To avoid burning ARP entries (which we anyway don't need for subscriber interfaces), disable ARP on subscriber interfaces by configuring "subscriber arp scale-mode-enable".
/Aleksandar
07-12-2019 03:05 PM
Good Afternoon Aleksandar,
I appreciate your reply and information provided. I'll test with this and get back to you. I am currently awaiting completion of a new DHCP and Radius sever. I hope you have a great weekend!
09-03-2019 09:36 AM
03-18-2023 04:55 AM
Hi, have you managed to fix that?
I am replying to the BNG with the Loopback Interface and this is then the giaddr for the DHCP server.
The subscriber gets the correct IP address.
There is a problem though. I have one access-interface, but when there are sessions from two different subnets, the second subnet can't ping anything. If all subs are in the same subnet everything is ok.
No idea if this is a config or design issue, or maybe this is not supported at all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide