Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
0
Helpful
2
Replies

ASR9k IPoE static IP binding with dot1q interface per vlan

NayatelPakistan
Level 1
Level 1

‎11-25-2021 11:21 PM

I connected  IPOE subscriber through separate sub-interface on ASR9001 OS V 6.4.2 using DHCP initiate . Now subscribers are being assigned IPs through DHCP but what i want is to assign IP to the customer on the bases their NAS port id which i have customized as pasted below.

 

Nov 26 11:49:22.373 GMT: radiusd[1153]: RADIUS: NAS-Port-Id [87] 22 Bundle-Ether142.4000

 

Radius will forward this attribute to data base where IPs wil be binded against "Bundle-Ether142.4000" value. Actually i want to how i could achieve this using COA or other AAA options running is pasted below. Please guide.

 

@xthuijs you are specially requested to assist.

 

aaa group server radius BNG
server 172.16.149.102 auth-port 1812 acct-port 1813
source-interface Loopback70
!
aaa authentication ppp default group BNG
address-family ipv4 unicast

pool vrf default ipv4 IPSUB
network 172.16.21.104/29

dhcp ipv4
profile IPSUB server
pool IPSUB
dns-server 101.50.101.50
default-router 172.16.21.110
!
interface Bundle-Ether142.4000 server profile IPSUB
interface Bundle-Ether142.4020 server profile IPSUB

!
interface Bundle-Ether142.4000
ipv4 point-to-point
ipv4 unnumbered Loopback70
ipv4 verify unicast source reachable-via rx
service-policy type control subscriber POL_IPSUB
encapsulation dot1q 4000
ipsubscriber ipv4 l2-connected
initiator dhcp
!
ipsubscriber ipv6 l2-connected
initiator dhcp
!
!
interface Bundle-Ether142.4020
ipv4 point-to-point
ipv4 unnumbered Loopback70
ipv4 verify unicast source reachable-via rx
service-policy type control subscriber POL_IPSUB
encapsulation dot1q 4020
ipsubscriber ipv4 l2-connected
initiator dhcp
!
ipsubscriber ipv6 l2-connected
initiator dhcp
!
!
interface Loopback70
ipv4 address 172.16.21.110 255.255.255.255
!
aaa attribute format MY_AUTH
mac-address plus circuit-id plus remote-id separator #
!
aaa attribute format NAS-PORT-ID-FORMAT2
format-string length 253 "Bundle-Ether%s.%s" physical-port outer-vlan-id
!
aaa radius attribute nas-port format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU type 40
aaa radius attribute nas-port-id format NAS-PORT-ID-FORMAT2
aaa accounting subscriber default group radius
aaa authorization subscriber default group radius
aaa authentication subscriber default group radius
!
class-map type control subscriber match-any CLASS_IPSUB
match protocol dhcpv4
end-class-map
!
!
policy-map type control subscriber POL_IPSUB
event session-start match-first
class type control subscriber CLASS_IPSUB do-until-failure
1 activate dynamic-template IPSUB
10 authorize aaa list default format MY_AUTH password test
!
!
end-policy-map

Labels:
0 Helpful
2 Replies 2

xthuijs
Cisco Employee
Cisco Employee

‎11-26-2021 04:55 AM

the local dhcp server in xR can only pick adds based on giaddr or that is the ip addr of the interface/unnumbered associated with the subscriber.

what you can do is to create a username for the subscriber composed of the nas-port id.
than send it off to radius for authentication
use username and or nas-port-id as part of the check items
and send back framed-ip address netmask dns and default gateway to fill the offer for dhcp to send back.

this requires profile bASE however.

cheers!
xander
0 Helpful

NayatelPakistan
Level 1
Level 1
In response to xthuijs

‎11-28-2021 09:38 PM

Thanks xander for your prompt response!

 

I am glad that you explained the logic for achieving this. Would you please share how i can configure a profile base. Any informational link or sample will be helpful

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents