cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
258
Views
5
Helpful
0
Replies
bad_learner
Beginner

Cover Route prefix-length is same with subscriber prefix-leng when ipsubscriber ipv4 routed initiator unclassified-ip

Hello everyone!

Background: planned to replace operating ISG with BNG when working with ipv4 routed subscribers. BNG doesn't work!

Problem: The address assigned on the interface via DHCP proxy/BNG DHCP server does not allow creating a subscriber interface upon arrival of a packet from this address. When switching to another vrf, the interface is created, but there is no routing. What can be done?

 

Configuration:

dynamic-template

type ipsubscriber FREERADIUS
vrf NAT
accounting aaa list radius type session periodic-interval 1
ipv4 verify unicast source reachable-via rx
ipv4 unnumbered Bundle-Ether2.95

 

interface Loopback222
vrf NAT
ipv4 address 10.222.128.1 255.255.192.0

 

interface Bundle-Ether1001.1133
vrf NAT
ipv4 point-to-point
ipv4 unnumbered Loopback222
arp learning disable
service-policy type control subscriber IPoE-DHCP
encapsulation dot1q 15 second-dot1q 1133
ipsubscriber ipv4 routed
initiator unclassified-ip

 

pool vrf NAT ipv4 IPoE-2
address-range 10.223.128.3 10.223.128.10

dhcp ipv4

profile BNG-DHCP server

pool IPoE-2

subnet-mask 255.255.192.0
default-router 10.222.128.1

 

sho dhcp ipv4 server bind
Lease
MAC Address IP Address State Remaining Interface VRF Sublabel
-------------- -------------- --------- --------- ------------------- --------- ----------
5254.006e.e13c 10.223.128.3 BOUND 45 BE1001.1133 NAT 0x0

 

sho ip route vrf NAT

 

S* 0.0.0.0/0 [1/0] via 10.254.254.254, 05:55:08
S 10.0.0.0/8 [1/0] via 10.11.34.254, 02:22:33
C 10.11.34.0/24 is directly connected, 02:22:33, Bundle-Ether1001.1134
L 10.11.34.252/32 is directly connected, 02:22:33, Bundle-Ether1001.1134
C 10.222.128.0/18 is directly connected, 02:28:26, Loopback222
L 10.222.128.1/32 is directly connected, 02:28:26, Loopback222
A 10.223.128.3/32 is directly connected, 00:00:30, Bundle-Ether1001.1133
C 10.254.254.0/24 is directly connected, 05:55:08, Bundle-Ether2.95
L 10.254.254.4/32 is directly connected, 05:55:08, Bundle-Ether2.95

 

sho ipsubscriber int

Interface: Bundle-Ether1001.1133.ip183
Type: Routed
Access Interface: Bundle-Ether1001.1133
Subscriber IPv4: 10.223.128.3
Subscriber Label: 0x46
IPv4 Initiator: Packet-Trigger
VLAN ID: outer 15 inner 1133
Created: Apr 8 18:43:26 (age 00:00:00)
VRF: Unknown, IPv4 Table: Unknown
IPv4 State: Control-policy executed (old: Session creation started)
Last state change: Apr 8 18:43:26 (00:00:00 in current state)

 

class-map type control subscriber match-any ISG-IP
match source-address ipv4 10.0.0.0 255.0.0.0
end-class-map
!
!
policy-map type control subscriber IPoE-DHCP
event session-start match-first
class type control subscriber ISG-IP do-until-failure
5 activate dynamic-template FREERADIUS
10 authorize aaa list radius identifier source-address-ipv4 password cisco

 

sho subscr sess all det int

Interface: None
Circuit ID: Unknown
Remote ID: Unknown
Type: IP: Packet-trigger
IPv4 State: Up Pending, Thu Apr 8 18:43:56 2021
IPv4 Address: 10.223.128.3, VRF: default
Mac Address: Unknown
Account-Session Id: 0000247a
Nas-Port: Unknown
User name: 10.223.128.3
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 15
Inner VLAN ID: 1133
Subscriber Label: 0x00000048
Created: Thu Apr 8 18:43:56 2021
State: Connected, Thu Apr 8 18:43:56 2021

Authentication: unauthenticated
Authorization: authorized
Ifhandle: 0x00000000
Session History ID: 0
Access-interface: Bundle-Ether1001.1133
iEdge Oper Flags: 0x00000000
SRG Flags: 0x00000000(N)
SRG Group ID: 0
Prepaid State: (Disabled)
Policy Executed:

event Session-Start match-first [at 1617867836]
class type control subscriber ISG-IP do-until-failure [Succeeded]
5 activate dynamic-template FREERADIUS [cerr: No error][aaa: Success]
10 authorize aaa list radius [cerr: No error][aaa: Success]

 

sho subscr manager disconnect-history last

[ IEDGE DISCONNECT HISTORY LAST SESSIONS ]

Location: 0/RSP0/CPU0

Disconnect Reason: IP Subscriber session create failure ( Cover Route prefix-length is same with subscriber prefix-leng
Disconnect Cause: AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause: AAA_AV_ABORT_CAUSE_NO_REASON (0)
Terminate Cause: AAA_AV_TERMINATE_CAUSE_NAS_ERROR (9)
Time Disconnected: 2021:04:08 18:24:58
Client: ipsub_ma
Subscriber Label: 0x0000007c
Interface: No

[ Session Info ]

Interface: None
Circuit ID: Unknown
Remote ID: Unknown
Type: IP: Packet-trigger
IPv4 State: Up Pending, Thu Apr 8 18:24:56 2021
IPv4 Address: 10.223.128.3, VRF: default
Mac Address: Unknown
Account-Session Id: 0000242e
Nas-Port: Unknown
User name: 10.223.128.3
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 15
Inner VLAN ID: 1133
Subscriber Label: 0x0000007c
Created: Thu Apr 8 18:24:56 2021
State: Connected, Thu Apr 8 18:24:56 2021

Authentication: unauthenticated
Authorization: authorized
Ifhandle: 0x00000000
Session History ID: 0
Access-interface: Bundle-Ether1001.1133
iEdge Oper Flags: 0x00000000
SRG Flags: 0x00000000(N)
SRG Group ID: 0
Prepaid State: (Disabled)
Policy Executed:

event Session-Start match-first [at 1617866696]
class type control subscriber ISG-IP do-until-failure [Succeeded]
5 activate dynamic-template FREERADIUS [cerr: No error][aaa: Success]
10 authorize aaa list radius [cerr: No error][aaa: Success]
Session Accounting: disabled
Last COA request received: unavailable
User Profile received from AAA:
Attribute List: 0x150cb364
1: idletimeout len= 4 value= 60(3c)
2: acct-interval len= 4 value= 60(3c)
Services:
Name : FREERADIUS
Service-ID : 0x400000a
Type : Template
Status : Request PD Association
[Event History]
Apr 8 18:24:54.400 Service status update [many]
-------------------------
[Event History]
Apr 8 18:24:54.400 IPv4 Start
Apr 8 18:24:54.400 SUBDB session create
Apr 8 18:24:54.400 Authorization req
Apr 8 18:24:54.400 Authorization res
Apr 8 18:24:54.400 SUBDB produce done Start

 

But when switching to another vrf, the interface is created, but there is no routing

 

sho subscriber sess all det

Interface: Bundle-Ether1001.1133.ip257
Circuit ID: Unknown
Remote ID: Unknown
Type: IP: Packet-trigger
IPv4 State: Up, Thu Apr 8 19:13:03 2021
IPv4 Address: 10.223.128.3, VRF: MAGLAN
Mac Address: Unknown
Account-Session Id: 000024c2
Nas-Port: Unknown
User name: 10.223.128.3
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 15
Inner VLAN ID: 1133
Subscriber Label: 0x00000050
Created: Thu Apr 8 19:13:01 2021
State: Activated, Thu Apr 8 19:13:03 2021

Authentication: unauthenticated
Authorization: authorized
Access-interface: Bundle-Ether1001.1133

 

sho ip route vrf MAGLAN


L 10.222.128.1/32 is directly connected, 00:01:07, Loopback224
A 10.223.128.3/32 [2/0] 00:00:17, Bundle-Ether1001.1133.ip257
C 10.254.254.0/24 is directly connected, 00:01:57, Bundle-Ether2.95
L 10.254.254.4/32 is directly connected, 00:01:57, Bundle-Ether2.95
L 94.247.56.0/32 is directly connected, 1w6d, Loopback2

 

sho ipsubscriber int

Interface: Bundle-Ether1001.1133.ip259
Type: Routed
Access Interface: Bundle-Ether1001.1133
Subscriber IPv4: 10.223.128.3
Subscriber Label: 0x52
IPv4 Initiator: Packet-Trigger
VLAN ID: outer 15 inner 1133
Created: Apr 8 19:15:31 (age 00:00:13)
VRF: MAGLAN, IPv4 Table: default
IPv4 State: Up (old: Adjacency added)
Last state change: Apr 8 19:15:33 (00:00:11 in current state)

0 REPLIES 0