09-22-2024 06:15 AM
Hi,
we are using the Cisco ASR1001-X as core router on our ISP network. For the management of the CPE I set up a TR-069 ACS server. For testing purposes I configured the ACS URL manually on the CPE, which works fine.
However I'd like our ASR to pass the URL automatically along with the PPPoE request from the CPE which would allow us to integrate automatically all routers installed at our customers. As radius server we use FreeRADIUS.
Is there a way to achieve this on the ASR1001-X?
Appreciate any suggestion.
09-22-2024 11:41 AM
I was not sure about the request. can you explain more details and show us the what have you done with ACS (cisco ?)
For the management of the CPE I set up a TR-069 ACS server. For testing purposes I configured the ACS URL manually on the CPE, which works fine.
what URL you configured,
09-22-2024 11:43 AM
Hello @andy89 ,
you can use the Radius server to pass a Cisco specific attribute called AV Pair that you can use to pass some configurations commands during Radius authentication.
Radius Vendor specific attribute is 26. It is followed by two fields one that identifies Cisco as the vendor and one that specifies the AV pair attibute Type length Value TLV.
Hope to help
Giuseppe
09-25-2024 12:28 AM - edited 09-25-2024 12:29 AM
Hi @Giuseppe Larosa,
thanks you for your reply. We did a couple of tests but didn'd get it to work until now. Will try further.
According to our CPE vendor (AVM) the syntax for the ACK/NAK response should look like that:
SRD=xxxx#SRU=yyyy#SRT=zz#LID=line-id#TR069URL=url#TR069PROVC=provisioningcode
I guess Line ID (LID) or TR069PROVC shouldn't be needed.
If anyone has managed to make it work I'd appreciate any help.
09-25-2024 01:00 AM
In ASR you use pool, use dhcp local server and try push dhcp option to CPE about the url ACS
MHM
09-25-2024 01:55 AM - edited 09-25-2024 01:55 AM
Thanks @MHM Cisco World for the reply. With DHCP opt. 43 it works - tried that earlier in a test setup.
As our CPE is using PPPoE only I'm trying to make it work for PPPoE as well. Would be great if there is a way to pass the TR069 URL to the CPE with FreeRADIUS.
Tried that - without success:
+-----+---------------+------------+----+------------------------+
| id | username | attribute | op | value |
+-----+---------------+------------+----+------------------------+
| 1 | test@user.fiber | cisco-avpair | := | TR069URL=https://ouracsurl.net:7547 |
09-25-2024 01:59 AM - edited 09-25-2024 01:59 AM
Cpe is pppoe client
Asr is pppoe server' and hence it push IP to client via dhcp here ypu can push also url
MHM
09-25-2024 03:37 AM
Hello @MHM Cisco World ,
>> Asr is pppoe server' and hence it push IP to client via dhcp here ypu can push also url
DHCP should not be involved IP address is provided in IPCP NCP part of PPP negotiation
Hope to help
Giuseppe
09-26-2024 08:39 AM
friend
You can use pool of dhcp local to assign IP for pppoe client.
@andy89 instead of radius send pool name let it send dhcp pool name
MHM
09-25-2024 03:17 AM
Ok, I'll have a more detailed look into that. Currently the ASR retrieves the IP pool from FreeRADIUS.
According to you, could it be possible to add the "TR069URL" attribute in the radreply table (that we use to assign a static IP to a user)?
That is what I have tried before:
+-----+---------------+------------+----+------------------------+ | id | username | attribute | op | value | +-----+---------------+------------+----+------------------------+ | 1 | test@user.fiber | cisco-avpair | := | TR069URL=https://ouracsurl.net:7547 |
09-25-2024 03:43 AM
Hello @andy89 ,
refer to the following link:
Radius attribute = 26 for vendor specific , then Cisco = 9
the AVPair is a string that contains a similar
For example, the following AV pair causes Cisco’s “multiple named ip address pools” feature to be activated during IP authorization (during PPP’s IPCP address assignment):
cisco-avpair= ”ip:addr-pool=first“
If you insert an “*”, the AV pair “ip:addr-pool=first” becomes optional. Note that any AV pair can be made optional.
cisco-avpair= ”ip:addr-pool*first“
Hope to help
Giuseppe
09-25-2024 12:56 PM - edited 09-25-2024 01:09 PM
According to this document protocols that can be used with "cisco-avpair" include IP, IPX, VPDN, VOIP, SHELL, RSVP, SIP, AIRNET and OUTBOUND.
The format has to look like this:
cisco-avpair = "protocol:attribute=value" (or * instead of = for optional attributes)
I went through the list of (string) attributes but coudn't find anything that might be suitable for passing the TR069 URL.
10-01-2024 12:08 PM - edited 10-01-2024 12:22 PM
According to our CPE vendor it is possible to pass the ACS URL to the CPE by transferring a string like this
SRD=50000#SRU=10000#TR069URL=https://myacs.xyz123.com:7547#TR069PROVC=setup#
within the PPP-PAP/CHAP authentication message (PAP=Code 2, CHAP=Code 3).
Does anyone have an idea how that could be possible with Cisco IOS?
10-05-2024 06:58 AM
did you try DHCP ?
MHM
10-05-2024 10:25 AM - edited 10-05-2024 10:29 AM
Thanks for the reply. According to this document the CPE vendor (AVM) supports it to pass the URL directly with the ACK/NAK response message. As stated in PPP RFC 1334 and 1994 it is possibile to specify a message:
The Message field is zero or more octets, and its contents are implementation dependent. It is intended to be human readable, and MUST NOT affect operation of the protocol. It is recommended that the message contain displayable ASCII characters 32 through 126 decimal. Mechanisms for extension to other character sets are the topic of future research.
Here's how the trace should look like:
Do you know if it is possible with Cisco IOS to configure the ACK/NAK message?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide