[c-nsp] BNG IPv6 Prefix Delegation Accounting
Sebastian Graf
SGraf at xantaro.net
Tue Mar 19 16:03:13 EDT 2013
Hi Sandy,
yes, we had
aaa accounting include auth-profile delegated-ipv6-prefix
aaa accounting update periodic 30
configured. I changed the interval to 1 and could finally spot it in the interims messages as attribute 123. Strange thing is though that the Accounting Stop messages do not include that attribute. Using
aaa accounting update newinfo
does not seem to work at all in this context. If I use that, I only see Start and Stop Messages, both missing the attribute. So the only chance in this setup seems to be to track the prefixes via the interims messages.
Anyway, thanks to your hints I am one step further now. Many Thanks
Sebastian
-----Ursprüngliche Nachricht-----
Von: Sandy Breeze [mailto:sandy.breeze at eu.clara.net]
Gesendet: Montag, 18. März 2013 11:04
An: Sebastian Graf; cisco-nsp at puck.nether.net
Betreff: RE: BNG IPv6 Prefix Delegation Accounting
Hi Sebastian,
As per http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html, have you configured:
The following example shows how to include the delegated-IPv6-Prefix profile in the AAA accounting records:
Router(config)# aaa accounting include auth-profile delegated-ipv6-prefix
If not seen specifically in start, you should at least see it in the interims? (aaa accounting update periodic <mins>)
Regards
Sandy
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Sebastian Graf
Sent: 18 March 2013 08:01
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] BNG IPv6 Prefix Delegation Accounting
Hi,
we are currently working on providing IPv6 to residential customers. The BNG used is a Cisco ASR1k running 15.2(2)S1. While most part seem to work out nicely, there is an issue with Adress Accounting and DHCPv6 Prefix Delegation.
It seems that the Accounting Start messages generally do not include the IPv6 Prefix assigned via Prefix Delegation. Only the link local and SLAAC addresses are provided. I guess this is because the PPP session establishment is decoupled from the address assignment with IPv6.
This is no big deal if I provide the prefix from the radius (as I can log it there), however if I tell the ASR to assign an address from a local pool (using Cisco-AVpair = "ipv6:delegated-ipv6-pool=<POOL-NAME>"), there seems to be no way to track which prefix was assigned to which subscriber (which is needed for legal purposes).
Did anybody came across a similar situation or knows if there is a way to log these assignments? Or is the only option in this case to move the pool management to an external server and log it there?
kind regards
Sebastian
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list