[c-nsp] ASR9001 IPoE BNG question
Georgi Genov
linuxloader at gmail.com
Fri Sep 13 05:39:11 EDT 2013
I am trying to setup , IPoE scenario with several kinds of auth (
mac/option82 ) . With the docs from
https://supportforums.cisco.com/docs/DOC-19702 and have come up with the
following config:
##########################################################################
hostname ASR9001
radius source-interface Loopback0 vrf default
radius-server host ddd.ddd.ddd.46 auth-port 1812 acct-port 1813
!
aaa server radius dynamic-author
port 3799
client xxx.xxx.xxx.102 vrf default
!
client xxxxxxxx.46 vrf default
!
!
aaa attribute format MY_AUTH_MAC_OP82
mac-address plus circuit-id separator #
!
aaa attribute format MY_AUTH_MAC
mac-address
!
!
aaa radius attribute nas-port-id format NAS_PORT_FORMAT
!
!
aaa accounting subscriber default group radius
aaa authorization subscriber default group radius
aaa authentication subscriber default group radius
aaa accounting update periodic 10
dhcp ipv4
profile IP_DEFAULT proxy
helper-address vrf default xxx.xxx.xxx.102 giaddr yyy.yyy.236.1
relay information option
relay information policy keep
relay information option allow-untrusted
!
interface Bundle-Ether100.361 proxy profile IP_DEFAULT
!
interface Bundle-Ether100.361
ipv4 point-to-point
ipv4 unnumbered Loopback100
service-policy type control subscriber IP_PM
encapsulation dot1q 361
ipsubscriber ipv4 l2-connected
initiator dhcp
!
!
interface Loopback0
ipv4 address yyy.yyy.yyy.174 255.255.255.255
!
interface Loopback100
ipv4 address yyy.yyy.236.1 255.255.255.0
!
!
dynamic-template
type ipsubscriber IPSUB_TPL
ipv4 unnumbered Loopback100
!
!
!
class-map type control subscriber match-any DHCP
match protocol dhcpv4
end-class-map
!
policy-map type control subscriber IP_PM
event session-start match-all
class type control subscriber DHCP do-until-failure
5 activate dynamic-template IPSUB_TPL
10 authorize aaa list default format MY_AUTH_MAC password key
!
!
end-policy-map
!
####################################################################################################################################
subscriber session looks like this
RP/0/RSP0/CPU0:ASR9001#sh subscriber session all detail
Fri Sep 13 12:37:06.697 EET
Interface: None
Circuit ID: 000401690107
Remote ID: 0006001ebd7b2f00
Type: IP: DHCP-trigger
IPv4 State: Up Pending, Fri Sep 13 12:37:04 2013
Mac Address: 000c.42a8.71e2
Account-Session Id: 000023ac
Nas-Port: Unknown
User name: unknown
Outer VLAN ID: 361
Subscriber Label: 0x0000006b
Created: Fri Sep 13 12:37:04 2013
State: Connecting
Authentication: unauthenticated
Access-interface: Bundle-Ether100.361
Policy Executed:
policy-map type control subscriber IP_PM
event Session-Start match-all [at Fri Sep 13 12:37:04 2013]
class type control subscriber DHCP do-until-failure [Succeeded]
5 activate dynamic-template IPSUB_TPL [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable
Pending Callbacks:
Waiting for Authorization to complete
Waiting for Authentication response from AAA
####################################################################################################################################################
and the dhcp info
RP/0/RSP0/CPU0:ASR9001#sh dhcp ipv4 proxy binding detail
Fri Sep 13 12:37:40.594 EET
MAC Address: 000c.42a8.71e2
VRF: default
Server VRF: -
IP Address: 0.0.0.0
Giaddr from client: 0.0.0.0
Giaddr to server: 0.0.0.0
Server IP Address: 0.0.0.0
Server IP Address to client: 0.0.0.0
ReceivedCircuit ID: 0x00-04-01-69-01-07
InsertedCircuit ID: 0x00-04-01-69-01-07
ReceivedRemote ID: 0x00-06-00-1e-bd-7b-2f-00
InsertedRemote ID: 0x00-06-00-1e-bd-7b-2f-00
ReceivedVSISO: -
InsertedVSISO: -
Auth. on received relay info:FALSE
Profile: IP_DEFAULT
State: INIT
Proxy lease: 60 secs (00:01:00)
Proxy lease remaining: 53 secs (00:00:53)
Client ID: 0x01-0x00-0x0C-0x42-0xA8-0x71-0xE2
Access Interface: Bundle-Ether100.361
Access VRF: default
VLAN Id: 361
Subscriber Label: 0x0
*
* Next renew request from this client will be NAK'd in order to recreate
subscriber session
RP/0/RSP0/CPU0:ASR9001#sh dhcp ipv4 proxy binding
Fri Sep 13 12:37:58.290 EET
Lease
MAC Address IP Address State Remaining Interface
VRF Sublabel
-------------- -------------- --------- ---------
------------------- --------- ----------
000c.42a8.71e2 0.0.0.0 INIT 57 BE100.361
default 0x0
any ideas ?
without the service-policy type control subscriber IP_PM , dhcp works fine.
More information about the cisco-nsp
mailing list