[c-nsp] ASR9001 IPoE BNG question

Georgi Genov linuxloader at gmail.com
Fri Sep 13 05:39:11 EDT 2013


     I am trying to setup , IPoE scenario with several kinds of auth ( 
mac/option82 ) . With the docs from 
https://supportforums.cisco.com/docs/DOC-19702 and have come up with the 
following config:


##########################################################################

hostname ASR9001
radius source-interface Loopback0 vrf default
radius-server host ddd.ddd.ddd.46 auth-port 1812 acct-port 1813
!
aaa server radius dynamic-author
  port 3799
  client xxx.xxx.xxx.102 vrf default
  !
  client xxxxxxxx.46 vrf default
  !
!

aaa attribute format MY_AUTH_MAC_OP82
  mac-address plus circuit-id separator #
!
aaa attribute format MY_AUTH_MAC
  mac-address
!
!
aaa radius attribute nas-port-id format NAS_PORT_FORMAT
!
!
aaa accounting subscriber default group radius
aaa authorization subscriber default group radius
aaa authentication subscriber default group radius
aaa accounting update periodic 10

dhcp ipv4
  profile IP_DEFAULT proxy
   helper-address vrf default xxx.xxx.xxx.102 giaddr yyy.yyy.236.1
   relay information option
   relay information policy keep
   relay information option allow-untrusted
  !

  interface Bundle-Ether100.361 proxy profile IP_DEFAULT
!
interface Bundle-Ether100.361
  ipv4 point-to-point
  ipv4 unnumbered Loopback100
  service-policy type control subscriber IP_PM
  encapsulation dot1q 361
  ipsubscriber ipv4 l2-connected
   initiator dhcp
  !
!
interface Loopback0
  ipv4 address yyy.yyy.yyy.174 255.255.255.255
!
interface Loopback100
  ipv4 address yyy.yyy.236.1 255.255.255.0
!
!
dynamic-template
  type ipsubscriber IPSUB_TPL
   ipv4 unnumbered Loopback100
  !
!
!
class-map type control subscriber match-any DHCP
  match protocol dhcpv4
  end-class-map
!
policy-map type control subscriber IP_PM
  event session-start match-all
   class type control subscriber DHCP do-until-failure
    5 activate dynamic-template IPSUB_TPL
    10 authorize aaa list default format MY_AUTH_MAC password key
   !
  !
  end-policy-map
!
####################################################################################################################################

subscriber session looks like this

RP/0/RSP0/CPU0:ASR9001#sh subscriber session all detail
Fri Sep 13 12:37:06.697 EET
Interface:                None
Circuit ID:               000401690107
Remote ID:                0006001ebd7b2f00
Type:                     IP: DHCP-trigger
IPv4 State:               Up Pending, Fri Sep 13 12:37:04 2013
Mac Address:              000c.42a8.71e2
Account-Session Id:       000023ac
Nas-Port:                 Unknown
User name:                unknown
Outer VLAN ID:            361
Subscriber Label:         0x0000006b
Created:                  Fri Sep 13 12:37:04 2013
State:                    Connecting
Authentication:           unauthenticated
Access-interface:         Bundle-Ether100.361
Policy Executed:
policy-map type control subscriber IP_PM
   event Session-Start match-all [at Fri Sep 13 12:37:04 2013]
     class type control subscriber DHCP do-until-failure [Succeeded]
       5 activate dynamic-template IPSUB_TPL [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable
Pending Callbacks:
   Waiting for Authorization to complete
   Waiting for Authentication response from AAA


####################################################################################################################################################

and the dhcp info

RP/0/RSP0/CPU0:ASR9001#sh dhcp ipv4 proxy binding detail
Fri Sep 13 12:37:40.594 EET
MAC Address:                 000c.42a8.71e2
VRF:                         default
Server VRF:                  -
IP Address:                  0.0.0.0
Giaddr from client:          0.0.0.0
Giaddr to server:            0.0.0.0
Server IP Address:           0.0.0.0
Server IP Address to client: 0.0.0.0
ReceivedCircuit ID:          0x00-04-01-69-01-07
InsertedCircuit ID:          0x00-04-01-69-01-07
ReceivedRemote ID:           0x00-06-00-1e-bd-7b-2f-00
InsertedRemote ID:           0x00-06-00-1e-bd-7b-2f-00
ReceivedVSISO:               -
InsertedVSISO:               -
Auth. on received relay info:FALSE
Profile:                     IP_DEFAULT
State:                       INIT
Proxy lease:                 60 secs (00:01:00)
Proxy lease remaining:       53 secs (00:00:53)
Client ID:                   0x01-0x00-0x0C-0x42-0xA8-0x71-0xE2
Access Interface:            Bundle-Ether100.361
Access VRF:                  default
VLAN Id:                     361
Subscriber Label:            0x0
*

* Next renew request from this client will be NAK'd in order to recreate 
subscriber session

RP/0/RSP0/CPU0:ASR9001#sh dhcp ipv4 proxy binding
Fri Sep 13 12:37:58.290 EET

Lease
  MAC Address      IP Address      State    Remaining Interface          
VRF      Sublabel
--------------  --------------  ---------  --------- 
-------------------  ---------  ----------
000c.42a8.71e2  0.0.0.0         INIT       57 BE100.361            
default    0x0




any ideas ?
without the  service-policy type control subscriber IP_PM , dhcp works fine.





More information about the cisco-nsp mailing list