[c-nsp] asr 1001-x as LNS and ipv6 CPEs : dhcpv6 problem

BASSAGET Cédric cedric.bassaget.ml at gmail.com
Wed Jan 19 08:59:43 EST 2022


I'm trying to deploy IPv6 for our PPP customers. Our LNS is an asr-1001x,
which work just fine for ipv4.

I have a strange behavior when trying to push IPv6 (NA + PD) to the client
CPE (cisco 800 in my lab).

*Here's my CPE dialer config :*

interface Dialer1
 mtu 1460
 ip address negotiated
 ip access-group ACL_dialer1_in in
 ip nat outside
 no ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ipv6 address autoconfig default
 ipv6 enable
 no ipv6 nd ra suppress
 ipv6 dhcp client pd DHCPv6
 ppp authentication chap callin
 ppp chap hostname user at realm
 ppp chap password 7 xxxxxxxxxxxxxx

*Here's my LNS config relevant parts :*

aaa authorization configuration DHCPv6-PD group radius

ipv6 dhcp pool IPv6_DHCP_POOL
 prefix-delegation aaa method-list DHCPv6-PD lifetime 7200 300
 address prefix 2A06:A402:1::/56
 accounting default

interface Virtual-Template285
 mtu 1492
 ip unnumbered Loopback285
 no ip redirects
 ip access-group VC_BE_out in
 ip tcp adjust-mss 1420
 no peer default ip address
 peer default ipv6 pool IPv6_DHCP_POOL
 ipv6 unnumbered Loopback285
 ipv6 enable
 ipv6 nd other-config-flag
 no ipv6 nd ra suppress
 ipv6 dhcp server IPv6_DHCP_POOL
 no ppp lcp fast-start
 ppp authentication pap chap
 ppp ipcp dns x.x.x.x x.x.x.x
 ppp ipcp address required
 ppp ipcp address unique
 ppp ipv6cp address unique

So I want to give an ipv6 from 2A06:A402:1::/56 as NA address for the CPE,
and PD is given by my radius with dhcp

The problem I have is the following :
the moment I add "ipv6 dhcp server IPv6_DHCP_POOL" in my virtual-template
configuration on the LNS, the LNS sends an other access request to my
radius with username = user at realm*-dhcpv6.*

as this user is unknown on my radius, it gets an access-reject and the
CPE's PPP session goes down.

I can't find where this "-dhcpv6" suffix comes from, and I did not find doc
about it.

Can anyone help me please ? I'm going crazy !

More information about the cisco-nsp mailing list