[c-nsp] asr 1001-x as LNS and ipv6 CPEs : dhcpv6 problem

BASSAGET Cédric cedric.bassaget.ml at gmail.com
Wed Jan 19 10:19:03 EST 2022 

Replying to myself :

The "-dhcpv6" stuff appears when the radius does not reply to the
access-request with a "Delegated-IPv6-Prefix" field.
That may be a quite useful thing, but it's a shame it brokes the IPv4 part
of the dialer if user at realm*-dhcpv6* does not exist !

if somebody knows any doc or RFC that refers to that...

Regards

Le mer. 19 janv. 2022 à 14:59, BASSAGET Cédric <cedric.bassaget.ml at gmail.com>
a écrit :

> Hello,
>
> I'm trying to deploy IPv6 for our PPP customers. Our LNS is an asr-1001x,
> which work just fine for ipv4.
>
> I have a strange behavior when trying to push IPv6 (NA + PD) to the client
> CPE (cisco 800 in my lab).
>
> *Here's my CPE dialer config :*
>
> interface Dialer1
>  mtu 1460
>  ip address negotiated
>  ip access-group ACL_dialer1_in in
>  ip nat outside
>  no ip virtual-reassembly in
>  encapsulation ppp
>  dialer pool 1
>  dialer-group 1
>  ipv6 address autoconfig default
>  ipv6 enable
>  no ipv6 nd ra suppress
>  ipv6 dhcp client pd DHCPv6
>  ppp authentication chap callin
>  ppp chap hostname user at realm
>  ppp chap password 7 xxxxxxxxxxxxxx
> end
>
> *Here's my LNS config relevant parts :*
>
> aaa authorization configuration DHCPv6-PD group radius
>
> ipv6 dhcp pool IPv6_DHCP_POOL
>  prefix-delegation aaa method-list DHCPv6-PD lifetime 7200 300
>  address prefix 2A06:A402:1::/56
>  accounting default
>
> interface Virtual-Template285
>  mtu 1492
>  ip unnumbered Loopback285
>  no ip redirects
>  ip access-group VC_BE_out in
>  ip tcp adjust-mss 1420
>  no peer default ip address
>  peer default ipv6 pool IPv6_DHCP_POOL
>  ipv6 unnumbered Loopback285
>  ipv6 enable
>  ipv6 nd other-config-flag
>  no ipv6 nd ra suppress
>  ipv6 dhcp server IPv6_DHCP_POOL
>  no ppp lcp fast-start
>  ppp authentication pap chap
>  ppp ipcp dns x.x.x.x x.x.x.x
>  ppp ipcp address required
>  ppp ipcp address unique
>  ppp ipv6cp address unique
> end
>
>
> So I want to give an ipv6 from 2A06:A402:1::/56 as NA address for the CPE,
> and PD is given by my radius with dhcp
>
> The problem I have is the following :
> the moment I add "ipv6 dhcp server IPv6_DHCP_POOL" in my virtual-template
> configuration on the LNS, the LNS sends an other access request to my
> radius with username = user at realm*-dhcpv6.*
>
> as this user is unknown on my radius, it gets an access-reject and the
> CPE's PPP session goes down.
>
> I can't find where this "-dhcpv6" suffix comes from, and I did not find
> doc about it.
>
> Can anyone help me please ? I'm going crazy !
> Regards
>

More information about the cisco-nsp mailing list