[c-nsp] asr 1001-x as LNS and ipv6 CPEs : dhcpv6 problem

BASSAGET Cédric cedric.bassaget.ml at gmail.com
Tue Jan 25 05:46:11 EST 2022 

Hello,
I fixed all of my problems except one : the IA NA dynamically attributed to
the PPP client (from pool 2A06:A402:1::/56) does not appear in the ipv6
routing table (sho ipv6 route). only the IA PD appears :

asr-1k1-pa3-1#show ipv6 dhcp binding
Client: FE80::A
  DUID: 0003000108553159A447
  Username : user at realm
  VRF : default
  Interface : Virtual-Access2.92
  IA PD: IA ID 0x0000000A, T1 150, T2 240
    Prefix: 2A06:a402:100::/48
            preferred lifetime 300, valid lifetime 7200
            expires at Jan 25 2022 01:41 PM (7137 seconds)
  IA NA: IA ID 0x0000000A, T1 43200, T2 69120
    Address: 2A06:A402:1:56:8055:BF4:x:x
            preferred lifetime 86400, valid lifetime 172800
            expires at Jan 27 2022 11:41 AM (172737 seconds)

asr-1k1-pa3-1#sh ipv6 route interface virtual-access 2.92
S   2A06:A402:100::/48 [1/0]
     via FE80::A, Virtual-Access2.92

I've been looking for a way to resolve this for days but I did not find any
answer.
If anyone knows...

Regards

Le mer. 19 janv. 2022 à 16:19, BASSAGET Cédric <cedric.bassaget.ml at gmail.com>
a écrit :

> Replying to myself :
>
> The "-dhcpv6" stuff appears when the radius does not reply to the
> access-request with a "Delegated-IPv6-Prefix" field.
> That may be a quite useful thing, but it's a shame it brokes the IPv4 part
> of the dialer if user at realm*-dhcpv6* does not exist !
>
> if somebody knows any doc or RFC that refers to that...
>
> Regards
>
> Le mer. 19 janv. 2022 à 14:59, BASSAGET Cédric <
> cedric.bassaget.ml at gmail.com> a écrit :
>
>> Hello,
>>
>> I'm trying to deploy IPv6 for our PPP customers. Our LNS is an asr-1001x,
>> which work just fine for ipv4.
>>
>> I have a strange behavior when trying to push IPv6 (NA + PD) to the
>> client CPE (cisco 800 in my lab).
>>
>> *Here's my CPE dialer config :*
>>
>> interface Dialer1
>>  mtu 1460
>>  ip address negotiated
>>  ip access-group ACL_dialer1_in in
>>  ip nat outside
>>  no ip virtual-reassembly in
>>  encapsulation ppp
>>  dialer pool 1
>>  dialer-group 1
>>  ipv6 address autoconfig default
>>  ipv6 enable
>>  no ipv6 nd ra suppress
>>  ipv6 dhcp client pd DHCPv6
>>  ppp authentication chap callin
>>  ppp chap hostname user at realm
>>  ppp chap password 7 xxxxxxxxxxxxxx
>> end
>>
>> *Here's my LNS config relevant parts :*
>>
>> aaa authorization configuration DHCPv6-PD group radius
>>
>> ipv6 dhcp pool IPv6_DHCP_POOL
>>  prefix-delegation aaa method-list DHCPv6-PD lifetime 7200 300
>>  address prefix 2A06:A402:1::/56
>>  accounting default
>>
>> interface Virtual-Template285
>>  mtu 1492
>>  ip unnumbered Loopback285
>>  no ip redirects
>>  ip access-group VC_BE_out in
>>  ip tcp adjust-mss 1420
>>  no peer default ip address
>>  peer default ipv6 pool IPv6_DHCP_POOL
>>  ipv6 unnumbered Loopback285
>>  ipv6 enable
>>  ipv6 nd other-config-flag
>>  no ipv6 nd ra suppress
>>  ipv6 dhcp server IPv6_DHCP_POOL
>>  no ppp lcp fast-start
>>  ppp authentication pap chap
>>  ppp ipcp dns x.x.x.x x.x.x.x
>>  ppp ipcp address required
>>  ppp ipcp address unique
>>  ppp ipv6cp address unique
>> end
>>
>>
>> So I want to give an ipv6 from 2A06:A402:1::/56 as NA address for the
>> CPE, and PD is given by my radius with dhcp
>>
>> The problem I have is the following :
>> the moment I add "ipv6 dhcp server IPv6_DHCP_POOL" in my virtual-template
>> configuration on the LNS, the LNS sends an other access request to my
>> radius with username = user at realm*-dhcpv6.*
>>
>> as this user is unknown on my radius, it gets an access-reject and the
>> CPE's PPP session goes down.
>>
>> I can't find where this "-dhcpv6" suffix comes from, and I did not find
>> doc about it.
>>
>> Can anyone help me please ? I'm going crazy !
>> Regards
>>
>

More information about the cisco-nsp mailing list