Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Per-session VRF and IPv6

Hello. I cant get Per-session VRF feature working with IPv6 protocol. IPv4 is working fine.

Here is what i've got:

 

test1    Cleartext-Password := "test"
        Framed-Protocol = PPP,
        Service-Type == Framed-User,
        Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat",
        Cisco-AVPair += "ip:vrf-id=NoNAT",
        Cisco-AVPair += "ip:ip-unnumbered=Loopback1",
        Cisco-AVPair += "ip:addr-pool=real"
        Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"

 

test2    Cleartext-Password := "test"
        Framed-Protocol = PPP,
        Service-Type == Framed-User,
        Cisco-AVPair += "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool",
        Cisco-AVPair += "lcp:interface-config=ip nat inside"

 

#sho run


interface Loopback0
 ip address ****
 ipv6 address 2001:DB8::20/128
 ipv6 enable
!
interface Loopback1
 vrf forwarding NoNAT
 ip address *****
 ipv6 address 2001:DB8::21/128
 ipv6 enable
!
ipv6 dhcp pool AAA_dhcpv6_pool
 prefix-delegation aaa method-list FREERADIUS
!
ip local pool pool192_168 192.168.128.0 192.168.255.254
ip local pool real *.*.*.* *.*.*.*
!
ipv6 local pool ppp_delegate_56_v6_pool 2001:DB8:3::/48 56
ipv6 local pool ppp_link_v6_pool 2001:DB8:1::/49 64
!
ipv6 local pool ppp_delegate_56_v6_pool_vrf_no_nat 2001:DB8:6::/48 56
ipv6 local pool ppp_link_v6_pool_vrf_no_nat 2001:DB8:4::/49 64

!

interface Virtual-Template1
 ip unnumbered Loopback0
 ipv6 unnumbered Loopback0
 ipv6 enable
 no ipv6 nd ra suppress
 ipv6 dhcp server AAA_dhcpv6_pool
 peer default ip address pool pool192_168
 peer default ipv6 pool ppp_link_v6_pool

 ! non-related config skipped
!

 

User test2 receive IPv4 private address and full IPv6 service: address negotiated on the link and delegation DHCPv6 service.

User test1 receive IPv4 real address only and no IPv6 at all.

 

Here is the debug, take a look at the bold line:

 

Jul  8 10:13:41: RADIUS(000000DF): Send Access-Request to 10.0.6.10:1812 id 1645/139, len 207
Jul  8 10:13:41: RADIUS:  authenticator B8 8A 07 F3 D8 90 A5 FE - B0 10 9F 51 B2 4F 7E 0A
Jul  8 10:13:41: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul  8 10:13:41: RADIUS:  User-Name           [1]   6   "test"
Jul  8 10:13:41: RADIUS:  CHAP-Password       [3]   19  *
Jul  8 10:13:41: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Jul  8 10:13:41: RADIUS:  NAS-Port            [5]   6   0
Jul  8 10:13:41: RADIUS:  NAS-Port-Id         [87]  13  "0/1/0/2.301"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  41
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=5254.0018.9fb1"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  39
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   33  "circuit-id-tag=SNR eth 001,0301"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  39
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   33  "remote-id-tag=f8-f0-82-10-9b-9d"
Jul  8 10:13:41: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul  8 10:13:41: RADIUS:  NAS-IP-Address      [4]   6   10.0.6.21
Jul  8 10:13:41: RADIUS(000000DF): Sending a IPv4 Radius Packet
Jul  8 10:13:41: RADIUS(000000DF): Started 5 sec timeout
Jul  8 10:13:41: RADIUS: Received from id 1645/139 10.0.6.10:1812, Access-Accept, len 236
Jul  8 10:13:41: RADIUS:  authenticator 9C E6 3B 43 A3 58 06 AB - 17 99 AD 06 FF C6 9A 35
Jul  8 10:13:41: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul  8 10:13:41: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  67
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   61  "ipv6:delegated-ipv6-pool=ppp_delegate_56_v6_pool_vrf_no_nat"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  23
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   17  "ip:vrf-id=NoNAT"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  34
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   28  "ip:ip-unnumbered=Loopback1"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  25
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   19  "ip:addr-pool=real"
Jul  8 10:13:41: RADIUS:  Vendor, Cisco       [26]  55
Jul  8 10:13:41: RADIUS:   Cisco AVpair       [1]   49  "ipv6:ipv6-addr-pool=ppp_link_v6_pool_vrf_no_nat"
Jul  8 10:13:41: RADIUS(000000DF): Received from id 1645/139
Jul  8 10:13:41: ppp202 PPP SSS: Forwarding request
Jul  8 10:13:41: ppp202 PPP: Phase is FORWARDING, Attempting Forward
Jul  8 10:13:41: PPP: Bind ppp202 to Virtual-Access2.1
Jul  8 10:13:41: Vi2.1 PPP: Static Bind peer_type[3]
Jul  8 10:13:41: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User
Jul  8 10:13:41: Vi2.1 CHAP: O SUCCESS id 1 len 4
Jul  8 10:13:41: Vi2.1 PPP: Phase is UP
Jul  8 10:13:41: Vi2.1 IPCP: Protocol configured, start CP. state[Initial]
Jul  8 10:13:41: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting]
Jul  8 10:13:41: Vi2.1 IPCP: O CONFREQ [Starting] id 1 len 10
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.8 (0x0306B92EC408)
Jul  8 10:13:41: Vi2.1 IPCP: Event[UP] State[Starting to REQsent]
Jul  8 10:13:41: Vi2.1 PPP: Send Message[Static Bind Response]
Jul  8 10:13:41: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address 0.0.0.0 (0x030600000000)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Start.  Her address 0.0.0.0, we want 0.0.0.0
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Says use pool real
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Pool returned *.*.*.11
Jul  8 10:13:41: Vi2.1 IPCP AUTHOR: Done.  Her address 0.0.0.0, we want *.*.*.11
Jul  8 10:13:41: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.11 (0x0306B92EC50B)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 8.8.8.8 (0x810608080808)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 8.8.4.4 (0x830608080404)
Jul  8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
Jul  8 10:13:41: Vi2.1 IPV6CP: I CONFREQ [UNKNOWN] id 1 len 14
Jul  8 10:13:41: Vi2.1 IPV6CP:    Interface-Id 11BF:9891:6F31:7C15 (0x010A11BF98916F317C15)
Jul  8 10:13:41: Vi2.1 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x0101000E010A11BF98916F317C15)
Jul  8 10:13:41: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.8 (0x0306B92EC408)
Jul  8 10:13:41: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
Jul  8 10:13:41: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.11 (0x0306B92EC50B)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 8.8.8.8 (0x810608080808)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 8.8.4.4 (0x830608080404)
Jul  8 10:13:41: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 22
Jul  8 10:13:41: Vi2.1 IPCP:    Address *.*.*.11 (0x0306B92EC50B)
Jul  8 10:13:41: Vi2.1 IPCP:    PrimaryDNS 8.8.8.8 (0x810608080808)
Jul  8 10:13:41: Vi2.1 IPCP:    SecondaryDNS 8.8.4.4 (0x830608080404)
Jul  8 10:13:41: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
Jul  8 10:13:41: Vi2.1 IPCP: State is Open
Jul  8 10:13:41: Vi2.1 Added to neighbor route AVL tree: topoid 2, address *.*.*.11
Jul  8 10:13:41: Vi2.1 IPCP: Install route to *.*.*.11
Jul  8 10:13:41: RADIUS/ENCODE(000000DF):Orig. component type = PPPoE
Jul  8 10:13:41: RADIUS(000000DF): Config NAS IP: 10.0.6.21
Jul  8 10:13:41: RADIUS(000000DF): Config NAS IPv6: ::
Jul  8 10:13:41: RADIUS(000000DF): sending
Jul  8 10:13:41: RADIUS(000000DF): Send Accounting-Request to 10.0.6.10:1813 id 1646/109, len 264

 

Any suggestions?

 

 

2 REPLIES
New Member

Fixed one problem and moved

Fixed one problem and moved into other.

I've added

Cisco-AVPair += "lcp:interface-config=ipv6 unnumbered Loopback1"

to user profile, but stumbled into another problem: router ignores

Cisco-AVPair += "ipv6:ipv6-addr-pool=ppp_link_v6_pool"

regardless of vrf, even on usual user profile

 

New Member

Solved by using

Solved by using

Cisco-AVPair += "lcp:interface-config=peer default ipv6 pool pool_name

Update:

 

Framed-IPv6-Pool += "ppp_link_v6_pool_vrf_no_nat"

works too

853
Views
0
Helpful
2
Replies
CreatePlease to create content