Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

IPv6 Prefix Delegation vi RADIUS

Problem related to issueing Prefix Delegations to Customer CPE's via RADIUS. The following document "http://www.cisco.com/en/US/products/ps6553/products_data_sheet09186a008011b68d.html" states " The provider edge receives the DHCPv6 REQUEST message and issues a RADIUS request for the user ("user1-dhcpv6")."

Can you please provide the default password that should be used on this useraccount as the authentication fails with an incorrect password from the RADIUS Server.

3 REPLIES
Hall of Fame Super Silver

Re: IPv6 Prefix Delegation vi RADIUS

Hello Derek,

I think that is just an example of user.

You are not tied to use this user1.

Above in the document it says:

>>From the username contained in the PPP negotiation, a RADIUS request is sent to the service provider RADIUS server. If the username/password pair is validated, the result of this request returns a /64 prefix to the provider edge router. This prefix is then included in the router advertisement messages sent on the link connected to the CPE. The corresponding /64 prefix route is injected into the service provider routing system.

This means that the username and password used by the CPE during PPP authentication has to be defined in the Radius server.

An example of configuration for ipv6 prefix delegation is reported in the document and it is:

Auth-Type = Local, Password = "foo"

User-Service-Type = Framed-User,

Framed-Protocol = PPP,

cisco-avpair = "ipv6:prefix#1=2001:db8:1:1::/64",

Another aspect is the authentication of communication between the PE/NAS node and the radius server.

This can be configured with other commands.

Hope to help

Giuseppe

New Member

Re: IPv6 Prefix Delegation vi RADIUS

Hi Giuseppe

Thank you for the reply, I understand the documentation, and that you can use any username you wish, I just quoted the documentaion. If for example, I have a username called "joe" and a password of "abc" when this username is authenticated against the radius server all is fine, when the username of "joe-dhcpv6" is authenticated what password is used. I have tried user password of "abc" and any other I could think of encluding "cisco", the enable password the even the radius shared key password all without success.

Any ideas.

Derek

Hall of Fame Super Silver

Re: IPv6 Prefix Delegation vi RADIUS

Hello Derek,

if your user is "joe" then the cisco AV attributes for ipv6 prefix-delegation has to be under "joe" profile in Radius.

The router has to pass username="joe" , password= "abc".

The Radius in answering to the authentication requests provide also the AV pair of ipv6 prefix.

Documentation may be misleading but

username="joe-dhcpv6" makes radius to look for a user with that name and so you get a failure in AAA authentication.

Another possibility is that the Radius you are using is not aware of the feature IPV6 prefix delegation and treats the modified username in the way I've described above.

Edit:

as mentioned in the document the Radius server should implement

http://www.faqs.org/rfcs/rfc3162.html

Hope to help

Giuseppe

1401
Views
0
Helpful
3
Replies
CreatePlease to create content