cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASR 9001 BNG IPoE problems

Goergi Genov
Level 1
Level 1

Hi,

I have read and try these guides

https://supportforums.cisco.com/docs/DOC-23170

https://supportforums.cisco.com/docs/DOC-19702

https://supportforums.cisco.com/docs/DOC-19726

But have some problems , here is my config ( almost same like the guides )

radius-server host xxx.xxx.xxx.46 auth-port 1812 acct-port 1813

!

aaa server radius dynamic-author

port 3799

client yyy.yyy.yyy.102 vrf default

!

client xxx.xxx.xxx.46 vrf default

!

aaa attribute format MY_AUTH

mac-address

!

aaa attribute format NAS_PORT_FORMAT

circuit-id plus remote-id separator .

!

!

aaa radius attribute nas-port format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU type 32

aaa radius attribute nas-port format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU

aaa radius attribute nas-port-id format NAS_PORT_FORMAT

aaa group server radius RADIUS_GR

server xxx.xxx.xxx.46 auth-port 1812 acct-port 1813

source-interface Loopback0

!

aaa authorization network default group RADIUS_GR

aaa accounting subscriber default group RADIUS_GR

aaa authorization subscriber AUTH_GR group RADIUS_GR

aaa authorization subscriber default group RADIUS_GR

aaa authorization subscriber RADIUS_GR group RADIUS_GR

aaa authentication subscriber default group RADIUS_GR

aaa accounting update periodic 10

dhcp ipv4

profile IP_DEFAULT proxy

  class IP_DEFAULT

   helper-address vrf default yyy.yyy.yyy.102 giaddr zzz.zzz.zzz.1

  !

  helper-address vrf default yyy.yyy.yyy.102 giaddr zzz.zzz.zzz.1

  relay information option

  relay information policy keep

  relay information option allow-untrusted

!

   interface Bundle-Ether100.361 proxy profile IP_DEFAULT

!

ipv4 access-list PERM_ALL

10 permit ipv4 any any

20 permit icmp any any

30 permit ipv4 any any

!

interface Bundle-Ether100

bundle load-balancing hash dst-ip

!

!

interface Bundle-Ether100.361

ipv4 point-to-point

ipv4 unnumbered Loopback100

service-policy type control subscriber IP_PM

encapsulation dot1q 361

ipsubscriber ipv4 l2-connected

  initiator dhcp

!

!

interface Loopback0

ipv4 address ccc.ccc.ccc.174 255.255.255.255

!

interface Loopback100

description 4dhcp

ipv4 address zzz.zzz.zzz.1 255.255.255.0

!

interface TenGigE0/0/2/0

bundle id 100 mode on

!

interface TenGigE0/0/2/1

!

dynamic-template

type ipsubscriber IPSUB_TPL

  ipv4 unnumbered Loopback100

  ipv4 access-group PERM_ALL ingress

  ipv4 access-group PERM_ALL egress

!

class-map type control subscriber match-any DHCP

match protocol dhcpv4

end-class-map

!

policy-map type control subscriber IP_PM

event session-start match-first

  class type control subscriber DHCP do-until-failure

   5 activate dynamic-template IPSUB_TPL

   10 authorize aaa list AUTH_GR format MY_AUTH password cisco

  !

!

end-policy-map

!


Without  service-policy type control subscriber IP_PM on the interface , CPE gets ip address and all works.

The radius server is configured always to autothenticate with access-accept but there are errors


  Total Deadtime: 0s Last Deadtime: 0s

  Timeout: 5 sec, Retransmit limit: 3

  Quarantined: No

  Authentication:

    468 requests, 1 pending, 154 retransmits

    0 accepts, 0 rejects, 0 challenges

    204 timeouts, 417 bad responses, 417 bad authenticators

    0 unknown types, 417 dropped, 0 ms latest rtt

    Throttled: 0 transactions, 0 timeout, 0 failures

    Estimated Throttled Access Transactions: 0

    Maximum Throttled Access Transactions: 0


  The most strange issue is this

000c.42a8.71e2  0.0.0.0         INIT       57         BE100.361            default    0x0      

and

RP/0/RSP0/CPU0:Sep 23 17:08:03.507 : dhcpd[1077]: DHCPD ERROR: TP2468: rib route delete failed, null ifhandle or IPv4 address

Here is the subscriber session info

RP/0/RSP0/CPU0:ASR9001#show subscriber session all

Mon Sep 23 17:08:46.995 EET

Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,

       ID - Idle, DN - Disconnecting, ED - End

Type         Interface                State     Subscriber IP Addr / Prefix                             

                                                LNS Address (Vrf)                             

--------------------------------------------------------------------------------

IP:DHCP      No                       CN        -                                   

RP/0/RSP0/CPU0:ASR9001#show subscriber session all detail

Mon Sep 23 17:08:48.394 EET

Interface:                None

Circuit ID:               000401690107

Remote ID:                0006001ebd7b2f00

Type:                     IP: DHCP-trigger

IPv4 State:               Up Pending, Mon Sep 23 17:08:32 2013

Mac Address:              000c.42a8.71e2

Account-Session Id:       000001e0

Nas-Port:                 67114640

User name:                unknown

Outer VLAN ID:            361

Subscriber Label:         0x0000005f

Created:                  Mon Sep 23 17:08:32 2013

State:                    Connecting

Authentication:           unauthenticated

Access-interface:         Bundle-Ether100.361

Policy Executed:

policy-map type control subscriber IP_PM

  event Session-Start match-first [at Mon Sep 23 17:08:32 2013]

    class type control subscriber DHCP do-until-failure [Succeeded]

      5 activate dynamic-template IPSUB_TPL [Succeeded]

Session Accounting: disabled

Last COA request received: unavailable

Pending Callbacks:

  Waiting for Authorization to complete

  Waiting for Authentication response from AAA

Who Me Too'd this topic