cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
22918
Views
5
Helpful
117
Comments
xthuijs
Cisco Employee
Cisco Employee

 

Introduction

This document provides an overview of Vendor Specific attributes that can be used in the ASR9000 BNG solution. They can either be used as part of the Access Accept Radius message or COA requests to change the behavior of the session.

Vendor Specific Attributes

 

1. RADIUS Attributes for pQoS

 

ASR9000_BNG_Attributes.jpg

sub: indicates AVPair targets MQC policy on a subscriber session
<class-list>: identifies class to be added/removed or modified in the MQC policy
Multiple classes may be specified to modify classification in a nested (child) MQC policy
<qos-action-list>: policy actions to be added/overwritten in targeted class in MQC policy (see table below)
 
Supported QoS features:
•Shaping rate and percentage
•Policing rate and percentage
•Marking (CoS, DSCP, IP Prec)
•Queueing (minBW, BW remaining, priority, WRED, queue-limit)

 

 

QOS FeatureAction format in Radius attribute
Shaping

shape(<rate-in-kbps>)

shape-rpct(<rate-in-pct>)

Policing

police-rpct(<conform-rate-in-pct>,<conform-burst-in-us>,<exceed-rate-in-pct>,<exceed-burst-in-us>,    <conform-action>,<exceed-action>,    <violate-action>)

police(<conform-rate-in-kbps>,<conform-burst-in-kBytes>,<exceed-rate-in-kbps>,<exceed-burst-in-kbytes>,   <conform-action>,<exceed-action>,   <violate-action>)

Marking

set-cos(<cos-val>)

set-ip-dscp(<dscp-val>)

set-ip-prec(<precedence>)

Queuing

pri-level(<priority-level>)

bw-rpct(<pct>)

bw-rratio(<ratio>)

bw-abs(<bw-in-kbps>)

bw-pct(<bw-in-pct>)

queue-limit(<qlimit-in-packets>)

queue-limit-us(<qlimit-in-us>)

random-detect-dscp(<dscp>)

random-detect-prec(<precedence>)

 

 

Example

AVPair:“ip:qos-policy-out=add-class(sub,(class-default, VIDEO_CM), set-ip-dscp(af41), bw-abs(256))

 

 

2. VSA's for Account operations (services and logon/off)

 

 

PrimitiveRadius AVP
Account Logon

authentication cpe12 CoA cisco123

attribute 44 “<string>”                               <<< Accounting Session ID

vsa cisco generic 1 string "subscriber:command=account-logon"

Account Logoff

attribute 44 “<string>”                               <<< Accounting Session ID

vsa cisco generic 1 string "subscriber:command=account-logoff"

Account update

(used to change a profile)

attribute 44 “<string>”                               <<< Accounting Session ID

vsa cisco generic 1 string "subscriber:command=account-update”

<radius attributes to set/update>

Service Activate

attribute 44 “<string>”                               <<< Accounting Session ID

vsa cisco generic 1 string "subscriber:sa=<service-name>”

Service De-Activate

attribute 44 “<string>”                               <<< Accounting Session ID

vsa cisco generic 1 string "subscriber:sd=<service-name>”

 

 

All these operations from the first column, report an event to the control policy.

 

RP/0/RSP0/CPU0:A9K-BNG(config-pmap)#event ?

  account-logoff              Account logoff event

  account-logon               Account logon event

  authentication-failure      Authentication failure event

  authentication-no-response  Authentication no response event

  authorization-failure       Authorization failure event

  authorization-no-response   Authorization no response event

  exception                   Exception event

  service-start               Service start event

  service-stop                Service stop event

  session-activate            Session activate event

  session-start               Session start event

  session-stop                Session stop event

  timer-expiry                Timer expiry event

 

Note

Accounting session ID is the preferred session identifier. You can also use the framed-ip-address to key on the subscriber and the vrf (if applicable)

(IPv4 only):

 

Attribute 8: Framed-IP-Address

 

and starting 4.2.1:

 

Attribute 8: Framed-IP-Address + AVPair: ip:vrf-id=<vrf name>

 

Template comparison to radius attribute

 

 

 

Operation

Dynamic Template cmd

RADIUS Attribute

 

Service Activation

Service Activation

N/A

26

9,1

subscriber:sa=<service-name>

 

Network Forwarding

IP addess source intf

ipv4 unnumbered <interface>

26

9,1

ipv4:ipv4-unnumbered=<interface>

PPP framed address

N/A

8

 

framed-ip-address=<IPv4   address>

PPP Address Pool

ppp ipcp peer-address pool <addr pool >

26

9,1

ipv4:addr-pool=<addr pool name>

PPP framed pool

N/A

88

 

framed-pool=<addr pool name>

PPP framed route

N/A

22

 

framed-route=<subnet><mask>

VRF

vrf <vrf name>

26

9,1

subscriber:vrf-id=<vrf name>

V4 DNS

ppp ipcp dns <pprimary dns ip> <secondary dns ip>

26

9.1

ip:primary-dns=<primary dns ip>

Ip:secondary-dns=<secondary dns ip>

DHCP classname

N/A

26

9,1

subscriber:classname=<dhcp-class-name>

 

 

Traffic Accounting

Accounting

accounting aaa list <method list> type session

26

9,1

subscriber:accounting-list=<method list>

Interim Interval

accounting aaa list <method list> type session periodic-interval <minutes>

85

 

Acct-Interim-Interval   <minutes>

Dual Stack Accnt Start Delay

accounting aaa list <method list> type session dual-stack-delay <secs>

  

subscriber:dual-stack-delay=<sec>

 

Session Administration

keepalives

keepalive <sec>

26

9,1

subscriber:keepalive=interval<sec>

NOT SUPPORTED/Implemented

Absolute Timeout

ppp timeout absolute <sec>

27

n/a

session-timeout=<sec>

Idle Timeout

timeout idle <sec>

28

n/a

idle-timeout=<sec>

 

 

Traffic conditioning

HQoS(with SPI)

service-policy input <in_mqc_name> shared-policy-instance <spi-name>

service-policy output <out_mqc_name> shared-policy-instance <spi-name>

26

9,1

subscriber:sub-qos-policy-in=<in_mqc_name> [shared-policy-instance   <spi-name> ]

subscriber:sub-qos-policy-out=<out_mqc_name> [shared-policy-instance   <spi-name>]

pQoS

N/A

26

9,1

subscriber:qos-policy-in=add-class(target policy (class-list) qos-actions-list)

subscriber:qos-policy-in=remove-class(target policy (class-list))

subscriber:qos-policy-out=add-class(target policy (class-list) qos-actions-list)

subscriber:qos-policy-out=remove-class(target policy  (class-list))

Subscriber ACLs/ABF

ipv4 access-group <in_acl_name> in

Ipv4 access-group <out_acl_name> out

ipv6 access-group <in_v6acl_name> in

ipv6 access-group <out_v6acl_name> out

26

9,1

ipv4:inacl=<in_acl_name>

ipv4:outacl=<out_acl_name>

ipv6:ipv6_inacl=<in_v6acl_name>

ipv6:ipv6_outacl=<out_v6acl_name>

HTTP-R

service-policy type pbr <HTTR policy   name>

26

9,1

subscriber:sub-pbr-policy-in=<HTTR policy name>

 

 

IPv6 Attributes

 

Attribute

Defined By

Received In

IPv6 Client

Address Assignment

Dynamic Template   equivalent config

Framed-Interface-Id (96)

RFC3162

Access-Accept

PPPoE

Any

ppp ipv6cp peer-interface-id <64bit #>

Framed-IPv6-Prefix (97)

RFC3162

Access-Accept

PPPoE

SLAAC

N.A.

Framed-IPv6-Route (99)

RFC3162

Access-Accept CoA

Any

Any

N.A.

Framed-IPv6-Pool (100)

RFC3162

Access-Accept

PPPoE

SLAAC

ipv6 nd   framed-prefix-pool <name>

Framed-ipv6-Address   (*)

draft-ietf-radext-ipv6-access-06

Access-Accept

PPPoE, IPoE

DHCP6 (Local   Server)

N.A.

Stateful-IPv6-Address-Pool(*)

draft-ietf-radext-ipv6-access-06

Access-Accept

PPPoE, IPoE

DHCP6 (Local   Server)

dhcpv6   address-pool <name>

Delegated-IPv6-Prefix-Pool   (*)

draft-ietf-radext-ipv6-access-06

Access-Accept

PPPoE, IPoE

DHCP6 (Local   Server)

dhcpv6   delegated-prefix-pool <name>

DNS-Server-IPv6-Address   (*)

draft-ietf-radext-ipv6-access-06

Access-Accept

PPPoE, IPoE

DHCP6 (Local   Server)

To be   configured in DHCPv6 server profile

Delegated-IPv6-Prefix

RFC4818

Access-Accept

PPPoE, IPoE

DHCP6 (Local   Server)

N.A.

 

NOTE

IETF has not yet allocated numeric values for newly defined attributes in

draft-ietf-radext-ipv6-access-*

Following Cisco VSAs have been temporarily defined to close such gap

Framed-ipv6-Address

“ipv6:addrv6=<ipv6 address>”

Stateful-IPv6-Address-Pool

“ipv6:stateful-ipv6-address-pool=<name>”

Delegated-IPv6-Prefix-Pool

“ipv6:delegated-ipv6-pool=<name>”

DNS-Server-IPv6-Address

“ipv6:ipv6-dns-servers-addr=<ipv6   address>”

 

Radius Accounting bytes and packets

 

the following accounting attributes pertaining to packet accounting for the ASR9000 solution, also specific to IPv6

 

Attribute

Defined By

Description

Acct-Input-Octets     (42)

RFC2866

Session input total   byte count

Acct-Input-Packets    (47)

RFC2866

Session input total   packet count

Acct-Output-Octets    (43) 

RFC2866

Session output   total byte count

Acct-Output-Packets (48)

RFC2866

Session output   total packet count

Cisco VSA   (26,9,1): acct-input-octets-ipv4

Cisco

Session input IPv4   byte count

Cisco VSA   (26,9,1): acct-input-packets-ipv4

Cisco

Session input IPv4   packet count

Cisco VSA   (26,9,1): acct-output-octets-ipv4

Cisco

Session output IPv4   byte count

Cisco VSA   (26,9,1): acct-output-packets-ipv4

Cisco

Session output IPv4   packet count

Cisco VSA   (26,9,1): acct-input-octets-ipv6

Cisco

Session input IPv6   byte count

Cisco VSA   (26,9,1): acct-input-packets-ipv6

Cisco

Session input IPv6   packet count

Cisco VSA   (26,9,1): acct-output-octets-ipv6

Cisco

Session output IPv6   byte count

Cisco VSA   (26,9,1): acct-output-packets-ipv6

Cisco

Session output IPv6   packet count

Cisco VSA   (26,9,1): connect-progress

Cisco

Indicates   Session set up connection progress

3.

 


Dynamic Route insertion

 

RADIUS attribute example  for different type of framed-route:

 

PPPoE V6 route

Framed-IPv6-Route = "45:1:1:1:2:3:4:5/128 :: 4 tag 5”

 

PPPoE v4 route

Framed-Route = "45.1.6.0 255.255.255.0 0.0.0.0 6 tag 7”

 

IPoE v4 route

Framed-Route = "vrf vpn1 45.1.4.0/24 vrf vpn1 0.0.0.0 4 tag 5”

 

4. Route destribution (please don't!)

 

router bgp 100

address-family ipv4 unicast

  redistribute subscriber <route-policy>

 

Xander Thuijs CCIE#6775

Principal Engineer, ASR9000

Comments
xthuijs
Cisco Employee
Cisco Employee

Ah, if you do vrf's then I wanted to let you know about another interesting thing.

I see you have an unnumbered on the dynamic template already.

If this is not in the same vrf already as the vrfID you are passing from radius, then this looks like to the system you are doing a vrf transfer that it can't support.

So when you want to assign the vrf, the unnumbered and vrfID are best path BOTH from radius

and not having the unnumbered on the dynamic template.

uRPF is the same pps performance impact for v4 and v6. Basically it means we have to do a full leaf lookup on ingress which costs a bit of pps.

cheers

xander

andersonlich
Community Member

Hi xander,

im still not able to send default gateway from Radius to CPE using this attribute "ipv4:default-ipv4-gateway=<gateway>"

I also looked the IOS-XR has release version 5.1.1, do you think is gonna work on newest version ?

thank you

Anderson

xthuijs
Cisco Employee
Cisco Employee

I notice that I might need to add a sw ver column to the tables, to identify in which release certain things are supported for clarity! I apologize.

I checked the sources and it seems that this attribute was added for 510.

I would recommend taking the 511.

I havent tested this myself so I cant say from personal experience whether this works or not, but for sure the attribute definition is there in 510+. (Still looking for the handler in ipoe!)

regards

xander

andersonlich
Community Member

Hi Xander,

i have upgrade my ASR9001 to version 5.1.1 but still i have no luck to give default-gateway to CPE.

and the CPE has already receive IP address and Netmask from the Radius, only default-gateway that CPE doesn't recieved.

radius user config:

000c.4270.3bb0

                Class = service-a,

                Framed-IP-Address = 10.10.10.2,

                Framed-IP-Netmask = 255.255.255.0,

                Cisco-avpair = "ipv4:default-ipv4-gateway=10.10.10.1",

                Delegated-IPv6-Prefix = 200x:abc:abc:4::/64

for IPv6 is perfectly working from radius.

do you think i should open tac for this case ?

thank you

anderson

xthuijs
Cisco Employee
Cisco Employee

hi anderson, yeah I am afraid a tac case is best for this, because we need to collect some traces and find out why this default gateway is not passed on into the dhcp offer to the subscriber.

When you open the tac case make sure you collect:

debug dhcp ipv4 pack/err/event

debug dhcp ipv4 proxy event/int/<cr>

debug radius det

there may be a few more necessary, but this will give a good start from the dhcp and radius point of view.

cheers

xander

smailmilak
Level 4
Level 4

Hi guys,

I am making good progress. IPv6 is working with local DHCP IPv6 server. Now I want to use RADIUS for prefix delegation

and SLAAC for framed prefix. Unfortunately this is not working.

This is the working config:

pool vrf dualstack ipv6 DS_FRAMED_POOL

address-range 2a02:27b0:4040:: 2a02:27b0:4040::fffe

!

pool vrf dualstack ipv6 DS_DELEGATED_POOL

prefix-length 56

network 2a02:27b0:4400::/40

!

dhcp ipv6

profile DS_DHCP server

  lease 0 1 0

  dns-server 2001:4860:4860::8844

  prefix-pool DS_DELEGATED_POOL

  address-pool DS_FRAMED_POOL

!

interface subscriber-pppoe profile DS_DHCP

dynamic-template

type ppp BNG_DUALSTACK_TEMPLATE

  ppp authentication chap pap

  keepalive 30

  ppp ipcp dns 10.100.35.10 10.100.36.10

  accounting aaa list default type session

  ipv4 mtu 1492

  ipv4 unnumbered Loopback10068

  ipv6 mtu 1492

  ipv6 enable

  dhcpv6 address-pool DS_FRAMED_POOL

  dhcpv6 delegated-prefix-pool DS_DELEGATED_POOL

Then I removed the dhcp ipv6 server and dhcpv6 delegated-prefix-pool DS_DELEGATED_POOL

and added ipv6 nd framed-prefix-pool DS_FRAMED_POOL under the dynamic-template.

And in RADIUS I have this:

Cisco-AVPair = "ipv6:delegated-ipv6-pool=DS_DELEGATED_POOL"

Here is the error, please take a look at the disconnect reason.

"debug pool allocations" is not giving any info about IPv6!

Interface:                Bundle-Ether12.3102.pppoe1530

Circuit ID:               MALTA_3 atm 1/1/07/40:8.35

Remote ID:                Unknown

Type:                     PPPoE:PTA

IPv4 State:               Up, Mon Feb 10 13:20:00 2014

IPv4 Address:             100.68.0.2, VRF: dualstack

Mac Address:              a0ec.801e.ed84

Account-Session Id:       000019a6

Nas-Port:                 Unknown

User name:                dual2

Outer VLAN ID:            3102

Subscriber Label:         0x00000076

Created:                  Mon Feb 10 13:20:00 2014

State:                    Activated

Authentication:           authenticated

Access-interface:         Bundle-Ether12.3102

Policy Executed:

policy-map type control subscriber BNG_DUALSTACK

  event Session-Start match-all [at Mon Feb 10 13:20:00 2014]

    class type control subscriber MATCH_DS do-until-failure [Succeeded]

      1 activate dynamic-template BNG_DUALSTACK_TEMPLATE [Succeeded]

  event Session-Activate match-all [at Mon Feb 10 13:20:00 2014]

    class type control subscriber MATCH_DS do-until-failure [Succeeded]

      1 authenticate aaa list default [Succeeded]

Session Accounting:       

  Acct-Session-Id:          000019a6

  Method-list:              default

  Accounting started:       Mon Feb 10 13:20:00 2014

  Interim accounting:       Off

Last COA request received: unavailable

[Last IPv6 down]

Disconnect Reason:        ND - Interface state down or pool allocation

                          failure

Update:

I changed from

pool vrf dualstack ipv6 DS_FRAMED_POOL

address-range 2a02:27b0:4040:: 2a02:27b0:4040::fffe

to

pool vrf dualstack ipv6 DS_FRAMED_POOL

prefix-length 64

prefix-range 2a02:27b0:4040:: 2a02:27b0:4040:ffff::

and the modem gets a prefix, but the delegation is still not working.

I have to check if Free Radius is responsible for this.

andersonlich
Community Member

hi xander,

after i debug my router doesn't recieved the attribute. any idea why this is happened ?

Cisco-avpair = "ipv4:default-ipv4-gateway=10.10.10.1"

RP/0/RSP0/CPU0:Feb 11 11:39:10.286 : radiusd[1114]:  RADIUS: Received from id 80 my_radiator_ip:1645, Access-Accept, len 82

RP/0/RSP0/CPU0:Feb 11 11:39:10.286 : radiusd[1114]:  RADIUS:  authenticator 5C F0 4F BD 3E 28 31 07 - 3D 93 3C 81 B5 A1 A9 A6

RP/0/RSP0/CPU0:Feb 11 11:39:10.286 : radiusd[1114]:  RADIUS:  Framed-IP-Address   [8]     6       10.10.10.2

RP/0/RSP0/CPU0:Feb 11 11:39:10.286 : radiusd[1114]:  RADIUS:  Class               [25]    10      service-a

RP/0/RSP0/CPU0:Feb 11 11:39:10.286 : radiusd[1114]:  RADIUS:  Framed-IP-Netmask   [9]     6       255.255.255.0

RP/0/RSP0/CPU0:Feb 11 11:39:10.286 : radiusd[1114]:  RADIUS:  Delegated-IPv6-Prefix[123]   20             

RP/0/RSP0/CPU0:Feb 11 11:39:10.287 : radiusd[1114]: Freeing server group transaction_id (14000024)

andersonlich
Community Member

Hi xander,

beside the IPoE, i also deploying PPPoE dual stack in ASR9001. for IPv4 everything is working fine with my scenario. but for IPv6 i have a little problem. the subscriber have succeed to get IPv4 and IPv6 address. but seems like the IPv6 Traffic is stuck in the BNG. im sure i have verify the routing ipv6 accross my network it is right, no problem with the IPv6 Routing.

this is my 1st time deploying PPPoE dual stack in IOS-XR Platfrom, i've done this before in IOS-XE platform and it working well.

# version 5.1.1

# my CPE has IPv6 default-route which got from the BNG

# my CPE can ping to loopback IPv6 BNG but my CPE can't ping other IPv6 network in internet.

# if i change it into IPoE, the CPE can ping IPv6 among my network and internet.

# in IOS-XR platform, how can we define ipv6 unnumbered <interface> ?, because i used it in my virtual-template at IOS-XE platform.

# if i traceroute from my CPE, the 1st hop is link-local my BNG address. if i compare with IOS-XE the 1st hop is my IPv6 loopback router.

dynamic-template

type ppp PPPOE

  ppp authentication pap chap

  keepalive 10

  ppp ipcp dns ip.dns.1 ip.dns.2

  accounting aaa list default type session periodic-interval 5

  ipv4 mtu 1492

  ipv4 unnumbered Loopback0

  ipv6 enable

class-map type control subscriber match-any PPPOE

match protocol ppp

end-class-map

policy-map type control subscriber PPPOE

event session-start match-first

  class type control subscriber PPPOE do-until-failure

   10 activate dynamic-template PPPOE

  !

!

event session-activate match-first

  class type control subscriber PPPOE do-until-failure

   10 activate dynamic-template PPPOE

   20 authenticate aaa list default

   interface Bundle-Ether100.908

description "Test Subscriber Interface VLAN908"

service-policy type control subscriber PPPOE

pppoe enable bba-group PPPOE

encapsulation dot1q 908

show subscriber session all 

PPPoE:PTA    BE100.908.pppoe228       AC        10.20.126.1 (default)             

                                                200a:d1a:9408:40::/64 (default)     

                                                200a:d1a:9409:40::/64 (default)   

sh ppp interfaces

Tue Feb 11 16:54:08.876 GMT

Bundle-Ether100.908.pppoe247 is up, line protocol is up

  LCP: Open

     Keepalives enabled (10 sec, retry count 5)

     Local MRU: 1492 bytes

     Peer  MRU: 1480 bytes

  Authentication

     Of Peer: PAP (Completed as mikrotik-iosxr)

     Of Us:   <None>

  IPCP: Open

     Local IPv4 address: 10.200.200.200

     Peer IPv4 address:  10.20.126.1

     Peer DNS primary:   8.8.8.8

     Peer DNS Secondary: 8.8.4.4

  IPv6CP: Open

     Local IPv6 address: fe80::8678:acff:fe2b:7263

     Peer IPv6 address:  fe80::a

xthuijs
Cisco Employee
Cisco Employee

Aha that is interesting!! can you check the logs from your radius server to see if it was able to find the definition

for the Cisco-avpair in the dictionary?

also it looks like you may be using radiator, which generally wants to be restarted if the user files change (I thought).

this is not a bNG problem we are facing here, but something in the radius server.

Attributes are also case sensitive, so check what the dictionary definition is for 26,9,1 (vendor specific, cisco, clear text avpair/cisco-avpair). And use the precise capitalization in your users profile.

cheers

xander

xthuijs
Cisco Employee
Cisco Employee

you are probably using a SLAAC assignment on the WAN side of your CPE.

So a few things to try are:

-ping from the cpe with the source address of your "inside"/LAN interface to make sure the ping is soruced with a routable and not a link local address

-verify the routing on your CPE to see what the default points to

-enable a debug icmp to find out how the ping is sourced and where it comes from

-if it keeps timing out, set a retransmit high and a timeout to 0 and start the ping, verify the NP counters on the ingress side of the npu and see if there is a drop counter associated with it that would point us to something.

we dont need an ipv6 unnumbered because we're doing link local on the wan side link.

that link local is provided by the ipv6 enable already.

regards

xander

andersonlich
Community Member

hi xander

section PPPOE:

i can ping ipv6 from address LAN CPE to my loopback BNG, but outside of the BNG was RTO.

default route CPE is from link-local BNG = fe80::e6c7:22ff:fe55:9683

ping from cpe loopback address BNG

ping 200a:d1a::233 src-address=200a:d1a:9409:40:: 

HOST                                     SIZE TTL TIME  STATUS                  

200a:d1a::233                              56  64 1ms   echo reply              

200a:d1a::233                              56  64 1ms   echo reply              

200a:d1a::233                              56  64 1ms   echo reply              

200a:d1a::233                              56  64 1ms   echo reply              

200a:d1a::233                              56  64 1ms   echo reply              

    sent=5 received=5 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=1ms

ping from cpe to another router loopback

ping 200a:d1a::2d src-address=200a:d1a:9409:40::

HOST                                     SIZE TTL TIME  STATUS                  

200a:d1a::2d                                            timeout                 

200a:d1a::2d                                            timeout                 

200a:d1a::2d                                            timeout                 

200a:d1a::2d                                            timeout

is this what you mean about the NP counters ?

show controllers NP counters np0 location 0/0/CPU0 | i IPV6

Wed Feb 12 14:51:39.045 UTC

102  PARSE_ING_IPV6_LINK_LOCAL                                934           0

111  PARSE_EGR_INJ_PKT_TYP_IPV6                               255           0

115  PARSE_EGR_INJ_PKT_TYP_IPV6_PREROUTE                     2573           0

116  PARSE_EGR_INJ_PKT_TYP_IPV6_LINK_LOCAL                    132           0

158  PARSE_DROP_IPV6_DISABLED                                   1           0

558  RSV_EGR_IPV6_LINK_LOCAL                                  132           0

864  IPV6_TTL_ERROR                                           169           0

946  PUNT_IPV6_ADJ_NULL_RTE                                    13           0

section IPOE:

i do believe that i have the attribute :

# Here are some attributes that will allow us to work with Cisco

#

VENDOR          Cisco   9

VENDORATTR      9       cisco-avpair                        1       string

VENDORATTR          9       Cisco-NAS-Port                      2       string

--truncate--

user file :

000c.4270.3bb0

                Class = service-a,

                Framed-IP-Address = 10.10.10.2,

                Framed-IP-Netmask = 255.255.255.0,

                cisco-avpair = "ipv4:default-ipv4-gateway=10.10.10.1",

                Delegated-IPv6-Prefix = 2001:d10:9409:4::/64

and now BNG has received the attribute cisco-avpair:

RP/0/RSP0/CPU0:Feb 12 13:29:54.113 : radiusd[1109]:  RADIUS:  authenticator C4 F2 46 A9 66 40 43 6F - 31 84 EA FC E3 AB 53 36

RP/0/RSP0/CPU0:Feb 12 13:29:54.113 : radiusd[1109]:  RADIUS:  Framed-IP-Address   [8]     6       10.10.10.2

RP/0/RSP0/CPU0:Feb 12 13:29:54.113 : radiusd[1109]:  RADIUS:  Class               [25]    10     service-a

RP/0/RSP0/CPU0:Feb 12 13:29:54.113 : radiusd[1109]:  RADIUS:  Framed-IP-Netmask   [9]     6       255.255.255.0

RP/0/RSP0/CPU0:Feb 12 13:29:54.113 : radiusd[1109]:  RADIUS:   Vendor-Specific    [26]    47     

RP/0/RSP0/CPU0:Feb 12 13:29:54.113 : radiusd[1109]:  RADIUS:  Delegated-IPv6-Prefix[123]   20    

     but still my CPE didn't get the default-gateway from BNG.

thanks for the helps

anderson

smailmilak
Level 4
Level 4

Hi,

Isarnet is asking if it's possible to get replicated accounting info from the BNG for CGNAT logging (IsafFlow).

Idea is that the BNG sends accounting to the RADIUS server and the same packets to IsarFlow.

Can this be done with adding a new radius server group in the aaa subscriber accounting line?

I can not test this now because of missing software, so I have to ask here.

Thank you!

xthuijs
Cisco Employee
Cisco Employee

You want to send duplicate accounting records to 2 servers at the same time?

If so yes that can be done; this is called broadcast accounting and can be defined under your server-group that is used for the accounting list.

If you want to modify the accounting records by adding packets/bytes to it, no that cannot be done.

regards

xander

smailmilak
Level 4
Level 4

Aha, I saw this broadcast command a few minutes ago.

Thank you Xander.

Artsiom Maksimenka
Community Member

Hello Xander et al,

Finally does this AVP work? We tried on our ASR9k 5.1.1

Cisco-AVPair = "ipv4:default-ipv4-gateway=10.10.10.1"

is parsed successfully but not applied.

BR

Artsiom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links