Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1272
Views
5
Helpful
3
Replies

IPv6 Configuration via RADIUS on a Dialer Interface

joerg.micheel
Level 1
Level 1

‎06-13-2014 06:58 AM

Hi All,

 

i have to implement an IPv6 Solution for an ISP. The Status Quo in IPv4 is now that the CPE gets the IPv4 Address on the WAN Interface via RADIUS Attributes. So far so good. In IPv6 it should also work. So i have configured the RADIUS Server with the Framed-IPv6-Prefix and also with the Framed-Interface-ID Attribute and this is working. Also Good, but now the ISP want to have also a fixed IPv6 Address on the Virtual-Access Interface for the LNS.

He does it also with IPv4 with the RADIUS Attribute: <attribute name="Cisco-AVPair" op="set">lcp:interface-config#2=ip address 50.50.50.2 255.255.255.254</attribute.

So now, he can configure on the CPE and on the LNS a BGP Router Configuration in IPv4 and he knows the IP Addresses of the CPE´s and LNS´s.

Or the Boxes can be in the Management, and so far.

Now here my question: Can i provide the Interface Virtual-Access Interface, also an IPv6 Address via a RADIUS Attribute ? Or do you have another way to do this ?

 

Thx for your help or some examples for this scenario

 

Cheers Joerg

Labels:
0 Helpful
3 Replies 3

xthuijs
Cisco Employee
Cisco Employee

‎06-14-2014 08:54 AM

Hey Joerg, thanks for opening that new discussion, that other thread on the doc got stuck no longer able to reply... (noted that to the support forum people, they are looking into that, but that is on the side).

So hey, on this topic, the assignment of a static ip address on the virutal-access on an aggregator is realyl not necessary. UNLESS you have a particular routing peering that requires both ends of the link to be in the same subnet.

The way PPP works is that it installs a connected route always and anyways, so whatever is on the vaccess side, bng view, is really not important. In fact, it can even be a private address!

This can be done because this is a p2p link and it allows us to really have any address on each side.

Sometimes people want a /30 or /31 on a p2p link, just because of habit I guess, and sometimes to establish that routing adj that some protocols need, like EIGRP.

For BNG access, this vaccess side address from the vtemplate can be anything including link local.

the A9K LAC would be totally transparent to the L2TP ipv6 operation, but here are some tips and tricks when ti comes to IOS and ipv6/vtemplates and all that:

 

•RA for distributing IPv6 Prefix
–LNS distributes /64 IPv6 prefix to Client

 

•DHCPv6-PD for distributing IPv6 Prefix
–LNS distributes /48 IPv6 prefix to CPE using DHCPv6-PD; then CPE distributes /64 IPv6 prefix to Client using RA

 

•RA and DHCPv6-PD for distributing IPv6 Prefix
–LNS distributes /64 IPv6 prefix to CPE uplink using RA
–LNS distributes /48 IPv6 prefix to CPE using DHCPv6-PD; then CPE distributes /64 IPv6 prefix to Client using RA
•Single Shot AAA
–Same as RA and DHCPv6-PD (above) but only requires a single exchange with AAA server (rather than 2 exchanges)
 
 
 
Preview file
157 KB

Umpri
Level 1
Level 1
In response to xthuijs

‎01-13-2015 08:28 AM

Hi Alex!! how do you do my friend..  some questions trying to consolidate the ipv6 services with PTA model and LAA model

About these scenaries you have shown the LNS is running inside de BNG 9K or it can be in another box... for instance an asr1006 so that the BNG9K be the LAC and de 1006 be the LNS.

I ask you this because in our ipv4 broandband wholesale services we have the topology I have described you, and l2tp tunnels between our LAC and our LNS for out LAA model.

To adopt the same ipv6 solucion or template for our wholesale services (LAA) and PTA model services (namely, Telecom as retailer) what we should do? maybe it is not possible..

Regards my friend ;-)

 

@umpri
0 Helpful

xthuijs
Cisco Employee
Cisco Employee
In response to Umpri

‎01-13-2015 08:50 AM

hey Javi!

today the asr9000 doesnt have LNS functionality, so in that model you will need an asr1k to do the LNS functionality. the asr9000 can be LAC. in lac it is transparent for the L3 protocol so there is little config necessary there.

Another option may be to use IP based access with DHCP, that way you can terminate the subs and use radius double dip to authenticate against another retailer radius and pass on some vrf info to move it over to the retailer PE.

cheers!

xander

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents