Replying to myself : The "-dhcpv6" stuff appears when the radius does not reply to the access-request with a "Delegated-IPv6-Prefix" field. That may be a quite useful thing, but it's a shame it brokes the IPv4 part of the dialer if user@realm*-dhcpv6* does not exist !
if somebody knows any doc or RFC that refers to that... Regards Le mer. 19 janv. 2022 à 14:59, BASSAGET Cédric <[email protected]> a écrit : > Hello, > > I'm trying to deploy IPv6 for our PPP customers. Our LNS is an asr-1001x, > which work just fine for ipv4. > > I have a strange behavior when trying to push IPv6 (NA + PD) to the client > CPE (cisco 800 in my lab). > > *Here's my CPE dialer config :* > > interface Dialer1 > mtu 1460 > ip address negotiated > ip access-group ACL_dialer1_in in > ip nat outside > no ip virtual-reassembly in > encapsulation ppp > dialer pool 1 > dialer-group 1 > ipv6 address autoconfig default > ipv6 enable > no ipv6 nd ra suppress > ipv6 dhcp client pd DHCPv6 > ppp authentication chap callin > ppp chap hostname user@realm > ppp chap password 7 xxxxxxxxxxxxxx > end > > *Here's my LNS config relevant parts :* > > aaa authorization configuration DHCPv6-PD group radius > > ipv6 dhcp pool IPv6_DHCP_POOL > prefix-delegation aaa method-list DHCPv6-PD lifetime 7200 300 > address prefix 2A06:A402:1::/56 > accounting default > > interface Virtual-Template285 > mtu 1492 > ip unnumbered Loopback285 > no ip redirects > ip access-group VC_BE_out in > ip tcp adjust-mss 1420 > no peer default ip address > peer default ipv6 pool IPv6_DHCP_POOL > ipv6 unnumbered Loopback285 > ipv6 enable > ipv6 nd other-config-flag > no ipv6 nd ra suppress > ipv6 dhcp server IPv6_DHCP_POOL > no ppp lcp fast-start > ppp authentication pap chap > ppp ipcp dns x.x.x.x x.x.x.x > ppp ipcp address required > ppp ipcp address unique > ppp ipv6cp address unique > end > > > So I want to give an ipv6 from 2A06:A402:1::/56 as NA address for the CPE, > and PD is given by my radius with dhcp > > The problem I have is the following : > the moment I add "ipv6 dhcp server IPv6_DHCP_POOL" in my virtual-template > configuration on the LNS, the LNS sends an other access request to my > radius with username = user@realm*-dhcpv6.* > > as this user is unknown on my radius, it gets an access-reject and the > CPE's PPP session goes down. > > I can't find where this "-dhcpv6" suffix comes from, and I did not find > doc about it. > > Can anyone help me please ? I'm going crazy ! > Regards > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
