Routing

Expand all | Collapse all

Framed-IPv6-Prefix incorrect

Jump to Best Answer
  • 1.  Framed-IPv6-Prefix incorrect

     
    Posted 02-14-2018 01:15

    Hi all,

     

    A relevant question this time 🙂

     

    I am using radiusdesk as the GUI interaction with freeradius and have assigned Framed-IPv6-Prefix as xxxx:xxxx:0100:0200::/64 (I apologise for not being able to supply the actual whole address - I will try and explain the issue without that)....

     

    As the prefix is a /64 I would expect an address at the CPE with 0100:0200 as the 3rd and 4th set of digits, but instead I see the following:

    xxxx:xxxx:9D:0:212:FF:FE8D:8980 - I understand the last set of digits being the MAC address, but where did the 9D:0 come from? Also, the radius is sending out the following:

     

    Sent Access-Accept Id 8 from 195.80.0.38:1812 to 195.80.0.13:53670 length 0
    Framed-IPv6-Prefix = xxxx:xxxx:9d::/64
    Framed-IPv6-Pool = "NDRA"
    Framed-IP-Netmask = 255.255.255.248
    Framed-IP-Address = 10.10.10.1

     

    But it is not configured that way, unless something strange is going on with a conversion in IPv6.... as far as I am aware eui-64 is the only change that would normally occur.....

     

    Anyone know what would cause this please?

     

    Thanks 



  • 2.  RE: Framed-IPv6-Prefix incorrect

     
    Posted 02-14-2018 01:19

    What is your actual query?

     

    Regards,

    Rahul



  • 3.  RE: Framed-IPv6-Prefix incorrect

     
    Posted 02-14-2018 01:23

    Hi Rahul,

    The Question is there.

    Why would the RADIUS issue a completely different /64 that what is configured in the Framed-IPv6-Prefix?

     

    Unless there is something happening in IPv6 that I don't know about.

     

    Primarily, I am asking if anyone has seen this before and what the resolution was.

     

    Thanks



  • 4.  RE: Framed-IPv6-Prefix incorrect

     
    Posted 02-14-2018 01:33

    Hi Clive,

     

    Do you have authd logs? Please match radius-access-accept and check what attribute is actual sent by radius.

    I remeber you're using DB and this looks to be radius issue. It is sending the wrong prefix to MX.

     

    Regards,
    Rahul



  • 5.  RE: Framed-IPv6-Prefix incorrect

     
    Posted 02-14-2018 01:46

    Hi Rahul,

     

    I have completed a separate test and the results are as follows:

     

    Framed-IPv6-Prefix - xxxx:xxxx:006d:224b::/64

    What is assigned by the RADIUS is:

    Sent Access-Accept Id 10 from 195.80.0.38:1812 to 195.80.0.13:53670 length 0
    Framed-IPv6-Prefix = xxxx:xxxx:9d::/64
    Framed-IPv6-Pool = "NDRA"
    Framed-IP-Netmask = 255.255.255.248

    Framed-IP-Address = 10.10.10.1

     

    But, the LNS sees the following for the subscriber:

    User Name: testuser@network.com
    IP Address: 10.10.10.1
    IP Netmask: 255.255.255.248
    IPv6 Prefix: xxxx:xxxx:6d00:200::/56 - Which kind of looks okay, but this is a /56
    IPv6 User Prefix: xxxx:xxxx:9d::/64 - Again, this is the 9d::/64

     

    The issue could well be what the RADIUS is doing from a functionality perspective.

     

    The CPE gets the following:

    IPv6 = xxxx:xxxx:9D:0:212:FF:FE8D:8980

     

    I will look into the RADIUS as I believe the LNS is doing as it should.

     

    Maybe some information here to help someone else.

     

    Thank you Rahul

     



  • 6.  RE: Framed-IPv6-Prefix incorrect
    Best Answer

     
    Posted 02-14-2018 01:51

    From radius, we're getting NDRA prefix and from cli PD is assigned. CPE gets the /64 and connvert it to /128 using EUI-64.

     

    Regards,

    Rahul



  • 7.  RE: Framed-IPv6-Prefix incorrect

     
    Posted 02-14-2018 03:28

    Hi Rahul,

     

    I found the issue by querying the sql database from the command line with the following command:

     

    select * from radgroupreply;

     

    And found that the user was using a different profile. Since discovered someone had changed the profile to test something else afew days ago and didn't inform me...

     

    However, I now have another issue where the CP is continually sending access requests even though the RADIUS send an access-accept with the correct credentials. That's another story that I shall investigate fully and if I get stuck will post a new quesiton.

     

    Thanks Rahul