Routing

Hi, 

I know this is Juniper forums and this issue could be Juniper related or it could be Cisco, so I am starting intuitively at the Juniper side. Set up:

RADIUS (freeRADIUS) --> SRX1500 --> MX240 (core) --> MX240 (LNS) --> Cisco 2620 (LAC) --> Cisco 1841 (CPE)

IPv4 works from end to end with no issues at all. For IPv6, I am using the foolowing 2 attributes on the Radius:

Framed-IPv6-Prefix

Framed-IPv6-Address

When an authentication request comes in from the CPE, this is the response from the RADIUS:

Sent Access-Accept Id 80 from 195.80.0.38:1812 to 195.80.0.13:65235 length 0
Framed-IPv6-Prefix = 2a05:d840:9d::/56
Framed-IPv6-Address = 2a05:d840:9d:ffff:ffff:ffff:0:1

This is excellent. The RADIUS is respondin with the attributes as I have asked it to.

What I see at the CPE during a debug is this:

*Mar 17 23:28:59.194: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 17 23:28:59.606: IPV6: source FE80::212:FF:FE8D:8980 (local)
*Mar 17 23:28:59.606:       dest FF02::1 (Serial0/0)
*Mar 17 23:28:59.606:       traffic class 224, flow 0x0, len 64+16, prot 58, hops 255, originating
*Mar 17 23:28:59.606: IPv6: Sending on Serial0/0
*Mar 17 23:28:59.606: IPV6: source FE80::212:FF:FE8D:8980 (local)
*Mar 17 23:28:59.606:       dest FF02::16 (Serial0/0)
*Mar 17 23:28:59.606:       traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 17 23:28:59.606: IPv6: Sending on Serial0/0
*Mar 17 23:28:59.606: IPV6: source FE80::212:FF:FE8D:8980 (local)
*Mar 17 23:28:59.606:       dest FF02::16 (Serial0/0)

When I look at the interface I see that an IPv4 address has been assigned by the LNS pool range (as expected as the back up to the RADIUS if it was to fail). 

Serial0/0                  192.168.85.20   YES IPCP   up                    up

The wireshark trace seems to indicate that the LNS is sending or forwarding the IPv6 request.... I really do not know where the problem is regarding this. I have configured the LNS as per instructions and it should be working okay.....

Any help would be appreciated.

Thanks

Hi,

Can you please authd log and configuration?

Regards,

Rahul

Hi Rahul,

As an update to this issue, with Rahul's great help, I thought I would mention it here:

Radius attributes with IPv4 work perfectly. Even when the RADIUS is disconnected the LNS assigns from the local pool, which is absolutely perfect and as expected with the configuration.

When I enable the Serial interface on the CPE (Cisco 1841) and it send out it's authentication request, I see this arrive at the RADIUS and the RADIUS sends an access-accept with the correct prefix listed. In fact, it even puts the route in the inet.6 table as access over the private medium. This is correct. When I type "run show subscriber extensive" this actually shows the IPv6 prefix within the information and even assigns 1 to the subscriber. What I am not seeing on the Cisco is an IPv6 address, only the EUI-64 address on the IPv6CP serial interface. I know Rahul is looking at this issue for me and that is very kind of him, but wanted to update here for other peoples knowledge too and to hopefully help them with information. If anyone else has any idea that would be great..... Thanks

From the PCAP and configuration, noticed that MX was not initiating the IPv6 RA. To assign address to CPE via NDRA, MX should send IPv6 RA after IPv6CP neogtiation but i didn't seen the same in your setup and this may be reason CPE not getting the IPv6 address.

Please make sure you see below output in your test enviornment. I am assigning the address via local pool using your configuration.

jtac@mx480-r2022-re0# run show ipv6 router-advertisement
Interface: si-2/0/0.3221225475
  Advertisements sent: 3, last sent 0:00:06 ago
  Solicits received: 0
  Advertisements received: 0

I can see you are sending below two attributes from radius.

Framed-IPv6-Prefix
Framed-IPv6-Address

Framed-IPv6-Address is not supported in MX. Please disable the radius and assign the address via local pool for testing purpose and make sure you can see IPv6 RA sent by MX.

I'll suggest next steps once you finish the above testing and share the PCAP and output of "show ipv6 neighbor"

Regards,

Rahul N

Hi Rahul,

To keep this updated. 

I have completed the following:

Remove the AAA authentication and coinfigure "None".

Complete a PCAP trace for you from between the LNS and the LAC. 

There is still no Router-Advertisement occuring on the LNS.

Thanks

Hi Rahul,

Latest update is that I have upgraded the MX240 to version 16.1R6.7 and re-tested. When completing the command "run show ipv6 router-advertisement" I get the following response:

Interface: si-1/2/0.3221225473
Advertisements sent: 3, last sent 0:00:04 ago
Solicits received: 0
Advertisements received: 0

Which shows that we are at least getting the advertisement. Again, the prefix is in the routing table and the subscriber seems to be assigned the addresses. The problem still exists though:

No IPV6CP address assigned.

Made a little progress today. Thank you again for your help Rahul.

Regards

Clive

Thank you Clive. I believe below knob should fix the issue on cisco side.

ipv6 address autoconfig default

Regards,.
Rahul

Excellent help from Rahul.

After adding the following command to the Cisco router "ipv6 address autoconfig default" everything works.

Great help as always from Rahul.