![]() |
SYSTEM ADMINISTRATOR GUIDE 85/1543-CRA 119 1170/1-V1 Uen A2 | ![]() |
Copyright
© Ericsson AB 2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademark List
SmartEdge | is a registered trademark of Telefonaktiebolaget LM Ericsson. | |
NetOp | is a trademark of Telefonaktiebolaget LM Ericsson. |
When configured as a broadband remote access server (BRAS), the SmartEdge router supports the address assignment and management of Internet Protocol version 6 (IPv6) Point-to-Point Protocol (PPP) subscribers. This document describes the configuration of IPv6 subscriber services for single (IPv6 only) and dual-stack (IPv6 and IPv4) PPP subscribers.
Before configuring IPv6 subscriber services on the SmartEdge router, you must be familiar with the differences between IPv4 and IPv6, address types supported by IPv6, and the IPv6 address format.
Table 1 describes the differences between IPv4 and IPv6.
Element |
IPv4 |
IPv6 |
Address size |
32 bits |
128 bits You do not need to type the full 128-bit address to pass a prefix to an end device. |
Number of addresses supported |
232 |
2128 |
Types of addresses supported |
Global unicast |
Global unicast, link local, multicast, anycast |
PPP address assignment |
/32 allocated through Internet Protocol Control Protocol version 4 (IPCPv4) |
No. IPv6 supports Dynamic Host Configuration Protocol version 6 (DHCPv6) Prefix Delegation (PD) or Neighbor Discovery (ND). Address assignment is encapsulation independent. |
Broadcast address |
Yes |
No; multicast is supported instead. |
Consolidated OAM |
No |
Address Resolution Protocol (ARP) and Duplicate Address Detection (DAD). |
Address auto-configuration through ND |
No |
Yes |
Prefixes |
No |
The SmartEdge assigns a prefix to its PPP subscribers. Customer-premises equipment (CPE) can have one or more prefixes assigned to a wide-area network (WAN) link, and one or more delegated prefixes for its downstream nodes. |
Fixed 40 bytes |
No |
Yes |
IPv6 addresses are 128 bits long, and the first 64 bits are reserved for routing and network addressing. IPv6 supports the following types of addresses:
Routing and Networking Part of the Address |
Unique ID Derived from the Line Card MAC Address | |
Global routing prefix of size n bits, where n can be from 1 to 56 bits. Typically, the global routing prefix is 48 bits long. |
Subnet ID of size 64 – n bits. The subnet ID can be from 8 to 16 bits, but is typically 16 bits. |
64-bit interface ID |
Routing and Networking Part of the Address |
Unique Interface ID Derived from the Line Card MAC Address | |
Subnet prefix of size n bits, where n can be from 1 to 64 bits. Typically, the subnet prefix is 10 bits. |
Interface ID of size 128 – n bits. Typically, the Interface ID is 118 bits.
|
With IPv6, an interface can have multiple IPv6 addresses of any type. For example, an interface can have three IPv6 multicast addresses, one IPv6 unicast address, and two anycast IPv6 addresses.
Some IPv6 addresses are reserved. Table 4 describes the reserved IPv6 addresses and their notation:
Address type |
Binary prefix |
IPv6 Notation |
Unspecified |
00...0 (128 bits) |
::/128 |
Loopback |
00...1 (128 bits) |
::1/128 |
Mutlicast |
11111111 |
FF00::/8 |
Link-local |
1111111010 |
FE80::/10 |
Global Unicast |
All addresses are GUAs except for the following:
|
nnn:nnn:nnn:nnn = routing prefix mmmmmmmmm = subnet ID 128-n-m = interface ID |
IPv6 addresses are typically composed of two parts: a 64-bit network or subnetwork prefix, and a 64-bit interface ID (128 bits total). Typically, IPv6 addresses are written with hexadecimal digits and colon separators in the following format:
AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH
The IPv6 hexadecimal numbering system uses decimal digits 0 to 9 and letters A, B, C, D, E, and F (which represent the numbers 10, 11, 12, 13, 14, and 15). The decimal digit 16 is represented in hexadecimal by the number 10. Each section of hexadecimal characters represents 16 bits of the address and is separated by a colon. In the previous example, AAAA represents the first section of an IPv6 address, BBBB represents the second section, and so forth.
Following is an example of an IPv6 address. In this example, all 32 hexadecimal digits are represented:
ABCD:A162:1234:1234:ABCD:1234:5432:1010
By dropping nonsignificant and leading 0s, you can shorten an IPv6 address to eight hexadecimal digits. For example, the IPv6 address 1060:0000:0000:0000:0006:0600:800C:228A can be shortened to 1060:0:0:0:6:600:800C:228A. You can shorten an IPv6 address even further by replacing consecutive 0s with double colons. For example, the IPv6 address 1060:0:0:0:6:600:800C:228A can be shortened to 1060::6:600:800C:228A.
For more information about IPv6 address formatting, see RFC 4291, IP Version 6 Addressing Architecture.
IPv6 subscriber services are supported on the following SmartEdge routers:
IPv6 subscriber services are supported on the following traffic cards only:
Subscribers can be single-stack or dual-stack. Single-stack subscribers have only one type of IP service configured (IPv4 or IPv6) and exclusively support one type of traffic (IPv4 or IPv6). Dual-stack subscribers are authorized for both IPv4 and IPv6, and can simultaneously support both IPv4 and IPv6 traffic. Although dual-stack subscribers are authorized to simultaneously support both IPv4 and IPv6 traffic, it is not necessary for both stacks to be active at the same time.
A dual-stack subscriber consists of a single circuit bound to a single interface. Table 3 shows the number of dual-stack subscribers the SmartEdge router supports for each card type:
Card Type |
Number of Sessions per System |
XCRP3 Controller card |
32,000 |
XCRP4 Controller card |
64,000 |
PPA2-based 10-port Gigabit Ethernet traffic card |
16,000 |
2-port 60 Fast Ethernet–Gigabit Ethernet traffic card |
16,000 |
1-port 10 Gigabit Ethernet traffic card |
16,000 |
PPA3-based 10-port Gigabit Ethernet |
24,000 |
PPA3-based 20-port Gigabit Ethernet |
24,000 |
The SmartEdge router supports IPv6 subscriber services for PPP and PPPoE subscribers. You can configure IPv6 prefixes statically or through DHCPv6 Prefix Delegation (PD), using the formatting rules defined in RFC 4291, IP Version 6 Addressing Architecture. The SmartEdge router uses ND to assign an IPv6 prefix to the WAN link between the BRAS and CPE router.
IPv6 Control Protocol (IPv6CP) negotiation is supported for authenticated IPv6 PPP subscribers authorized for IPv6. During IPv6CP negotiation, both ends of the PPP circuit exchange their interface IDs. If a subscriber cannot generate its own interface ID, the subscriber takes its interface ID from the subscriber record in the RADIUS database (if the record contains a client interface ID). In cases where the subscriber cannot generate an interface ID and no interface ID is available in the RADIUS database, PPP randomly generates an interface ID. The SmartEdge OS learns neighbor MAC addresses from PPP and installs those addresses in the RIB.
Dual-stack subscribers use IPv6CP for IPv6 subscribers and IPCP for IPv4 subscribers. IPCP and IPv6CP are independent of one another; if IPv6CP fails, IPCP still operates and vice-versa.
Dual-stack subscriber sessions remain active until either of the following events occur:
When IPCP and IPv6CP report that a PPP session has terminated, the SmartEdge router terminates the subscriber session.
Multibind interfaces are the only interfaces that support IPv6 subscriber services; DHCPv6 server interfaces must be configured under a multibind interface. A multibind interface allows multiple circuits to be bound to a single interface and typically is used for subscriber circuits. You can also specify a multibind interface as a last-resort interface that acts as a fallback for any incoming subscriber circuit with a subscriber record that does not include an IP address that is assigned to any other interface. If a subscriber session is established, and no valid interface exists to which it can bind, the session binds to the last-resort interface.
The following restrictions apply when you configure a multibind interface for IPv6 subscriber services:
For more information about multibind interfaces, see Configuring Contexts and Interfaces.
You can configure subscriber attributes:
The SmartEdge router uses subscriber records to configure a set of subscriber attributes that are applied to subscribers. Some examples of attributes that can be configured are the subscriber name, password, authentication, access control, rate limiting, and policing information. A record is specific to the context in which the subscriber is configured.
You can configure the following IPv6-specific subscriber attributes in a subscriber record:
You configure subscriber records in one of two ways:
Subscriber records provide local authentication and authorization information whenever a remote authentication and authorization server, such as a RADIUS server, is not available or not required.
The following RADIUS attributes are supported for IPv6 subscribers:
In addition to the subscriber record, you can create and assign two types of subscriber profiles:
Attributes in the subscriber record take precedence over identical attributes configured in the named subscriber profile, and attributes in the named subscriber profile take precedence over identical attributes configured in the default subscriber profile.
An IPv6 subscriber must be authorized through AAA before PPP negotiates connectivity and ND processes packets. If a protocol (for example, the IPv6 protocol) is not authorized, PPP does not negotiate that protocol with a client, even when the PPP negotiation process is initiated by a client.
The following AAA attributes are supported for IPv6 subscribers:
For general information about how AAA works on the SmartEdge router, see Configuring Authentication, Authorization, and Accounting.
With IPv6, DHCPv6 can get IPv6 prefixes from the Delegated-IPv6-Prefix attribute in a subscriber record. In IPv4 subscriber services, the SmartEdge router uses IPCP to assign IPv4 addresses to subscribers.
When DHCPv6 has the IPv6 prefix, the DHCPv6 server then assigns that prefix to a subscriber. If the subscriber is a CPE router, it uses the prefix to derive a set of longer prefixes that are sent to its clients. Subscribers that are not CPE routers do not use delegated prefixes.
In addition to IPv6 prefix delegation, the DHCPv6 server provides additional information to a subscriber, such as the default domain and DNS name-server address.
When configuring DHCPv6, keep in mind that:
For faster IPv6 prefix delegation, you can configure DHCPv6 to use the RAPID COMMIT option. With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. You typically use the RAPID COMMIT option when the CPE can connect to only one server.
The SmartEdge router supports both stateful and stateless DHCPv6, which are described in the sections that follow.
With stateful DHCPv6, the DHCPv6 server is used for DHCPv6 prefix delegation and maintains the dynamic state of each client. The IPv6 prefixes remain assigned to the CPE until their valid lifetimes expire, or until the CPE sends a DHCPv6 RELEASE message to the DHCPv6 server. The SmartEdge OS removes the affected routes and releases the IPv6 prefixes when:
The DHCPv6 server sends delegated IPv6 prefixes and the following DNS information to the CPE:
DNS information can be configured directly under a DHCPv6 server (in DHCPv6 server policy configuration mode) or inside a subnet configured under the DHCPv6 server (in DHCPv6 server policy subnet configuration mode). The subset of DHCPv6 attributes configured inside a subnet are applicable to that subnet only. When you configure a subnet:
With stateless DHCPv6, the DHCPv6 server sends only the following DNS information to the CPE:
In a stateless configuration, the DHCPv6 server does not maintain dynamic state of each client or delegate IPv6 prefixes to clients.
The SmartEdge router uses the Neighbor Discovery (ND) protocol to assign an IPv6 prefix to the WAN link of the CPE router. The ND IPv6 prefix comes from the Framed-IPv6-Prefix attribute, which can be statically configured or come from the RADIUS attribute.
In addition, the CPE uses ND to:
ND provides Duplicate Address Detection (DAD) and media-independent address resolution of on-link nodes.
For IPv6 subscriber services, the ND attributes are assigned in one of two ways:
Use the show nd profile command to see which profile a subscriber circuit is using for ND; use the show nd profile GLOBAL_DEFAULT_PROFILE command to see the default configuration used by the GLOBAL_DEFAULT_PROFILE.
ND supports Stateless Address Autoconfiguration (SLAAC), which enables subscribing hosts to automatically configure global IPv6 addresses on their interfaces. SLAAC uses ND to advertise an IPv6 prefix or group of prefixes on-link. The host automatically configures its interface address by appending the host interface ID to the IPv6 prefix.
The SmartEdge OS uses its own interface ID to generate the link local-address on the WAN link.
The SLAAC process is as follows:
SLAAC is supported for all IPv6 (both subscriber and nonsubscriber) circuits.
QoS is supported on IPv6 subscriber interfaces.
For information about how to configure QoS, see the following QoS documents:
Caution! | ||
Risk of IPv6 traffic being dropped. When QoS policing and metering
policies are configured such that the sum of their class-level rates
is less than or equal to the policy-level rate, traffic that conforms
to any of the per-class rates is given precedence above other traffic
when the SmartEdge OS enforces the circuit-level rate. In a dual-stack
configuration where a mix of IPv4 and IPv6 traffic is subject to a
metering or policing policy, if the router classifies traffic with
an IPv4 policy ACL or class definition, the IPv6 traffic is considered
to be non-class-conforming. The IPv4 class-conforming traffic is then
given precedence. If insufficient bandwidth is reserved for the non-class-confroming
traffic, the IPv6 traffic may be dropped. To prevent this, ensure
that sum of the rate values configured using the rate command under
each metering or policing policy class is sufficiently less than the
rate command configured at the policy level to reserve adequate bandwidth
for IPv6 and other unclassified traffic. Alternatively, ensure that
the sum of the class rates exceeds the circuit rate so that mode of
operation that gives precedence to class-conforming traffic is not
enabled.
|
You can configure IP ACLs for IPv6 administrative protection on traffic card circuits, the Ethernet management port, and administrative traffic. Policy ACLs are not supported for IPv6 traffic. For information on how to configure IP ACLs to support IPv6, see Configuring ACLs.
When an IPv6 host or CPE initiates a PPP session with a BRAS, the session establishment process is as follows:
This section describes the requirements, restrictions, configuration tasks, and operations tasks for configuring IPv6 subscriber services on the SmartEdge router.
If the subscriber is a router, we recommend assigning subscribers a /64, /56, or /48 PD prefix that can be further subdivided on downstream interfaces.
The SmartEdge router and the CPE must each have at least one link local-address each.
To configure IPv6 subscriber services on a SmartEdge router:
If you are using RADIUS authentication, skip this step. If you are using a RADIUS server for subscriber authentication, skip this step and perform Step 7.
To configure IPv6 and dual-stack subscriber services:
If you are not using RADIUS to authenticate a subscriber or do not want to configure the NAS-IPV6-Address to match the IPv6 address of the NAS, skip this step and go to step 2.
interface name multibind [lastresort]
This is the interface you want to configure to be DHCPv6 enabled.
aaa authentication subscriber [local | radius]
ipv6 delegated-prefix ipv6-prefix
ipv6 framed-prefix ipv6-prefix
Replace the ipv6-prefix argument with a unique prefix that is not a part of the interface IPv6 address or assigned to any other subscriber.
ipv6 framed-route ipv6-prefix next-hop metric
You can also configure a subset of subscriber attributes in a default or named subscriber profile, as described in " Configure the Subscriber Attributes."
For more information on configuring PPP and PPPoE, see Configuring PPP and PPPoE. To see how to configure the type of circuit you are using for your WAN link, see the appropriate section in Configuring Circuits.
The end-to-end configuration in Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services provides only those tasks that are required for configuring IPv6 and dual-stack services on a SmartEdge BRAS. However, many additional attributes can be modified or applied to IPv6 subscribers:
Subscriber attributes are applied to an IPv6 subscriber in one of the following ways:
That task that follow describes how to configure various IPv6-specific subscriber attributes in a subscriber record or profile. Perform these tasks in one of the following modes:
To configure attributes for: |
Perform these tasks in: |
---|---|
A subscriber record |
Subscriber configuration mode |
A default subscriber profile |
Default subscriber profile configuration mode |
A named subscriber profile |
Subscriber profile name configuration mode |
To configure various IPv6-specific subscriber attributes in a subscriber record or profile:
subscriber {name | default | profile}
ipv6 delegated-prefix ipv6-prefix
This command is available in IPv6 subscriber record configuration mode only; you cannot configure the ipv6 delegated-prefix command in a subscriber profile.
ipv6 framed-prefix ipv6-prefix
Replace the ipv6-prefix argument with a prefix that does overlap with any other interface prefix.
ipv6 framed-route ipv6-prefix next-hop metric
ipv6 nd-profile name
dns6 {primary | secondary} ipv6-address
Table 5 describes the additional subscriber attributes you can configure that are not stack-specific. Configure the attribute commands in subscriber, default subscriber profile, or subscriber profile name configuration mode unless otherwise specified.
For more information about these attributes and the configuration of subscriber records and profiles, see Configuring Subscribers.
Root Attribute Command |
Description |
---|---|
Uses information received from the DSLAM to adjust the rate. | |
Applies a bulkstats schema to the subscriber profile for this context. | |
Specifies the primary and secondary DNS server IPv4 addresses This attribute is applicable to IPv4 and dual-stack subscribers only. | |
flow |
Applies a flow policy. |
Configures the framed-route attribute for this context. | |
Applies IP attributes. | |
mtu |
Sets the subscriber MTU. Range is from 256 through 12800. |
Sets the NBNS server address. | |
Limits the number of sessions a subscriber can access simultaneously. | |
Sets the MTU used by PPP for the subscriber circuit. | |
Configures the PPPoE client for PPPoE subscribers. | |
Creates the message of the minute (MOTM) that the subscriber sees when first logging on. | |
Sets the subscriber’s PPPoE client to point the subscriber’s browser to a specific location after the PPP session is established | |
Modifies the internal classification settings of packets sent or received from the subscriber. | |
Sets the QoS node reference. | |
Applies a QoS policy. | |
Configures inbound and outbound policy circuit rates. | |
Sets rate adjustment. | |
sbc |
Configures the SBC adjacency. |
Sets the AAA session action. | |
Sets a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID. | |
Assigns an ATM shaping profile. | |
Sets absolute or idle session timeout value. |
Configure DHCPv6 service policy attributes:
option domain-name-server server-address
option domain-search domain-name
option information-refresh-time seconds
Range is from 600 through 4294967295 seconds.
option preference integer
A DHCPv6 server with a lower value is preferred over a server with a higher value.
Range is from 0 through 255.
With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. We recommend using the RAPID COMMIT option when there is only one server for a client to connect to.
prefix lifetime {preferred seconds valid seconds | infinite}
Set the prefix lifetime as follows:
subnet ipv6-prefix/subnet-mask [name subnet-name]
Only those options administratively configured for a subnet differ from the options configured in the top-level DHCPv6 server policy (in DHCPv6 server policy configuration mode). If you do not specify a particular DHCPv6 policy option for the subnet (in DHCPv6 server policy subnet configuration mode), the subnet configuration matches the top-level DHCPv6 server policy configuration (as specified in DHCPv6 server policy configuration mode).
Replace the ipv6-prefix argument with an IPv6 prefix. This IPv6 prefix cannot be the same as the prefix for any other interface.
option domain-name-server server-address
option domain-search domain-name
prefix lifetime {preferred seconds valid seconds | infinite}
Set the prefix lifetime as follows:
For IPv6 subscriber services, the SmartEdge router acquires ND attributes in one of two ways:
To create and configure an ND profile for IPv6 subscribers:
ra-interval seconds
ra lifetime seconds
Replace seconds with the total number of seconds the prefix remains valid.
ns-retry-interval milliseconds
reachable-time milliseconds
This attribute enables the router to detect unavailable neighbors. The reachable time value is advertised by the RA messages sent by the router.
preferred-lifetime seconds
Replace seconds with the length of time (in seconds) an advertised prefix remains preferred.
valid-lifetime seconds
Replace seconds with the length of time the addresses generated from the prefix remain valid.
To manage IPv6 subscriber service functions, perform the appropriate tasks described in Table 6. Enter the show commands in any mode.
Root Command |
Task |
---|---|
Clear DHCPv6 statistics. | |
Enable generation of debug messages for an IPv6 policy. | |
Enable generation of debug messages for the IPv6 prefix library. | |
Enable generation of debug messages for the maintenance of IP Version 6 (IPv6) prefix lists and for the comparison of IPv6 prefix entries to IPv6 prefix lists. | |
|
Enable generation of IP routing debug messages. |
Display the DCHPv6-PD log. You can filter the log history by circuit, server or client DUID, or IPv6 prefix. | |
Display the DUID that the DHCPv6 server onboard the SmartEdge is using to communicate with its DHCPv6 clients . | |
Display all the active DHCPv6 clients. Display more information with the detail keyword. | |
Display the active DHCPv6 clients on a circuit. | |
Display the active DHCPv6 clients that use a prefix. | |
Display the active DHCPv6 clients on a subnet. | |
Display DHCPv6 Statistics. Include the detail keyword in the command string to display additional information pertaining to DHCPv6 statistics. | |
Display information about all IPv6 hosts stored in the local host table for the current context. | |
Display IPv6 dynamic hostname and system ID mapping. | |
Display all static hostname-to-IPv6 address mappings stored in the local host table for the current context. | |
Display information about IPv6 interfaces, including the interface bound to the Ethernet management port on the controller card. | |
Display the IPv6 Protocol Independent Multicast (PIM) routing table. | |
show ipv6 policy access-list |
Display information about IPv6 subscriber policies configured in the current context. |
Display information about configured IPv6 prefix lists. | |
Display information about all IPv6 routes. | |
Displays ND profile information for a context. | |
Displays ND circuit information for one or more ND circuits. | |
Displays global statistics for one or more ND router interfaces. | |
Display the attributes of active IPv6 subscriber sessions. | |
Displays the total number subscribers and their encapsulations in the current context. |
The examples that follow show how to configure a SmartEdge router to provide IPv6 subscriber services to PPP subscribers.
The examples that follow provide end-to-end configuration for a SmartEdge router in a BRAS solution. The examples presented show how to configure a BRAS to use stateful and stateless DHCPv6 to support dual-stack subscribers.
This example results in a configuration where:
Figure 1 displays the network topology for this configuration example.
In this topology:
The example that follows shows the configuration of the SmartEdge router only. For RADIUS and CPE configuration, see the documentation for those products.
Configure two interfaces between the BRAS and the CPE; each interface has its own IPv4 and IPv6 GUA address. One interface is a loopback interface, and the other is a non-loopback interface. A loopback interface is not required on the WAN link; this example shows one possible configuration:
[local]BRAS#configure [local]BRAS(config)#context SJ1 [local]BRAS(config-ctx)#interface test-lb loopback [local]BRAS(config-if)#ip address 155.13.1.1/24 [local]BRAS(config-if)#ipv6 address 2001:db8:b:4f::1/64 [local]BRAS(config-if)#exit [local]BRAS(config-ctx)#interface to-cpe [local]BRAS(config-if)#ip address 155.15.1.1/24 [local]BRAS(config-if)#ipv6 address 2001:db8:b:5f::1/64
Configure the DHCPv6 server policy:
[local]BRAS(config-ctx)#dhcpv6 server [local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::2 [local]Redback(config-dhcpv6-server)#option domain-search SJ1.com [local]Redback(config-dhcpv6-server)#option preference 5 [local]Redback(config-dhcpv6-server)#option information-refresh-time 3000000 [local]Redback(config-dhcpv6-server)#option rapid-commit [local]Redback(config-dhcpv6-server)#prefix lifetime preferred 3600 valid 7200 [local]BRAS(config-dhcp-server)#subnet 2001:a:b:3f::/64 [local]Redback(config-dhcpv6-subnet)#option-domain-name-server 2008:db8:b:3f::1 [local]Redback(config-dhcpv6-subnet)#option domain-search NY1.com [local]Redback(config-dhcpv6-subnet)#prefix lifetime preferred 900 valid 1200
Configure a multibind interface to be the DHCPv6 server that uses the DHCPv6 server policy. In this example, the DHCPv6 server is a last-resort interface called test-last. Any subscriber circuit that attempts to come up binds to this interface. The ipv6 unnumbered command enables IP processing on the test-lb interface without assigning it an explicit IP address:
[local]BRAS(context)#interface test-last multibind lastresort [local]BRAS(config-if)#ipv6 unnumbered test-lb [local]BRAS(config-if)#dhcpv6 server interface
Enable AAA to authenticate subscribers through the SmartEdge router local database. Subscribers are authenticated according to parameters set in the subscriber profile for the current context:
[local]BRAS(context)#aaa authentication subscriber local
Create a user record for the subscriber test. The configuration specified in this profile is applied to subscribers destined for the IP address 155.13.1.10. The ipv6 framed-prefix command specifies the IPv6 prefix (2001:db8:b:4f::/64) assigned to the subscriber (using ND or a static assignment). The ipv6 delegated-prefix command specifies the IPv6 prefix (2001:db8:1::/48) to be used for DHCPv6 PD. The nd-profile command assigns the abc profile to the subscriber test.
[local]BRAS(context)#subscriber name test [local]BRAS(config-sub)#ip address 155.13.1.10 [local]BRAS(config-sub)#ipv6 framed-prefix 2001:db8:b:4f::/64 [local]BRAS(config-sub)#ipv6 delegated-prefix 2001:db8:1::/48 [local]BRAS(config-sub)#ipv6 nd-profile abc
Configure PPPoE encapsulation on an 802.1Q PVC and then bind the PVC using CHAP:
[local]BRAS(config)#port ethernet 12/1 [local]BRAS(config-port)#encapsulation dot1q [local]BRAS(config-port)#dot1q pvc 1 encap pppoe [local]BRAS(config-dot1q-pvc)#bind authentication chap
Create a second PVC with multiprotocol encapsulation (creating a child circuit), and set the protocol of the child circuit to PPPoE. Bind the PVC using CHAP:
[local]BRAS(config-port)#dot1q pvc 2 encapsulation multi [local]BRAS(config-dot1q-child-proto)#circuit protocol pppoe [local]BRAS(config-dot1q-child-proto)#bind authentication chap
This example results in a configuration where:
Figure 1 displays the network topology for this configuration example.
In this topology, messages are exchanged between the BRAS and the subscriber through the CPE bridge as follows:
The example that follows shows the configuration of the SmartEdge router only. For RADIUS and CPE configuration, see the documentation for those products.
Configure an interface between the BRAS and the CPE; the interface has its own IPv4 and IPv6 GUA address:
[local]BRAS#configure [local]BRAS(config)#context SJ1 [local]BRAS(config-ctx)#interface to-cpe [local]BRAS(config-if)#ip address 155.15.1.1/24 [local]BRAS(config-if)#ipv6 address 2001:db8:b:5f::1/64
Configure the DHCPv6 server policy:
[local]BRAS(config-ctx)#dhcpv6 server [local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::2 [local]Redback(config-dhcpv6-server)#option domain-search SJ1.com [local]Redback(config-dhcpv6-server)#option information-refresh-time 700
Configure a multibind interface to be the DHCPv6 server. In this example, the DHCPv6 server is a last-resort interface called test-last. Any DHCPv6 subscriber circuit that attempts to come up binds to this interface. The ipv6 unnumbered command configures the test-last interface to use the IPv6 address from the to-cpe interface:
[local]BRAS(context)#interface test-last multibind lastresort [local]BRAS(config-if)#ip unnumbered to-cpe [local]BRAS(config-if)#dhcpv6 server interface
Enable AAA to authenticate subscribers through the SmartEdge router local database. Subscribers are authenticated according to parameters set in the subscriber profile for the current context:
[local]BRAS(context)#aaa authentication subscriber local
Create a user record for the subscriber test. The configuration specified in this profile is applied to subscribers destined for the IP address 155.13.1.10. The ipv6 framed-prefix command specifies the IPv6 prefix (2001:db8:b:4f::/64) assigned to the subscriber (using ND or a static assignment). The nd-profile command assigns the abc profile to the subscriber test:
[local]BRAS(context)#subscriber name test [local]BRAS(config-sub)#ip address 155.13.1.10 [local]BRAS(config-sub)#ipv6 framed-prefix 2001:db8:b:4f::/64 [local]BRAS(config-sub)#ipv6 nd-profile abc
Configure PPPoE encapsulation on an 802.1Q PVC and then bind the PVC using CHAP:
[local]BRAS(config)#port ethernet 12/1 [local]BRAS(config)#encapsulation dot1q [local]BRAS(config-port)#dot1q pvc 1 encap pppoe [local]BRAS(config-dot1q-pvc)#bind authentication chap
Create a second PVC with multiprotocol encapsulation (creating a child circuit), and set the protocol of the child circuit to PPPoE. Bind the PVC using CHAP:
[local]BRAS(config-port)#dot1q pvc 2 encapsulation multi [local]BRAS(config-dot1q-child-proto)#circuit protocol pppoe [local]BRAS#bind authentication chap
The sections that follow provide detailed, extended configuration examples for the individual elements of a BRAS IPv6 solution.
The following example shows how to configure the NAS IPv6 address:
[local]BRAS#configure [local]BRAS(config)#context SJ1 [local]BRAS(config-ctx)#radius attribute NAS-IPV6-Address interface if1
The following example creates subscriber profile sj-sub-10:
local]Redback(config-ctx)#subscriber profile sj-sub-10 [local]Redback(config-sub)#ipv6 delegated-prefix 2001:a:b:4f::1/128 [local]Redback(config-sub)#ipv6 framed-prefix 2002:a:b:5f::1/128 [local]Redback(config-sub)#ipv6 nd-profile abc
The following example configures subscriber record test:
[local]Redback(config-ctx)#subscriber name test [local]Redback(config-sub)#ipv6 delegated-prefix 2001:db8:b:4f::1/48 [local]Redback(config-sub)#ipv6 framed-prefix 2002:a:b:5f::1/48 [local]Redback(config-sub)#ipv6 nd-profile abc [local]Redback(config-sub)#ipv6 framed-route 2010:db8:b:5f::1/48 2002:db8:b:5f::1 1000 [local]Redback(config-sub)#ipv6 source-validation [local]Redback(config-sub)#profile sj-sub-10
Configure the DHCPv6 server policy. In this example, the network administrator:
[local]Redback(config-ctx)#dhcpv6 server [local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f:: [local]Redback(config-dhcpv6-server)#option domain-search SJ1.com [local]Redback(config-dhcpv6-server)#option preference 5 [local]Redback(config-dhcpv6-server)#option information-refresh-time 3000000 [local]Redback(config-dhcpv6-server)#option rapid-commit [local]Redback(config-dhcpv6-server)#prefix lifetime preferred 3600 valid 7200 [local]Redback(config-dhcpv6-server)#subnet 2001:db8:b:3f::/68 [local]Redback(config-dhcpv6-server)#prefix lifetime preferred 2000 valid 4000 [local]Redback(config-dhcpv6-server)#subnet 2001:db8:2:2::/68 [local]Redback(config-dhcpv6-subnet)#option-domain-name-server 2008:db8:4000:1::2 [local]Redback(config-dhcpv6-subnet)#option domain-search subnet.corp.com [local]Redback(config-dhcpv6-subnet)#prefix lifetime infinite