XR: BNG deployment guide - Page 6 - Cisco Support Community [PDF]

interface GigabitEthernet0/0/0/0 bundle id 100 mode on

interface Bundle-Ether100 bundle load-balancing hash dst-ip

Tue Apr 5 16:55:45 2011: [17224] message received from 3.0.0.234/49080.12 code=4, length=361 Tue Apr 5 16:55:45 2011: [17224] Acct-Interim-Interval = 60 Tue Apr 5 16:55:45 2011: [17224] Acct-Status-Type = Stop Tue Apr 5 16:55:45 2011: [17224] Cisco-avpair = "if-handle=167774432" Tue Apr 5 16:55:45 2011: [17224] Cisco-avpair = "client-macaddress=0010.9441.0001" Tue Apr 5 16:55:45 2011: [17224] Acct-Session-Id = "00000054“

interface Bundle-Ether1.50 service-policy type control subscriber PPP_IP_PM1 pppoe enable bba-group default encapsulation ambiguous dot1q { any | } dot1ad { any | } dot1q second-dot1q { any | } dot1ad second-dot1q { any | }

RP/0/RSP0/CPU0:A9K-BNG#show run | i radius-server Fri Mar 16 12:40:15.791 EDT Building configuration... radius-server host 3.0.0.38 auth-port 1645 acct-port 1646 radius-server attribute list LIST RP/0/RSP0/CPU0:A9K-BNG#sh route 3.0.0.38 Routing entry for 3.0.0.0/8 Known via "connected", distance 0, metric 0 (connected) Installed Feb 22 15:42:37.812 for 3w1d Routing Descriptor Blocks directly connected, via MgmtEth0/RSP0/CPU0/0 Route metric is 0 No advertising protos.

RP/0/RSP0/CPU0:A9K-BNG#sh run int mgmtEth 0/rsP0/CPU0/0 Fri Mar 16 12:40:26.121 EDT interface MgmtEth0/RSP0/CPU0/0 ipv4 address 3.0.0.233 255.0.0.0 !

Thu Mar 15 11:55:12 2012: [18848] NAS-IP-Address = 3.0.0.233

aaa attribute format NAS-PORT-ID circuit-id plus remote-id ! aaa radius attribute nas-port-id format NAS-PORT-ID

Thu Mar 15 11:55:12 2012: [18848] NAS-Identifier = "A9K-BNG"

aaa radius attribute nas-port format e [type ]

Zero : 0 One : 1 Slot : S Adapter : A Port : P (Outer) VLAN Id : V Session-Id : U Inner VLAN ID: Q Ex “SSSSAAPPPPPVVVVVVVVVVVVVVVVVVVVV”

ETHERNET 15 PPPOEOE 32 PPPOEOVLAN 33 PPPOEOQINQ 34 VIRTUAL_PPPOEOE 35 VIRTUAL_PPPOEOVLAN 36 VIRTUAL_PPPOEOQINQ 37

event session-activate match-first class type control subscriber CLASS do-until-failure 10 activate dynamic-template TPL 20 authenticate aaa list default

event authentication-failure class ... 10 "apply http redirect" On authentication failure we an apply a layer 4 redirect service while keeping the session active. event authentication-no-response 10 authenticate aaa list failover-list If there was no response from radius, we can try a different radius-server list

event session-start do-all 10 activate dynamic-template TPL 20 authorize aaa list default mac-address password cisco

event session-start do-until-failure 10 authorize aaa list default mac-address password cisco 20 activate dynamic-template TPL

event authorization-failure do-all 10 disconnect

pool vrf default ipv4 POOL address-range 199.1.1.1 199.1.255.255

RP/0/RSP0/CPU0:A9K-BNG#show pool ipv4 Allocation Summary --------------------------------------------------Used: 1 Excl: 0 Free: 65278 Total: 65279 Utilization: 0% Pool VRF Used Excl Free Total ---------- ---------- ----- ----- ----- ---- POOL default 1 0 65278 65279

dynamic-template type ppp TPL ppp authentication chap ppp ipcp dns 1.2.3.4 1.2.3.3 ppp ipcp peer-address pool POOL ipv4 unnumbered Loopback1000

policy-map type control subscriber sub event session-start match-first class type control subscriber CLASS do-until-failure 10 activate dynamic-template TPL

[email protected] Password = "cisco" Service-Type = Framed-User, Framed-Protocol = PPP, Cisco-avpair = "ipv4:addr-pool=POOL",

Ascend-Assign-IP-Pool = POOL

Framed-Pool = POOL Alternatively, but uncontrolled is the use of the Framed-IP-Address magic number 255.255.255.254 which will instruct the NAS to do a "pool pick" from any pool available.

router static address-family ipv4 unicast 199.1.0.0/16 Null0

router ospf CORE redistribute static

dhcp ipv4 profile AutoSelectGiaddr proxy class MATCHALL match option 60 hex 68656C6C6F mask 0 helper-address vrf default 81.1.1.2 giaddr 10.1.1.254 ! class HardPhone1 match option 60 hex 4861726450686F6E6531 mask 0 helper-address vrf default 81.1.1.2 giaddr 10.1.1.254 ! class HardPhone2 match option 60 hex 4861726450686F6E6532 mask 0 helper-address vrf default 81.1.1.2 giaddr 172.28.15.254 ! relay information option relay information policy replace relay information option remote-id testme relay information option allow-untrusted ! interface Bundle-Ether100.2 proxy profile AutoSelectGiaddr

dynamic-template type ipsubscriber IPSUB ipv4 unnumbered Loopback12

RP/0/RSP0/CPU0:A9K-BNG#sh run int lo12 Fri Mar 16 10:52:33.265 EDT interface Loopback12 ipv4 address 172.28.15.254 255.255.255.0

dynamic-template type ppp ppp max-configure ppp max-failure ppp timeout retry ppp lcp delay ppp lcp renegotiation ignore ppp authentication { pap | chap | ms-chap } keepalives { disable | } ppp max-bad-auth ppp timeout authentication ppp ipcp peer-address pool ppp ipcp mask ppp ipcp { dns | wins } ppp ipcp renegotiation ignore ipv4 unnumbered

============================== Flow Control ============================== Limit 2000 In Flight 0 Dropped 0 Disconnected 1 Successful 9

RP/0/RSP0/CPU0:A9K-BNG(config)#pppoe in-flightwindow 2000

dynamic-template type service SERVICE_1 service-policy output testme ipv4 access-group lab-video ingress

nv satellite 100 •ß define satellite ID description my lovely satellite type asr9000v satellite 101 •ß define satellite description your lovely satellite type asr9000v interface TenGigE 0/2/0/2 nv satellite-fabric-link satellite 100 remote-ports GigabitEthernet 0/0/0-9

interface bundle-ethernet 10 nv satellite-fabric-link satellite 101 remote-ports GigabitEthernet 0/0/10-19

radius-server attribute list RETAILER_X_ATTR_LIST attribute ! aaa group server radius RETAILER_X_SG authorization reply { accept | reject } RETAILER_X_ATTR_LIST vrf RETAILER_X_VRF server-private 10.10.10.100 auth-port 1645 acct-port 1646 !

ipv4 unreachables disable

Cisco-avpair="ipv4-icmp-unreachable=1"

subscriber arp scale-mode-enable