A while ago I described the pre-standard way Cisco IOS used to get delegated IPv6 prefixes from a RADIUS server. Cisco’s documentation always claimed that Cisco IOS implements RFC 4818, but you simply couldn’t get it to work in IOS releases 12.4T or 15.0M. In December I wrote about the progress Cisco is making on the DHCPv6 front and email@example.com commented that IOS 15.1S does support RFC 4818. You know I absolutely had to test that claim ... and it’s true!
This is the configuration you can use on the PE-router:
aaa authorization configuration IA_PD group radius ! ipv6 dhcp pool PPP-Radius prefix-delegation aaa method-list IA_PD lifetime 7200 300 dns-server FEC0::CCCC:4 domain-name example.com ! interface Virtual-Template10 mtu 1480 no ip address ipv6 enable ipv6 nd other-config-flag no ipv6 nd ra suppress ipv6 dhcp server PPP-Radius
And this is the FreeRADIUS user definition:
Site-A Cleartext-Password := "Site-A" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IPv6-Prefix = "fec0:1:2400:1::/64", Delegated-IPv6-Prefix = "fec0:1:2400:1100::/56"
Cisco IOS release 15.1(3)S that I used in the tests also supports a fallback mechanism:
- The value of the Delegated-IPv6-Prefix from the RADIUS reply is saved in a per-interface DHCPv6 block;
- When the PPPoE client uses DHCPv6 to get a delegated prefix, PE-router checks the pre-populated DHCPv6 reply associated with the incoming interface. If the delegated prefix is already in there, it returns the reply without querying the RADIUS server;
- If the delegated IPv6 prefix is not yet available, the PE-router uses the pre-standard method and sends another RADIUS request for the user-dhcpv6 username.
According to Cisco’s documentation, you get the same functionality (RFC 4818 support) in IOS XE release 3S.
You’ll get more IPv6 access network design and configuration guidelines in my new Building Large IPv6 Access Networks webinar (you also get immediate access to the recording of the Building IPv6 Service Provider Core webinar when you register).