vBNG on XRv 9000

2022-05-27 | No comments

最近抽空在EVE上配置测试了下Cisco BNG,把IPoE和PPPoE的功能验证下,记录下来,后续如果遇到排查BNG故障的问题可以借助模拟器验证一些命令和配置之类的。

实验准备

  •  XRv9K: xrv9k-fullk9-x-6.6.3
    • vBNG好像不支持在xrv的镜像上运行,不支持RP base的session,所以这里用XRv9K这个镜像。
  •  CSR 1000v: csr1000vng-universalk9.17.03.02-serial
    • CRS 1000v 用来当DHCP server/DHCP Client/PPPoE Client, 版本没什么特殊的要求。
  •  Freeradius
    • 这里我桥接一个网卡到我的一个linux主机上,上面用docker起了一个freeradius。有关Freeradius相关的配置过程可以参考我的另一篇文章,Configure ASR9K AAA with Freeradius

实验拓扑

https://rory-1251435693.cos.ap-beijing.myqcloud.com/img/image-20220527223117714.png

Radius Server 相关配置

vBNG配置

hostname vBNG
radius-server host 10.70.79.197 auth-port 1812 acct-port 1813
 key cisco
aaa group server radius xuxing
 server 10.70.79.197 auth-port 1812 acct-port 1813
 source-interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/2
 ipv4 address 10.70.79.136 255.255.255.128
!
aaa authentication subscriber default group xuxing
!

Freeradius

[root@server1 freeradius]# cat authorize   ### 定义pppoe 认证用户名和密码
xuxing Cleartext-Password := "xuxing"
       Service-Type = Framed-User,
       Framed-Protocol = PPP
[root@server1 freeradius]# 
[root@server1 freeradius]# 
[root@server1 freeradius]# cat clients.conf    ### 定义路由器key
client 10.70.79.136 {
    ipv4addr = 10.70.79.136/32
    secret = cisco
    nastype = cisco
    shortname = vBNG
}

PPPoE

PPPoE Client配置

Router#show run int gigabitEthernet 1
Building configuration...

Current configuration : 157 bytes
!
interface GigabitEthernet1
 no ip address
 negotiation auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no mop enabled
 no mop sysid
end

Router#
Router#show run int Dialer 0
Building configuration...

Current configuration : 266 bytes
!
interface Dialer0
 mtu 1492
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 ppp mtu adaptive
 ppp authentication chap pap callin
 ppp chap hostname xuxing
 ppp chap password 0 xuxing
 ppp ipcp route default
end

Router#

vBNG配置

pool vrf default ipv4 PPP
 address-range 20.10.79.1 20.10.79.253
!
interface Loopback0
 ipv4 address 20.10.79.254 255.255.255.255
!
interface GigabitEthernet0/0/0/1.200
 service-policy type control subscriber POL_PPP
 pppoe enable
 encapsulation dot1q 200
!
dynamic-template
 type ppp PPPoE
  ppp authentication chap pap
  ppp ipcp dns 117.75.20.238 117.75.20.254
  ppp ipcp mask 255.255.255.255
  ppp ipcp peer-address pool PPP
  ipv4 unnumbered Loopback0
 !
 class-map type control subscriber match-any PPP
 match protocol ppp 
 end-class-map
! 
policy-map type control subscriber POL_PPP
 event session-start match-first
  class type control subscriber PPP do-until-failure
   10 activate dynamic-template PPPoE
  ! 
 ! 
 event session-activate match-first
  class type control subscriber PPP do-until-failure
   10 authenticate aaa list default
  ! 
 ! 
 end-policy-map
!

PPPoE会话验证

RP/0/RP0/CPU0:vBNG#show subscriber session filter username xuxing detail 
Fri May 27 14:43:27.242 UTC
Interface:                GigabitEthernet0/0/0/1.200.pppoe62   <<<<
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     PPPoE:PTA
IPv4 State:               Up, Fri May 27 08:47:35 2022
IPv4 Address:             20.10.79.3, VRF: default
Mac Address:              5000.0007.0000
Account-Session Id:       0400005a
Nas-Port:                 Unknown
User name:                xuxing
Formatted User name:      unknown
Client User name:         unknown
Outer VLAN ID:            200
Subscriber Label:         0x04000018
Created:                  Fri May 27 08:47:31 2022
State:                    Activated, Fri May 27 08:47:35 2022

Authentication:           authenticated
Authorization:            unauthorized
Access-interface:         GigabitEthernet0/0/0/1.200
Policy Executed: 
policy-map type control subscriber POL_PPP
  event Session-Start match-first [at Fri May 27 08:47:31 2022]
    class type control subscriber PPP do-until-failure [Succeeded]
      10 activate dynamic-template PPPoE [Succeeded]
  event Session-Activate match-first [at Fri May 27 08:47:34 2022]
    class type control subscriber PPP do-until-failure [Succeeded]
      10 authenticate aaa list default [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable
[Last IPv6 down]
Disconnect Reason:

IPoE-DHCP proxy

DHCP Server

interface GigabitEthernet1
 ip address 10.100.100.1 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid
!
ip dhcp excluded-address 10.10.79.254
!
ip dhcp pool ipoe
 network 10.10.79.0 255.255.255.0
 default-router 10.10.79.254 
 dns-server 8.8.8.8 
!
!
!
ip route 10.10.79.0 255.255.255.0 10.100.100.2
!

IPoE Client

interface GigabitEthernet1
 ip address dhcp    <<<<<
 negotiation auto
 no mop enabled
 no mop sysid
!

vBNG配置

dhcp ipv4
 profile IPSUB proxy
  helper-address vrf default 10.100.100.1 giaddr 0.0.0.0
 !
 interface GigabitEthernet0/0/0/1.100 proxy profile IPSUB
!
interface Loopback1
 ipv4 address 10.10.79.254 255.255.255.255
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.100.100.2 255.255.255.0
!
interface GigabitEthernet0/0/0/1.100
 ipv4 point-to-point
 ipv4 unnumbered Loopback1
 service-policy type control subscriber POL_IPSUB
 encapsulation dot1q 100
 ipsubscriber ipv4 l2-connected
  initiator dhcp
 !
!
dynamic-template
 type ipsubscriber IPSUB
  ipv4 unnumbered Loopback1
 !
!
class-map type control subscriber match-any CLASS_IPSUB
 match protocol dhcpv4 
 end-class-map
! 
policy-map type control subscriber POL_IPSUB
 event session-start match-first
  class type control subscriber CLASS_IPSUB do-until-failure
   1 activate dynamic-template IPSUB
  ! 
 ! 
 end-policy-map
! 
end

IPoE会话验证

RP/0/RP0/CPU0:vBNG#show dhcp ipv4 proxy binding 
Fri May 27 14:50:43.652 UTC

                                           Lease                                                
 MAC Address      IP Address      State    Remaining       Interface          VRF      Sublabel 
--------------  --------------  ---------  ---------  -------------------  ---------  ----------
5000.0003.0000  10.10.79.2      BOUND      86373      Gi0/0/0/1.100        default    0x4000083 

RP/0/RP0/CPU0:vBNG#
RP/0/RP0/CPU0:vBNG#show subscriber session  all brief  location 0/0/CPU0 
Fri May 27 14:51:11.430 UTC
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End

Type         Interface               State    MAC-Address     SubLabel     CreateTime                 Subscriber IP Addr / Prefix    
                                                                                                      LNS Address (Vrf)    
-----------------------------------------------------------------------------------------------------------------------------------
PPPoE:PTA   Gi0/0/0/1.200.pppoe62     AC      5000.0007.0000    4000018    Fri May 27 08:47:31 2022       20.10.79.3 (default)
IP:DHCP     Gi0/0/0/1.100.ip1         AC      5000.0003.0000    4000083    Fri May 27 14:50:16 2022       10.10.79.2 (default)

!!Switch配置备份

interface GigabitEthernet0/0
 switchport trunk allowed vlan 100,200
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 100
 switchport mode access
 media-type rj45
 negotiation auto
!
           

No comments

Comments feed for this article

Reply

Your email address will not be published. Required fields are marked *