Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] Delegated-IPv6-Prefix/Pool is not returned from RADIUS server

0

0

Article ID: KB31659 KB Last Updated: 21 Feb 2020Version: 2.0
Summary:

This article explains how to include Delegated-IPv6-Prefix in Radius Accounting using the knob, 'address-change-immediate-update'.

Symptoms:

In the example below, Delegated-IPv6-Prefix/Pool is not returned from the RADIUS server. So, the delegated-IPv6-Prefix is allocated in DHCP session's context and not PPPoE session's context. It can be observed from the 'show subscribers extensive' command that Delegated-IPv6-Prefix is not available in PPPoE session database (DB). Hence, there is no way for AUTHD to send Delegated Prefix in interim messages.

labroot@ERX-MX480-RE0# show access  
group-profile DNS_GROUP {
    ppp {
        primary-dns 4.4.4.4;
        secondary-dns 8.8.8.8;
    }
}
profile aaa-profile {
    accounting-order radius;
    authentication-order radius;
    radius {
        authentication-server 10.10.48.247;
        accounting-server 10.10.48.247;
    }
    session-options {
        client-idle-timeout 120;
    }
    radius-server {
        10.10.48.247 {
            port 1900;
            accounting-port 1901;
            secret “$ABC123"; ## SECRET-DATA
            retry 5;
            max-outstanding-requests 2000;
            source-address 10.10.35.202;
        }
    }
    accounting {
        order radius;
        accounting-stop-on-failure;
        immediate-update;
        update-interval 10;
        statistics volume-time;
    }
    service {
        accounting-order activation-protocol;
    }
}
address-assignment {
    neighbor-discovery-router-advertisement ipv6pool;
    pool delegated-pool {
        family inet6 {
            prefix 2001:1284:f01b::/48;
            range 2 prefix-length 64;
        }
    }
    pool ipv6pool {
        family inet6 {
            prefix 2001:1284:f005::/48;
            range p1 prefix-length 64;
        }
    }
}           
      

labroot@ERX-MX480-RE0> show subscribers              
Interface           IP Address/VLAN ID                      User Name                      LS:RI
demux0.3221225481    100                                                              default:default      
pp0.3221225482      10.55.177.164                        test@example.com            default:default      
*                   2001:1284:f005:3::/64
pp0.3221225482      2001:1284:f01b:3::/64                                             default:default


labroot@ERX-MX480-RE0> show subscribers extensive
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.3221225481
Interface type: Dynamic
Underlying Interface: xe-3/0/0
Dynamic Profile Name: DYN-DEMUX3
Dynamic Profile Version: 1
State: Active
Session ID: 10
PFE Flow ID: 15
VLAN Id: 100
Login Time: 2017-04-06 22:42:35 IST

Type: PPPoE
User Name: test@example.com
IP Address: 10.55.177.164
IP Netmask: 255.255.255.255
Primary DNS Address: 4.4.4.4
Secondary DNS Address: 8.8.8.8
IPV6 Primary DNS Address: 2001:1284:ff02:1::253    <<< IPv6 Prefix not available in PPPoE Session DB.
IPV6 Secondary DNS Address: 2001:1284:ff02::243
IPv6 User Prefix: 2001:1284:f005:3::/64
Logical System: default
Routing Instance: default
Interface: pp0.3221225482
Interface type: Dynamic
Underlying Interface: demux0.3221225481
Dynamic Profile Name: local-PPPoE
Dynamic Profile Version: 2
MAC Address: 28:f5:b4:16:00:00
Idle Timeout (seconds): 7200
Idle Timeout Ingress Only: FALSE
State: Active
Radius Accounting ID: 11
Session ID: 11
PFE Flow ID: 17
VLAN Id: 100
Login Time: 2017-04-06 22:42:35 IST
IPv6 Address Pool: ipv6pool
IPv6 Interface Address: 2001:1284:f005:3::1/64
IPv6 Framed Interface Id: 0:0:b00:0
IPv4 Input Filter Name: belf_40-pp0.3221225482-in
IPv4 Output Filter Name: belf_40-pp0.3221225482-out
IPv6 Input Filter Name: belf_40_v6-pp0.3221225482-in
IPv6 Output Filter Name: belf_40_v6-pp0.3221225482-out
Accounting interval: 600
Dynamic configuration:
  junos-input-filter: belf_40
  junos-input-ipv6-filter: belf_40_v6
  junos-ipv6-ndra-prefix: 2001:1284:f005:3::/64
  junos-output-filter: belf_40          
  junos-output-ipv6-filter: belf_40_v6

Type: DHCP
IPv6 Prefix: 2001:1284:f01b:3::/64
IPV6 Primary DNS Address: 2001:1284:ff02:1::253
IPV6 Secondary DNS Address: 2001:1284:ff02::243
Logical System: default
Routing Instance: default
Interface: pp0.3221225482
Interface type: Static
Underlying Interface: pp0.3221225482
MAC Address: 28:f5:b4:16:00:00
State: Active
Radius Accounting ID: 12
Session ID: 12
Underlying Session ID: 11
PFE Flow ID: 17
Login Time: 2017-04-06 22:42:36 IST
DHCP Options: len 52
00 08 00 02 00 00 00 01 00 0e 00 01 00 01 20 79 5c a7 28 f5
b4 16 00 00 00 06 00 08 00 02 00 07 00 17 00 18 00 19 00 0c
00 00 00 0a 00 04 9d 40 00 07 62 00
IPv6 Address Pool: ipv6pool
IPv6 Delegated Address Pool: delegated-pool

Apr  6 22:42:36.291909 radius-acct-interim: User-Name added: test@example.com
Apr  6 22:42:36.291920 radius-acct-interim: Acct-Status-Type added: 3
Apr  6 22:42:36.291932 radius-acct-interim: Acct-Session-Id added: 11
Apr  6 22:42:36.291949 radius-acct-interim: Event-Timestamp added: 2017-04-06 22:42:36
Apr  6 22:42:36.291961 radius-acct-interim: Acct-Input-Octets added: 152
Apr  6 22:42:36.291972 radius-acct-interim: Acct-Output-Octets added: 232
Apr  6 22:42:36.291983 radius-acct-interim: Acct-Session-Time added: 0
Apr  6 22:42:36.291993 radius-acct-interim: Acct-Input-Packets added: 2
Apr  6 22:42:36.292004 radius-acct-interim: Acct-Output-Packets added: 4
Apr  6 22:42:36.292019 radius-acct-interim: Acct-Delay-Time added: 0
Apr  6 22:42:36.292035 radius-acct-interim: Service-Type added: 2
Apr  6 22:42:36.292050 radius-acct-interim: Framed-Protocol added: 1
Apr  6 22:42:36.292075 storeFilterNameList for subscriber session-id:11 size = 4
Apr  6 22:42:36.292089 radius-acct-interim: Filter-Id added: IPV4-ingress:belf_40-pp0.3221225482-in
Apr  6 22:42:36.292100 radius-acct-interim: Filter-Id added: IPV4-egress:belf_40-pp0.3221225482-out
Apr  6 22:42:36.292110 radius-acct-interim: Filter-Id added: IPV6-ingress:belf_40_v6-pp0.3221225482-in
Apr  6 22:42:36.292120 radius-acct-interim: Filter-Id added: IPV6-egress:belf_40_v6-pp0.3221225482-out
Apr  6 22:42:36.292131 clearFilterNameList for subscriber session-id:11
Apr  6 22:42:36.292148 radius-acct-interim: Cos-Shaping-Rate (Juniper-ERX-VSA) added: Port speed: 10000000k
Apr  6 22:42:36.292177 radius-acct-interim: Framed-IPv6-Prefix added: 2001:1284:f005:3::/64
Apr  6 22:42:36.292193 radius-acct-interim: Framed-IPv6-Pool added: ipv6pool
Apr  6 22:42:36.292211 radius-acct-interim: Framed-Interface-Id added: 00 00 00 00 0b 00 00
Apr  6 22:42:36.292226 radius-acct-interim: Acct-Authentic added: 1
Apr  6 22:42:36.292245 radius-acct-interim: DHCP-MAC-Address (Juniper-ERX-VSA) added: 28f5.b416.0000
Apr  6 22:42:36.292257 radius-acct-interim: Egress-Policy-Name (Juniper-ERX-VSA) added: belf_40
Apr  6 22:42:36.292273 radius-acct-interim: Framed-IP-Address added: 177.220.177.164
Apr  6 22:42:36.292289 radius-acct-interim: Framed-IP-Netmask added: 255.255.255.255
Apr  6 22:42:36.292301 radius-acct-interim: Ingress-Policy-Name (Juniper-ERX-VSA) added: belf_40
Apr  6 22:42:36.292313 radius-acct-interim: Input-Gigapackets (Juniper-ERX-VSA) added: 0
Apr  6 22:42:36.292330 radius-acct-interim: Acct-Input-Gigawords added: 0
Apr  6 22:42:36.292343 radius-acct-interim: NAS-Identifier added: ERX-MX480-RE0
Apr  6 22:42:36.292358 radius-acct-interim: NAS-Port added: 30 00 00 64
Apr  6 22:42:36.292369 radius-acct-interim: NAS-Port-Id added: xe-3/0/0.demux0.3221225481:100
Apr  6 22:42:36.292382 radius-acct-interim: NAS-Port-Type added: 15
Apr  6 22:42:36.292394 radius-acct-interim: Output-Gigapackets (Juniper-ERX-VSA) added: 0
Apr  6 22:42:36.292405 radius-acct-interim: Acct-Output-Gigawords added: 0
Apr  6 22:42:36.292416 radius-acct-interim: IPv6-Ingress-Policy-Name (Juniper-ERX-VSA) added: belf_40_v6
Apr  6 22:42:36.292428 radius-acct-interim: IPv6-Egress-Policy-Name (Juniper-ERX-VSA) added: belf_40_v6
Apr  6 22:42:36.292440 radius-acct-interim: IPv6-Acct-Input-Octets (Juniper-ERX-VSA) added: 152
Apr  6 22:42:36.292452 radius-acct-interim: IPv6-Acct-Output-Octets (Juniper-ERX-VSA) added: 0
Apr  6 22:42:36.292463 radius-acct-interim: IPv6-Acct-Input-Packets (Juniper-ERX-VSA) added: 2
Apr  6 22:42:36.292474 radius-acct-interim: IPv6-Acct-Output-Packets (Juniper-ERX-VSA) added: 0
Apr  6 22:42:36.292485 radius-acct-interim: IPv6-Acct-Input-Gigawords (Juniper-ERX-VSA) added: 0
Apr  6 22:42:36.292497 radius-acct-interim: IPv6-Acct-Output-Gigawords (Juniper-ERX-VSA) added: 0
Apr  6 22:42:36.292513 radius-acct-interim: Virtual-Router (Juniper-ERX-VSA) added: default:default
Apr  6 22:42:36.292532 radius-acct-interim: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 28:f5:b4:16:00:00


 
Solution:
Configure 'address-change-immediate-update' in accounting stanza. With this, DHCP copies delegated prefix from DHCP SDB to PPPoE SDB and requests for immediate-update on PPPoE session. Hence, delegated prefix will be included in interim messages.

labroot@ERX-MX480-RE0# show access   
group-profile DNS_GROUP {
    ppp {
        primary-dns 4.4.4.4;
        secondary-dns 8.8.8.8;
    }
}
profile aaa-profile {
    accounting-order radius;
    authentication-order radius;
    radius {
        authentication-server 10.10.48.247;
        accounting-server 10.10.48.247;
    }
    session-options {
        client-idle-timeout 120;
    }
    radius-server {
        10.10.48.247 {
            port 1900;
            accounting-port 1901;
            secret “$ABC123"; ## SECRET-DATA
            retry 5;
            max-outstanding-requests 2000;
            source-address 10.10.35.202;
        }
    }
    accounting {
        order radius;
        accounting-stop-on-failure;
        immediate-update;
        address-change-immediate-update;
        update-interval 10;
        statistics volume-time;
    }
    service {
        accounting-order activation-protocol;
    }
}
address-assignment {
    neighbor-discovery-router-advertisement ipv6pool;
    pool delegated-pool {
        family inet6 {
            prefix 2001:1284:f01b::/48;
            range 2 prefix-length 64;
        }
    }
    pool ipv6pool {
        family inet6 {
            prefix 2001:1284:f005::/48;
            range p1 prefix-length 64;
        }
    }
}

labroot@ERX-MX480-RE0# run show subscribers extensive
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.3221225487
Interface type: Dynamic
Underlying Interface: xe-3/0/0
Dynamic Profile Name: DYN-DEMUX3
Dynamic Profile Version: 1
State: Active
Session ID: 47
PFE Flow ID: 26
VLAN Id: 100
Login Time: 2017-04-11 17:01:24 IST

Type: PPPoE
User Name: test@example.com
IP Address: 10.55.177.164
IP Netmask: 255.255.255.255
Primary DNS Address: 4.4.4.4
Secondary DNS Address: 8.8.8.8
IPv6 Prefix: 2001:1284:f01b:1::/64  <<< Delegated-IPv6-Prefix copied to PPPoE Session DB
IPV6 Primary DNS Address: 2001:1284:ff02:1::253
IPV6 Secondary DNS Address: 2001:1284:ff02::243
IPv6 User Prefix: 2001:1284:f005:1::/64
Logical System: default
Routing Instance: default
Interface: pp0.3221225488
Interface type: Dynamic
Underlying Interface: demux0.3221225487
Dynamic Profile Name: local-PPPoE
Dynamic Profile Version: 1
MAC Address: 5e:32:87:ed:00:00
Idle Timeout (seconds): 7200
Idle Timeout Ingress Only: FALSE
State: Active
Radius Accounting ID: 48
Session ID: 48
PFE Flow ID: 27
VLAN Id: 100
Login Time: 2017-04-11 17:01:24 IST
IPv6 Address Pool: ipv6pool
IPv6 Interface Address: 2001:1284:f005:1::1/64
IPv6 Framed Interface Id: 0:0:3000:0
IPv4 Input Filter Name: belf_40-pp0.3221225488-in
IPv4 Output Filter Name: belf_40-pp0.3221225488-out
IPv6 Input Filter Name: belf_40_v6-pp0.3221225488-in
IPv6 Output Filter Name: belf_40_v6-pp0.3221225488-out
Accounting interval: 600
Dynamic configuration:
  junos-input-filter: belf_40
  junos-input-ipv6-filter: belf_40_v6
  junos-ipv6-ndra-prefix: 2001:1284:f005:1::/64
  junos-output-filter: belf_40
  junos-output-ipv6-filter: belf_40_v6

Type: DHCP
IPv6 Prefix: 2001:1284:f01b:1::/64
IPV6 Primary DNS Address: 2001:1284:ff02:1::253
IPV6 Secondary DNS Address: 2001:1284:ff02::243
Logical System: default
Routing Instance: default
Interface: pp0.3221225488
Interface type: Static
Underlying Interface: pp0.3221225488
MAC Address: 5e:32:87:ed:00:00          
State: Active
Radius Accounting ID: 49
Session ID: 49
Underlying Session ID: 48
PFE Flow ID: 27
Login Time: 2017-04-11 17:01:24 IST
DHCP Options: len 52
00 08 00 02 00 00 00 01 00 0e 00 01 00 01 20 7f a2 f2 5e 32
87 ed 00 00 00 06 00 08 00 02 00 07 00 17 00 18 00 19 00 0c
00 00 00 0a 00 04 9d 40 00 07 62 00
IPv6 Address Pool: ipv6pool
IPv6 Delegated Address Pool: delegated-pool

Apr 11 17:21:01.177676  ======= Accounting Volume INTERIM triggered ==============
Apr 11 17:21:01.177706 Have session start time for session-id:48
Apr 11 17:21:01.177719 Interim stats call back 48
Apr 11 17:21:01.177745 AccFsm::current state=Acc-Interim-Sent(2) event=5 session-id:48
Apr 11 17:21:01.177758 ACC-FSM:sendAccInterim_a4 for session-id:48
Apr 11 17:21:01.177769 sendAuthModuleAcctReports
Apr 11 17:21:01.177780 Authd module Accounting
Apr 11 17:21:01.177797 Authd acctg module start
Apr 11 17:21:01.177808 authd_radius_send_acctg_msg: Starting RADIUS accounting session-id:48
Apr 11 17:21:01.177819 authd_radius_send_acctg_msg: session-id:48 profile=aaa-profile username=test@example.com acctg_id=(48), ls=default, lr=default
Apr 11 17:21:01.177838 radius-acct-interim: User-Name added: test@example.com
Apr 11 17:21:01.177851 radius-acct-interim: Acct-Status-Type added: 3
Apr 11 17:21:01.177867 radius-acct-interim: Acct-Session-Id added: 48
Apr 11 17:21:01.177888 radius-acct-interim: Event-Timestamp added: 2017-04-11 17:21:01
Apr 11 17:21:01.177901 radius-acct-interim: Acct-Input-Octets added: 1360
Apr 11 17:21:01.177913 radius-acct-interim: Acct-Output-Octets added: 122
Apr 11 17:21:01.177924 radius-acct-interim: Acct-Session-Time added: 1176
Apr 11 17:21:01.177936 radius-acct-interim: Acct-Input-Packets added: 40
Apr 11 17:21:01.177948 radius-acct-interim: Acct-Output-Packets added: 40
Apr 11 17:21:01.177961 dup_type: 0 effective profile aaa-profile
Apr 11 17:21:01.177977 radius-acct-interim: Acct-Delay-Time added: 0
Apr 11 17:21:01.177996 radius-acct-interim: Service-Type added: 2
Apr 11 17:21:01.178012 radius-acct-interim: Framed-Protocol added: 1
Apr 11 17:21:01.178047 radius-acct-interim: Filter-Id added: IPV4-ingress:belf_40-pp0.3221225488-in
Apr 11 17:21:01.178062 radius-acct-interim: Filter-Id added: IPV4-egress:belf_40-pp0.3221225488-out
Apr 11 17:21:01.178076 radius-acct-interim: Filter-Id added: IPV6-ingress:belf_40_v6-pp0.3221225488-in
Apr 11 17:21:01.178091 radius-acct-interim: Filter-Id added: IPV6-egress:belf_40_v6-pp0.3221225488-out
Apr 11 17:21:01.178113 radius-acct-interim: Cos-Shaping-Rate (Juniper-ERX-VSA) added: Port speed: 10000000k
Apr 11 17:21:01.178144 radius-acct-interim: Framed-IPv6-Prefix added: 2001:1284:f005:1::/64
Apr 11 17:21:01.178168 radius-acct-interim: Delegated-IPv6-Prefix added: 2001:1284:f01b:1::/64 
Apr 11 17:21:01.178183 radius-acct-interim: Framed-IPv6-Pool added: ipv6pool
Apr 11 17:21:01.178202 radius-acct-interim: Framed-Interface-Id added: 00 00 00 00 30 00 00
Apr 11 17:21:01.178218 radius-acct-interim: Acct-Authentic added: 1
Apr 11 17:21:01.178238 radius-acct-interim: DHCP-MAC-Address (Juniper-ERX-VSA) added: 5e32.87ed.0000
Apr 11 17:21:01.178253 radius-acct-interim: Egress-Policy-Name (Juniper-ERX-VSA) added: belf_40
Apr 11 17:21:01.178270 radius-acct-interim: Framed-IP-Address added: 10.55.177.164
Apr 11 17:21:01.178286 radius-acct-interim: Framed-IP-Netmask added: 255.255.255.255
Apr 11 17:21:01.178299 radius-acct-interim: Ingress-Policy-Name (Juniper-ERX-VSA) added: belf_40
Apr 11 17:21:01.178313 radius-acct-interim: Input-Gigapackets (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178326 radius-acct-interim: Acct-Input-Gigawords added: 0
Apr 11 17:21:01.178340 radius-acct-interim: NAS-Identifier added: ERX-MX480-II-RE0
Apr 11 17:21:01.178355 radius-acct-interim: NAS-Port added: 30 00 00 64
Apr 11 17:21:01.178368 radius-acct-interim: NAS-Port-Id added: xe-3/0/0.demux0.3221225487:100
Apr 11 17:21:01.178382 radius-acct-interim: NAS-Port-Type added: 15
Apr 11 17:21:01.178397 radius-acct-interim: Output-Gigapackets (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178410 radius-acct-interim: Acct-Output-Gigawords added: 0
Apr 11 17:21:01.178421 radius-acct-interim: IPv6-Ingress-Policy-Name (Juniper-ERX-VSA) added: belf_40_v6
Apr 11 17:21:01.178434 radius-acct-interim: IPv6-Egress-Policy-Name (Juniper-ERX-VSA) added: belf_40_v6
Apr 11 17:21:01.178447 radius-acct-interim: IPv6-Acct-Input-Octets (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178460 radius-acct-interim: IPv6-Acct-Output-Octets (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178472 radius-acct-interim: IPv6-Acct-Input-Packets (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178484 radius-acct-interim: IPv6-Acct-Output-Packets (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178497 radius-acct-interim: IPv6-Acct-Input-Gigawords (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178509 radius-acct-interim: IPv6-Acct-Output-Gigawords (Juniper-ERX-VSA) added: 0
Apr 11 17:21:01.178530 radius-acct-interim: Virtual-Router (Juniper-ERX-VSA) added: default:default
Apr 11 17:21:01.178550 radius-acct-interim: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 5e:32:87:ed:00:00
Apr 11 17:21:01.178578 authd_create_application_specific_radius_server: Evaluating RADIUS server 10.10.48.247 to add to the server list
Apr 11 17:21:01.178591 Evaluating RADIUS server 10.10.48.247 to add to the server list
Apr 11 17:21:01.178603 Verify source address adb23ca in routing instance index=0
Apr 11 17:21:01.178641 authd_radius_server_add: server 10.10.48.247 retry 5, timeout 3
Apr 11 17:21:01.178704 Request queued successfully
Apr 11 17:21:01.178725 accFsmExecute::new state=Acc-Interim-Sent(2)

 
Modification History:

2020-02-21: Changed IP addresses and encrypted password to “$ABC123".

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search