vBNG on XRv 9000

最近抽空在 EVE 上配置测试了下 Cisco BNG，把 IPoE 和 PPPoE 的功能验证下，记录下来，后续如果遇到排查 BNG 故障的问题可以借助模拟器验证一些命令和配置之类的。

实验准备

#

• XRv9K: xrv9k-fullk9-x-6.6.3
  • vBNG 好像不支持在 xrv 的镜像上运行，不支持 RP base 的 session,所以这里用 XRv9K 这个镜像。
• CSR 1000v: csr1000vng-universalk9.17.03.02-serial
  • CRS 1000v 用来当 DHCP server/DHCP Client/PPPoE Client, 版本没什么特殊的要求。
• Freeradius
  • 这里我桥接一个网卡到我的一个 linux 主机上，上面用 docker 起了一个 freeradius。有关 Freeradius 相关的配置过程可以参考我的另一篇文章，Configure ASR9K AAA with Freeradius

实验拓扑

#

Radius Server 相关配置

#

vBNG 配置

#

hostname vBNG
radius-server host 10.70.79.197 auth-port 1812 acct-port 1813
 key cisco
aaa group server radius xuxing
 server 10.70.79.197 auth-port 1812 acct-port 1813
 source-interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/2
 ipv4 address 10.70.79.136 255.255.255.128
!
aaa authentication subscriber default group xuxing
!

Freeradius

#

[root@server1 freeradius]# cat authorize   ### 定义pppoe 认证用户名和密码
xuxing Cleartext-Password := "xuxing"
       Service-Type = Framed-User,
       Framed-Protocol = PPP
[root@server1 freeradius]#
[root@server1 freeradius]#
[root@server1 freeradius]# cat clients.conf    ### 定义路由器key
client 10.70.79.136 {
    ipv4addr = 10.70.79.136/32
    secret = cisco
    nastype = cisco
    shortname = vBNG
}

PPPoE

#

PPPoE Client 配置

#

Router#show run int gigabitEthernet 1
Building configuration...

Current configuration : 157 bytes
!
interface GigabitEthernet1
 no ip address
 negotiation auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no mop enabled
 no mop sysid
end

Router#
Router#show run int Dialer 0
Building configuration...

Current configuration : 266 bytes
!
interface Dialer0
 mtu 1492
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 ppp mtu adaptive
 ppp authentication chap pap callin
 ppp chap hostname xuxing
 ppp chap password 0 xuxing
 ppp ipcp route default
end

Router#

vBNG 配置

#

pool vrf default ipv4 PPP
 address-range 20.10.79.1 20.10.79.253
!
interface Loopback0
 ipv4 address 20.10.79.254 255.255.255.255
!
interface GigabitEthernet0/0/0/1.200
 service-policy type control subscriber POL_PPP
 pppoe enable
 encapsulation dot1q 200
!
dynamic-template
 type ppp PPPoE
  ppp authentication chap pap
  ppp ipcp dns 117.75.20.238 117.75.20.254
  ppp ipcp mask 255.255.255.255
  ppp ipcp peer-address pool PPP
  ipv4 unnumbered Loopback0
 !
 class-map type control subscriber match-any PPP
 match protocol ppp
 end-class-map
!
policy-map type control subscriber POL_PPP
 event session-start match-first
  class type control subscriber PPP do-until-failure
   10 activate dynamic-template PPPoE
  !
 !
 event session-activate match-first
  class type control subscriber PPP do-until-failure
   10 authenticate aaa list default
  !
 !
 end-policy-map
!

PPPoE 会话验证

#

RP/0/RP0/CPU0:vBNG#show subscriber session filter username xuxing detail
Fri May 27 14:43:27.242 UTC
Interface:                GigabitEthernet0/0/0/1.200.pppoe62   <<<<
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     PPPoE:PTA
IPv4 State:               Up, Fri May 27 08:47:35 2022
IPv4 Address:             20.10.79.3, VRF: default
Mac Address:              5000.0007.0000
Account-Session Id:       0400005a
Nas-Port:                 Unknown
User name:                xuxing
Formatted User name:      unknown
Client User name:         unknown
Outer VLAN ID:            200
Subscriber Label:         0x04000018
Created:                  Fri May 27 08:47:31 2022
State:                    Activated, Fri May 27 08:47:35 2022

Authentication:           authenticated
Authorization:            unauthorized
Access-interface:         GigabitEthernet0/0/0/1.200
Policy Executed:
policy-map type control subscriber POL_PPP
  event Session-Start match-first [at Fri May 27 08:47:31 2022]
    class type control subscriber PPP do-until-failure [Succeeded]
      10 activate dynamic-template PPPoE [Succeeded]
  event Session-Activate match-first [at Fri May 27 08:47:34 2022]
    class type control subscriber PPP do-until-failure [Succeeded]
      10 authenticate aaa list default [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable
[Last IPv6 down]
Disconnect Reason:

IPoE-DHCP proxy

#

DHCP Server

#

interface GigabitEthernet1
 ip address 10.100.100.1 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid
!
ip dhcp excluded-address 10.10.79.254
!
ip dhcp pool ipoe
 network 10.10.79.0 255.255.255.0
 default-router 10.10.79.254
 dns-server 8.8.8.8
!
!
!
ip route 10.10.79.0 255.255.255.0 10.100.100.2
!

IPoE Client

#

interface GigabitEthernet1
 ip address dhcp    <<<<<
 negotiation auto
 no mop enabled
 no mop sysid
!

vBNG 配置

#

dhcp ipv4
 profile IPSUB proxy
  helper-address vrf default 10.100.100.1 giaddr 0.0.0.0
 !
 interface GigabitEthernet0/0/0/1.100 proxy profile IPSUB
!
interface Loopback1
 ipv4 address 10.10.79.254 255.255.255.255
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.100.100.2 255.255.255.0
!
interface GigabitEthernet0/0/0/1.100
 ipv4 point-to-point
 ipv4 unnumbered Loopback1
 service-policy type control subscriber POL_IPSUB
 encapsulation dot1q 100
 ipsubscriber ipv4 l2-connected
  initiator dhcp
 !
!
dynamic-template
 type ipsubscriber IPSUB
  ipv4 unnumbered Loopback1
 !
!
class-map type control subscriber match-any CLASS_IPSUB
 match protocol dhcpv4
 end-class-map
!
policy-map type control subscriber POL_IPSUB
 event session-start match-first
  class type control subscriber CLASS_IPSUB do-until-failure
   1 activate dynamic-template IPSUB
  !
 !
 end-policy-map
!
end

IPoE 会话验证

#

RP/0/RP0/CPU0:vBNG#show dhcp ipv4 proxy binding
Fri May 27 14:50:43.652 UTC

                                           Lease
 MAC Address      IP Address      State    Remaining       Interface          VRF      Sublabel
-------------- -------------- --------- --------- ------------------- --------- ----------
5000.0003.0000  10.10.79.2      BOUND      86373      Gi0/0/0/1.100        default    0x4000083

RP/0/RP0/CPU0:vBNG#
RP/0/RP0/CPU0:vBNG#show subscriber session  all brief  location 0/0/CPU0
Fri May 27 14:51:11.430 UTC
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End

Type         Interface               State    MAC-Address     SubLabel     CreateTime                 Subscriber IP Addr / Prefix
                                                                                                      LNS Address (Vrf)
-----------------------------------------------------------------------------------------------------------------------------------
PPPoE:PTA   Gi0/0/0/1.200.pppoe62     AC      5000.0007.0000    4000018    Fri May 27 08:47:31 2022       20.10.79.3 (default)
IP:DHCP     Gi0/0/0/1.100.ip1         AC      5000.0003.0000    4000083    Fri May 27 14:50:16 2022       10.10.79.2 (default)

Switch 配置备份

#

interface GigabitEthernet0/0
 switchport trunk allowed vlan 100,200
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 100
 switchport mode access
 media-type rj45
 negotiation auto
!