Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Sending RADIUS Attributes to DHCP Subscribers Overview

    The Dynamic Host Configuration Protocol (DHCP) or Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server sends the following attributes returned by the RADIUS server to the DHCP or DHCPv6 subscribers on request:

    • DS-Lite-Tunnel-Name — Offers both IPv4 and IPv6 connectivity to customers which are addressed only with an IPv6 prefix. This attribute specifies the fully qualified domain name (FQDN) of the Address Family Transition Router (AFTR) name to which the DHCPv6 client can establish an IPv4-over-IPv6 tunnel (IPv4-over-IPv6 tunnel is commonly referred to as Softwire).
    • PCP-Server-Name — This attribute specifies the PCP server’s FQDN to the DHCP Client in order to perform Port Control Protocol (PCP) functions.

    Note:

    • The DS-Lite-Tunnel-Name and PCP-Server-Name attributes are not supported when DHCP is configured in Equal-Access and Standalone mode.
    • The DS-Lite-Tunnel-Name and PCP-Server-Name attributes returned by RADIUS must completely match FQDN specifications. The domain name must be expressed in a sequence of labels and the maximum length of a label is 63.

    Dual-Stack Lite Tunnel Name Configuration with RADIUS and DHCPv6

    The RADIUS protocol and DHCPv6 work together to return the Dual-Stack (DS)-Lite-Tunnel-Name attribute to the DHCPv6 subscribers. In this implementation, the Network Access Server (NAS) acts as a DHCPv6 server for the DHCPv6 client and a client for the RADIUS server. The following steps are performed during DHCPv6 subscriber login in authenticate mode:

    • The NAS initially sends a RADIUS Access-Request message to the RADIUS server after receiving one of the following messages:
      • A DHCPv6 Solicit message from the DHCPv6 client, when an IPv6 session is used to provide connectivity to the user
      • A PPP LCP Config Request message from the DHCPv6 client, when a PPP or PPPv6 session is used to provide connectivity to the user
    • The RADIUS server receives the Access-Request message, validates the NAS, and replies with an Access-Accept message if the request is approved. The Access-Accept message contains the DS-Lite-Tunnel-Name RADIUS attribute.
    • The NAS uses the AFTR tunnel name returned in the DS-Lite-Tunnel-Name RADIUS attribute to populate the DHCPv6 OPTION_AFTR_NAME option in the DHCPv6 Advertise and DHCPv6 Reply messages.

      Note: The NAS returns the AFTR tunnel name only if the DHCPv6 client has explicitly included the OPTION_AFTR_NAME option in its OPTION_ORO option.

    After receiving the DS-Lite-Tunnel-Name attribute in the initial Access-Accept message, the NAS stores the received AFTR tunnel name locally. When the DHCPv6 client sends a DHCPv6 Renew message to request an extension of the lifetimes for the assigned prefix, the NAS does not initiate a new Access-Request message. The NAS retrieves the stored AFTR tunnel name and uses it in its DHCPv6 Reply message.

    Note: The NAS sends a new Access-Request message when the DHCPv6 client initiates a Rebind/Reply message exchange with the NAS.

    PCP Server Name Configuration with RADIUS and DHCP or DHCPv6

    The RADIUS protocol and DHCP or DHCPv6 work together to return the PCP-Server-Name attribute to the DHCP or DHCPv6 subscribers. In this implementation, the NAS acts as a DHCP or DHCPv6 server for the DHCP or DHCPv6 client and the client for the RADIUS server. The following steps are performed during DHCP or DHCPv6 subscriber login in authenticate mode:

    • The NAS initially sends a RADIUS Access-Request message to the RADIUS server after receiving one of the following messages:
      • A DHCPv6 Solicit message from the DHCPv6 client, when an IPv6 session is used to provide connectivity to the user
      • A PPP LCP Config Request message from the DHCPv6 client, when a PPP or PPPv6 session is used to provide connectivity to the user
      • A DHCP Discover message from the DHCP client, when an IP session is used to provide connectivity to the user
    • The RADIUS server receives the Access-Request message, validates the NAS, and replies with an Access-Accept message if the request is approved. The Access-Accept message contains the PCP-Server-Name VSA.
    • The NAS uses the PCP server name returned in the PCP-Server-Name VSA to populate the OPTION_PCP_SERVER option:
      • For the DHCP client, the PCP Server Name option is populated with the PCP server name

        Note: The NAS returns the PCP server name if the DHCP client has specified the OPTION_PCP_SERVER option in the Parameter Request List Option.

      • For the DHCPv6 client, the PCP Server Name option is populated with the PCP server name

        Note: The NAS returns the PCP server name only if the DHCPv6 client has explicitly included the OPTION_PCP_SERVER option in its OPTION_ORO option.

    After receiving the PCP-Server-Name VSA in the initial Access-Accept message, the NAS stores the received PCP server name locally. When the DHCP or DHCPv6 client sends a DHCP or DHCPv6 renew message to request an extension of the lifetimes for the assigned address or prefix, the NAS does not initiate a new Access-Request message. The NAS retrieves the stored PCP server name and uses it in its reply message.

    Note: The NAS sends a new Access-Request message when the DHCP or DHCPv6 client initiates a Rebind/Reply message exchange with the NAS.

    Published: 2014-08-13