Configuring AAA Authentication for DHCPv6 Local Server Standalone Mode

When using authentication, AAA accepts the DHCPv6 client as a subscriber—this enables you to use show commands to monitor configuration information and statistics about the client. You can also use the logout subscriber command to manage subscribers.

Note: The nondomain portion of a constructed username must contain at least one character. Otherwise, the DHCPv6 local server rejects the DHCPv6 client without performing the AAA authentication request.

Caution: Configuring authentication on the DHCPv6 local server requires that you first disable the DHCPv6 local server for standalone mode. Your entire DHCPv6 local server configuration is removed when you disable the DHCPv6 local server. Therefore, if you want to configure authentication, you must set up the authentication parameters before you configure the DHCPv6 local server for other attributes.

To configure AAA-based authentication for DHCPv6 local server standalone mode clients:

1. Disable the DHCPv6 local server for standalone mode.
   host1(config)#no service dhcpv6-local standalone
2. Enable AAA-based authentication for DHCPv6 local server standalone mode clients.
   host1(config)#service dhcpv6-local standalone authenticate
3. Specify the password that authenticates a locally configured DHCPv6 standalone mode client. In DHCPv6 standalone mode, the password is presented to AAA in an authentication request.
   host1(config)#ip dhcpv6-local auth password to4tooL8
4. Specify the domain for a username that is locally configured for a DHCPv6 standalone mode client. The locally configured user-prefix is presented to AAA in an authentication request.
   host1(config)#ip dhcpv6-local auth domain ISP1.com
5. Specify the user-prefix for a username that is locally configured for a DHCPv6 standalone mode client. The locally configured username is presented to AAA in an authentication request.
   host1(config)#ip dhcpv6-local auth user-prefix ERX4-Boston
6. Include optional information as part of the locally configured username for a DHCPv6 standalone mode client. The optional information becomes part of the AAA subscriber record, and is then used to determine the IP address pool from which to assign the address for the DHCPv6 client.

   Use the following keywords to include specific information:

   • circuit-identifier—Specifies the circuit identifier of the interface on which the DHCPv6 client’s request was received.
   • circuit-type—Specifies the circuit type of the interface on which the DHCPv6 client’s request was received.
     host1(config)#ipv6 dhcpv6-local auth include circuit-identifierhost1(config)#ipv6 dhcpv6-local auth include circuit-type
7. (Optional) Verify your authentication configuration.

   host1(config)#show ipv6 dhcpv6-local auth config 
   
   DHCPv6 Local Server Authentication Configuration
   User-Prefix          : userPrefix
   Domain               : domain
   Password             : password
   Circuit Type         : excluded
   Circuit ID           : excluded