Authentication of a data trigger can use LUDB configured in an IPoE session statement under a group interface.
To identify the source IPv4/IPv6 address of data-trigger packets, the IP prefix in the local user database can be configured with host-identification:
local-user-db "LUDB_DT" create
ipoe
match-list ip
host "10.0.0.8" create
host-identification
ip-prefix 10.0.0.8/29
exit
host "2001:1:b::1" create
shutdown
host-identification
ip-prefix 2001:a:b::1/128
For RADIUS authentication, the circuit ID includes the source IPv4/IPv6 address of the data-trigger packet:
authentication-policy "AUTH1" create
user-name-format circuit-id
include-radius-attribute
circuit-id
exit
If IPoE session policy uses circuit ID to identify each session, a new IPoE session is created for each source IPv4/IPv6 address. However, RADIUS can return the circuit ID to merge multiple IPoE sessions with the same SAP, MAC, and circuit ID into a single session.
A host is created using the IPv4/IPv6 source address of the data trigger (a /32 address for IPv4 or a /128 address for IPv6), but IPv6 data-triggered hosts can be created as an IPv6 prefix by configuring ipv6-delegated-address in the local user database host entry.
RADIUS can return the following AVPs to model the address/prefix of the data-triggered host:
Framed-IP-Address: /32 IPv4 address of the host
Framed-Route: managed IPv4 route with the host as next hop
Alc-IPv6-Address: /128 IPv6 address of the host
Delegated-IPv6-Prefix: IPv6 prefix of the host
Framed-IPv6-Route: managed IPv6 route with the host as next hop
Information on multiple hosts can be returned in a single Access-Accept message when the nh-mac anti-spoof command is configured. This is mandatory when provisioning dual-stack hosts with the same SAP and MAC addresses with nh-mac anti-spoof configured but is mutually exclusive with the CID key in the IPoE session policy.