forum.bitel.ru :: Просмотр темы - Проблемки при настройке ASR1002

radius-server attribute nas-port format e VVVVVVVVUUUUUUUUUUUUUUUUUUUUUUUU

03-23/19:14:46 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ ****; u123456; 216 ] CoA packet on x.x.x.x:1700
Packet type: CoA-Request
Identifier: 2
Authenticator: {DA 1D 4F DC 79 32 1A 8D A7 3B 11 6F 34 10 AD 64}
Attributes:
Acct-Interim-Interval=60
User-Name=u123456
Service-Type=2
Framed-Protocol=1
Framed-IP-Address=x.x.x.x
Framed-Pool=asrpool
Acct-Session-Id=0/0/1/5_0000D3AE
cisco-avpair=ip:sub-policy-In=pppoe_3000_in
cisco-avpair=ip:sub-policy-Out=pppoe_3000_out

03-23/19:14:46 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ ****; u123456; 216 ] CoA packet response:
Packet type: CoA-NAK
Identifier: 2
Authenticator: {50 38 69 07 85 41 AF 88 D9 DE 08 00 61 00 34 0F}
Attributes:
User-Name=u123456
UNKNOWN[-1-101]={00 00 01 94}
Reply-Message=No config found to push
Framed-IP-Address=x.x.x.x

aaa new-model
aaa session-mib disconnect
!
!
aaa group server radius PPPoE
server x.x.x.x auth-port 1812 acct-port 1813
!
aaa authentication ppp PPPoE group PPPoE
aaa authorization network PPPoE group PPPoE
aaa accounting network PPPoE start-stop group PPPoE
!
!
!
!
aaa server radius dynamic-author
client x.x.x.x server-key 7 blah
client x.x.x.x server-key 7 blah
server-key 7 blah
auth-type any
ignore session-key
ignore server-key
!
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone Ekateri 5
clock summer-time Ekaterinburg recurring last Sun Mar 2:00 last Sun Oct 2:00
ip source-route
!
!
ip name-server x.x.x.x
ip name-server xx.x.xx.x
ip name-server vrf Mgmt-intf x.x.x.x
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group l2tp
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
no l2tp tunnel authentication

class-map match-all pppoe_inet_out
match access-group 131
class-map match-all pppoe_loc_in
match access-group 122
class-map match-all pppoe_inet_in
match access-group 121
class-map match-all pppoe_loc_out
match access-group 132
!
policy-map pppoe_300_in
class pppoe_inet_in
police 300000 56250 112500 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_2000_out
class pppoe_inet_out
police 2048000 384000 768000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_300_out
class pppoe_inet_out
police 300000 56250 112500 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_5000_in
class pppoe_inet_in
police 5000000 937500 1875000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_1000_in
class pppoe_inet_in
police 1024000 192000 384000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_2000_in
class pppoe_inet_in
police 2048000 384000 768000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_5000_out
class pppoe_inet_out
police 5000000 937500 1875000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_4000_in
class pppoe_inet_in
police 4096000 768000 1536000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_600_in
class pppoe_inet_in
police 600000 112500 225000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_600_out
class pppoe_inet_out
police 600000 112500 225000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_3000_in
class pppoe_inet_in
police 3072000 576000 1152000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_4000_out
class pppoe_inet_out
police 4096000 768000 1536000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_3000_out
class pppoe_inet_out
police 3072000 576000 1152000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_1000_out
class pppoe_inet_out
police 1024000 192000 384000 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_750_out
class pppoe_inet_out
police 750000 140625 281250 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_out
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop
policy-map pppoe_750_in
class pppoe_inet_in
police 750000 140625 281250 conform-action transmit exceed-action drop violate-action drop
class pppoe_loc_in
police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop

bba-group pppoe PPPoE
virtual-template 1
sessions per-mac limit 1
sessions auto cleanup
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
pppoe enable group PPPoE
!
interface GigabitEthernet0/0/0.15
encapsulation dot1Q 15
pppoe enable group PPPoE
!
... и так далее по вланам на разных интерфейсах

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0/3
no peer default ip address
ppp authentication chap PPPoE
ppp authorization PPPoE
ppp accounting PPPoE
!
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format ietf
radius-server attribute 31 send nas-port-detail
radius-server attribute 31 remote-id
radius-server host x.x.x.x auth-port 1812 acct-port 1813
radius-server key 7 blahblah
radius-server vsa send cisco-nas-port
!
control-plane

aaa policy interface-config allow-subinterface

03-24/11:31:20 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ vega-tester; vegatester; 95545 ] CoA packet on x.x.x.x:1700
Packet type: CoA-Request
Identifier: 4
Authenticator: {1D F3 0A CF 76 5E 86 2B 6C 12 6B E7 D9 22 48 96}
Attributes:
User-Name=vegatester
Framed-IP-Address=x.x.x.x
Acct-Session-Id=0/0/3/0_00011407
cisco-avpair=ip:sub-policy-In=pppoe_3000_in
cisco-avpair=ip:sub-policy-Out=pppoe_3000_out
cisco-avpair=lcp:interface-config=ip access-group 101 in

03-24/11:31:20 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ vega-tester; vegatester; 95545 ] CoA packet response:
Packet type: CoA-ACK
Identifier: 4
Authenticator: {6E F0 C7 D2 58 AD F3 E0 70 62 69 A7 E8 12 22 E0}
Attributes:
User-Name=vegatester
UNKNOWN[-1-101]={00 00 00 C8}
Reply-Message=No Reply Message
Framed-IP-Address=x.x.x.x

Mar 24 06:30:07.989: COA: x.x.x.x request queued
Mar 24 06:30:07.989: RADIUS: authenticator 1D F3 0A CF 76 5E 86 2B - 6C 12 6B E 7 D9 22 48 96
Mar 24 06:30:07.989: RADIUS: User-Name [1] 12 "vegatester"
Mar 24 06:30:07.989: RADIUS: Framed-IP-Address [8] 6 x.x.x.x
Mar 24 06:30:07.989: RADIUS: Acct-Session-Id [44] 18 "0/0/3/0_00011407"
Mar 24 06:30:07.989: RADIUS: Vendor, Cisco [26] 38
Mar 24 06:30:07.989: RADIUS: Cisco AVpair [1] 32 "ip:sub-policy-In=pp poe_3000_in"
Mar 24 06:30:07.989: RADIUS: Vendor, Cisco [26] 40
Mar 24 06:30:07.989: RADIUS: Cisco AVpair [1] 34 "ip:sub-policy-Out=p ppoe_3000_out"
Mar 24 06:30:07.989: RADIUS: Vendor, Cisco [26] 51
Mar 24 06:30:07.989: RADIUS: Cisco AVpair [1] 45 "lcp:interface-confi g=ip access-group 101 in"
Mar 24 06:30:07.990: ++++++ CoA Attribute List ++++++
Mar 24 06:30:07.990: 3CE9BCEC 0 00000009 username(432) 10 vegatester
Mar 24 06:30:07.990: 3CE9C8BC 0 00000001 addr(8) 4 x.x.x.x
Mar 24 06:30:07.990: 3CE9C8CC 0 00000001 session-id(394) 4 70663(11407)
Mar 24 06:30:07.990: 3CE9C8DC 0 00000009 sub-policy-In(405) 13 pppoe_3000_in
Mar 24 06:30:07.990: 3CE9C8EC 0 00000009 sub-policy-Out(407) 14 pppoe_3000_out
Mar 24 06:30:07.990: 3CE9C8FC 0 00000009 interface-config(210) 22 ip access-grou p 101 in

Unique Session ID: 144
Identifier: vegatester
SIP subscriber access type(s): PPPoE/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 00:33:25, Last Changed: 00:00:19
Interface: Virtual-Access1.20

Policy information:
Authentication status: authen

Session inbound features:
Feature: QoS Policy Map
Input Policy Map: pppoe_4000_in

Session outbound features:
Feature: QoS Policy Map
Output Policy Map: pppoe_4000_out

Non-datapath features:
Feature: IP Config
Peer IP Address: x.x.x.x (F/F)
Address Pool: [None] (F)
Unnumbered Intf: [None]
Feature: Interface-Config

Configuration sources associated with this session:
Interface: Virtual-Template1, Active Time = 00:37:19

aaa policy interface-config allow-subinterface

cisco-avpair="lcp:interface-config=allow-subinterface=yes"

cisco-avpair="lcp:allow-subinterface=yes"

aaa server radius dynamic-author
ignore session-key
ignore server-key
^^^^^^^^^^^^
вот эти 2 строчки

interface GigabitEthernet0/0/0.15
encapsulation dot1Q 15
pppoe enable group PPPoE
!
... и так далее по вланам на разных интерфейсах

int gi 0/0/0
vlan-range dot1q 15 <последний VID где есть РРРоЕ>
pppoe enable group PPPoE

Cisco-AVPair=lcp:interface-config=ip access-group 101 in

aaa policy interface-config allow-subinterface

attrset.7.title=750kb
attrset.7.attributes=Cisco-AVPair=lcp:interface-config=service-policy input pppoe_750_in;Cisco-AVPair=lcp:interface-config=service-policy output pppoe_750_out

aaa policy interface-config allow-subinterface

Автор:	SEA-Jay [ 27 дек 2010, 13:36 ]
Заголовок сообщения:	Проблемки при настройке ASR1002
Прикупили новый девайс Cisco ASR1002 Конфиг исправно работающий слили с 7201. Все завелось без особых проблем, но при авторизации пользователей в возращенных атрибутах NAS-Port-Id=0/0/0/0 (раньше отображался номер интерфейса с которого авторизовался пользователь) В чем может быть трабла? Версия IOS asr1000rp1-adventerprise.02.03.01t.122-33.XNC1t.bin настройки CISCO ........ aaa session-id common aaa policy interface-config allow-subinterface ......... bba-group pppoe global virtual-template 1 sessions max limit 10000 sessions per-vlan limit 2000 ! interface Loopback0 ip address 192.168.200.2 255.255.255.0 .............. interface Virtual-Template1 ip unnumbered Loopback0 ip access-group 113 in ip flow ingress ip flow egress no peer default ip address ppp authentication chap pap callin ............... radius-server attribute 44 include-in-access-req radius-server attribute 44 include-in-access-req vrf default no radius-server attribute 77 include-in-acct-req no radius-server attribute 77 include-in-access-req radius-server attribute 6 on-for-login-auth radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU radius-server attribute 31 mac format ietf radius-server configure-nas radius-server host 1.1.1.2 auth-port 1812 acct-port 1813 radius-server retransmit 10 radius-server timeout 10 radius-server deadtime 1 radius-server key 7 04095A5056701D radius-server vsa send accounting radius-server vsa send authentication bridge 1 protocol ieee bridge 1 route ip ......... Игры с radius-server attribute nas-port format (от а до d) ни к чему хорошему не приводят. Интерфейс начинает отображаться, но параметр NAS-Port начимнает приобретать значения рэндом. Отсюда невозможность мониторить сессию и не сбросить. лог с билинга Type=AUTHENTICATION_REQUEST Attributes: User-Name=mirag NAS-Port-Id=0/0/0/0 CHAP-Password=\z?6??0^ NAS-IP-Address=1.5.40.8 NAS-Port=12265 Service-Type=2 Framed-Protocol=1 Calling-Station-Id=0026.5ab0.015f Acct-Session-Id=00002FE9 NAS-Port-Type=15 cisco-avpair=client-mac-address=0026.5ab0.015f 23 23:05:05 Type=AUTHENTICATION_ACCEPT Process time auth: 309 init_tariff: 2; set_ip: 1; common_auth: 182 Attributes: Acct-Interim-Interval=60 Service-Type=2 Framed-Protocol=1 Framed-IP-Address=192.168.98.208 cisco-avpair=ip:sub-policy-Out=4096K_OUT cisco-avpair=ip:sub-policy-In=4096K_IN cisco-avpair=lcp:interface-config=ip policy route-map NAT Trace: Login found. 23 23:05:06 Type=ACCOUNTING_REQUEST Attributes: User-Name=mirag NAS-Port-Id=0/0/0/0 NAS-IP-Address=1.5.40.8 NAS-Port=12265 Service-Type=2 Framed-Protocol=1 Acct-Status-Type=1 Acct-Delay-Time=0 Calling-Station-Id=0026.5ab0.015f NAS-Port-Type=15 Acct-Session-Id=00002FE9 Acct-Authentic=1 cisco-avpair=connect-progress=Call Up cisco-avpair=client-mac-address=0026.5ab0.015f <VendorCode[9]><AttrCode[37]>=undef <VendorCode[9]><AttrCode[38]>=undef Что можно колупнуть чтобы увидеть номер интерфейса?

Автор:	corban [ 28 дек 2010, 16:49 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
можно использовать Код: radius-server attribute nas-port format e VVVVVVVVUUUUUUUUUUUUUUUUUUUUUUUU чтобы узнать с какого влана пришел клиент. Может чем поможет. А так, поиграться со строкой, как описано здесь. Правда надо проверить поддержку команды для вашей версии IOS.

Автор:	SEA-Jay [ 29 дек 2010, 13:05 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
Помогло. Спасибо! ))

Автор:	Kostiksnz [ 23 мар 2011, 20:15 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
помогите пожалуйста с CoA connection.log Код: 03-23/19:14:46 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ **; u123456; 216 ] CoA packet on x.x.x.x:1700 Packet type: CoA-Request Identifier: 2 Authenticator: {DA 1D 4F DC 79 32 1A 8D A7 3B 11 6F 34 10 AD 64} Attributes: Acct-Interim-Interval=60 User-Name=u123456 Service-Type=2 Framed-Protocol=1 Framed-IP-Address=x.x.x.x Framed-Pool=asrpool Acct-Session-Id=0/0/1/5_0000D3AE cisco-avpair=ip:sub-policy-In=pppoe_3000_in cisco-avpair=ip:sub-policy-Out=pppoe_3000_out 03-23/19:14:46 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ **; u123456; 216 ] CoA packet response: Packet type: CoA-NAK Identifier: 2 Authenticator: {50 38 69 07 85 41 AF 88 D9 DE 08 00 61 00 34 0F} Attributes: User-Name=u123456 UNKNOWN[-1-101]={00 00 01 94} Reply-Message=No config found to push Framed-IP-Address=x.x.x.x в чем может быть причина?

Автор:	Kostiksnz [ 23 мар 2011, 21:50 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
Kostiksnz писал(а): помогите пожалуйста с CoA connection.log Код: 03-23/19:14:46 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ **; u123456; 216 ] CoA packet on x.x.x.x:1700 Packet type: CoA-Request Identifier: 2 Authenticator: {DA 1D 4F DC 79 32 1A 8D A7 3B 11 6F 34 10 AD 64} Attributes: Acct-Interim-Interval=60 User-Name=u123456 Service-Type=2 Framed-Protocol=1 Framed-IP-Address=x.x.x.x Framed-Pool=asrpool Acct-Session-Id=0/0/1/5_0000D3AE cisco-avpair=ip:sub-policy-In=pppoe_3000_in cisco-avpair=ip:sub-policy-Out=pppoe_3000_out 03-23/19:14:46 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ **; u123456; 216 ] CoA packet response: Packet type: CoA-NAK Identifier: 2 Authenticator: {50 38 69 07 85 41 AF 88 D9 DE 08 00 61 00 34 0F} Attributes: User-Name=u123456 UNKNOWN[-1-101]={00 00 01 94} Reply-Message=No config found to push Framed-IP-Address=x.x.x.x в чем может быть причина? я как понимаю причина в Acct-Session-Id session.mode = разные пробовал - атрибут не меняется

forum.bitel.ru http://forum.bitel.ru/

Проблемки при настройке ASR1002 http://forum.bitel.ru/viewtopic.php?f=5&t=4952	Страница 1 из 1

Автор:	snark [ 24 мар 2011, 11:39 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
конфиг кота покажите в теге code

Автор:	Kostiksnz [ 24 мар 2011, 11:50 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
snark писал(а): конфиг кота покажите в теге code добавил cisco-avpair=lcp:interface-config= с пермитным акцесс листом... так чисто для виду - и заработало Оо

Автор:	snark [ 24 мар 2011, 12:01 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
все же покажите конфиг кота, т.к. если он такой же как в 1-м сообщении SEA-Jay писал(а): bridge 1 protocol ieee bridge 1 route ip то это ппц

Автор:	Kostiksnz [ 24 мар 2011, 12:16 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
snark писал(а): все же покажите конфиг кота, т.к. если он такой же как в 1-м сообщении SEA-Jay писал(а): bridge 1 protocol ieee bridge 1 route ip то это ппц не - такого нет Код: aaa new-model aaa session-mib disconnect ! ! aaa group server radius PPPoE server x.x.x.x auth-port 1812 acct-port 1813 ! aaa authentication ppp PPPoE group PPPoE aaa authorization network PPPoE group PPPoE aaa accounting network PPPoE start-stop group PPPoE ! ! ! ! aaa server radius dynamic-author client x.x.x.x server-key 7 blah client x.x.x.x server-key 7 blah server-key 7 blah auth-type any ignore session-key ignore server-key ! aaa session-id common aaa policy interface-config allow-subinterface clock timezone Ekateri 5 clock summer-time Ekaterinburg recurring last Sun Mar 2:00 last Sun Oct 2:00 ip source-route ! ! ip name-server x.x.x.x ip name-server xx.x.xx.x ip name-server vrf Mgmt-intf x.x.x.x ! ! ! ! ! multilink bundle-name authenticated vpdn enable ! vpdn-group l2tp ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 2 no l2tp tunnel authentication class-map match-all pppoe_inet_out match access-group 131 class-map match-all pppoe_loc_in match access-group 122 class-map match-all pppoe_inet_in match access-group 121 class-map match-all pppoe_loc_out match access-group 132 ! policy-map pppoe_300_in class pppoe_inet_in police 300000 56250 112500 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_2000_out class pppoe_inet_out police 2048000 384000 768000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_300_out class pppoe_inet_out police 300000 56250 112500 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_5000_in class pppoe_inet_in police 5000000 937500 1875000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_1000_in class pppoe_inet_in police 1024000 192000 384000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_2000_in class pppoe_inet_in police 2048000 384000 768000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_5000_out class pppoe_inet_out police 5000000 937500 1875000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_4000_in class pppoe_inet_in police 4096000 768000 1536000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_600_in class pppoe_inet_in police 600000 112500 225000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_600_out class pppoe_inet_out police 600000 112500 225000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_3000_in class pppoe_inet_in police 3072000 576000 1152000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_4000_out class pppoe_inet_out police 4096000 768000 1536000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_3000_out class pppoe_inet_out police 3072000 576000 1152000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_1000_out class pppoe_inet_out police 1024000 192000 384000 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_750_out class pppoe_inet_out police 750000 140625 281250 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_out police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop policy-map pppoe_750_in class pppoe_inet_in police 750000 140625 281250 conform-action transmit exceed-action drop violate-action drop class pppoe_loc_in police 10000000 1875000 3750000 conform-action transmit exceed-action drop violate-action drop bba-group pppoe PPPoE virtual-template 1 sessions per-mac limit 1 sessions auto cleanup ! ! interface GigabitEthernet0/0/0 no ip address negotiation auto pppoe enable group PPPoE ! interface GigabitEthernet0/0/0.15 encapsulation dot1Q 15 pppoe enable group PPPoE ! ... и так далее по вланам на разных интерфейсах interface Virtual-Template1 ip unnumbered GigabitEthernet0/0/3 no peer default ip address ppp authentication chap PPPoE ppp authorization PPPoE ppp accounting PPPoE ! radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU radius-server attribute 31 mac format ietf radius-server attribute 31 send nas-port-detail radius-server attribute 31 remote-id radius-server host x.x.x.x auth-port 1812 acct-port 1813 radius-server key 7 blahblah radius-server vsa send cisco-nas-port ! control-plane одновременно с подачей конфиг атрибута еще в конфиг добавил Код: aaa policy interface-config allow-subinterface мб оно повлияло...

Автор:	Kostiksnz [ 24 мар 2011, 12:35 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
теперь все интереснее Код: 03-24/11:31:20 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ vega-tester; vegatester; 95545 ] CoA packet on x.x.x.x:1700 Packet type: CoA-Request Identifier: 4 Authenticator: {1D F3 0A CF 76 5E 86 2B 6C 12 6B E7 D9 22 48 96} Attributes: User-Name=vegatester Framed-IP-Address=x.x.x.x Acct-Session-Id=0/0/3/0_00011407 cisco-avpair=ip:sub-policy-In=pppoe_3000_in cisco-avpair=ip:sub-policy-Out=pppoe_3000_out cisco-avpair=lcp:interface-config=ip access-group 101 in 03-24/11:31:20 INFO [nas-con-insp-PodNasConnectionInspector-ASR1k2] connections - [ vega-tester; vegatester; 95545 ] CoA packet response: Packet type: CoA-ACK Identifier: 4 Authenticator: {6E F0 C7 D2 58 AD F3 E0 70 62 69 A7 E8 12 22 E0} Attributes: User-Name=vegatester UNKNOWN[-1-101]={00 00 00 C8} Reply-Message=No Reply Message Framed-IP-Address=x.x.x.x дебаг coa Код: Mar 24 06:30:07.989: COA: x.x.x.x request queued Mar 24 06:30:07.989: RADIUS: authenticator 1D F3 0A CF 76 5E 86 2B - 6C 12 6B E 7 D9 22 48 96 Mar 24 06:30:07.989: RADIUS: User-Name [1] 12 "vegatester" Mar 24 06:30:07.989: RADIUS: Framed-IP-Address [8] 6 x.x.x.x Mar 24 06:30:07.989: RADIUS: Acct-Session-Id [44] 18 "0/0/3/0_00011407" Mar 24 06:30:07.989: RADIUS: Vendor, Cisco [26] 38 Mar 24 06:30:07.989: RADIUS: Cisco AVpair [1] 32 "ip:sub-policy-In=pp poe_3000_in" Mar 24 06:30:07.989: RADIUS: Vendor, Cisco [26] 40 Mar 24 06:30:07.989: RADIUS: Cisco AVpair [1] 34 "ip:sub-policy-Out=p ppoe_3000_out" Mar 24 06:30:07.989: RADIUS: Vendor, Cisco [26] 51 Mar 24 06:30:07.989: RADIUS: Cisco AVpair [1] 45 "lcp:interface-confi g=ip access-group 101 in" Mar 24 06:30:07.990: ++++++ CoA Attribute List ++++++ Mar 24 06:30:07.990: 3CE9BCEC 0 00000009 username(432) 10 vegatester Mar 24 06:30:07.990: 3CE9C8BC 0 00000001 addr(8) 4 x.x.x.x Mar 24 06:30:07.990: 3CE9C8CC 0 00000001 session-id(394) 4 70663(11407) Mar 24 06:30:07.990: 3CE9C8DC 0 00000009 sub-policy-In(405) 13 pppoe_3000_in Mar 24 06:30:07.990: 3CE9C8EC 0 00000009 sub-policy-Out(407) 14 pppoe_3000_out Mar 24 06:30:07.990: 3CE9C8FC 0 00000009 interface-config(210) 22 ip access-grou p 101 in sh sss session username vegatester Код: Unique Session ID: 144 Identifier: vegatester SIP subscriber access type(s): PPPoE/PPP Current SIP options: Req Fwding/Req Fwded Session Up-time: 00:33:25, Last Changed: 00:00:19 Interface: Virtual-Access1.20 Policy information: Authentication status: authen Session inbound features: Feature: QoS Policy Map Input Policy Map: pppoe_4000_in Session outbound features: Feature: QoS Policy Map Output Policy Map: pppoe_4000_out Non-datapath features: Feature: IP Config Peer IP Address: x.x.x.x (F/F) Address Pool: [None] (F) Unnumbered Intf: [None] Feature: Interface-Config Configuration sources associated with this session: Interface: Virtual-Template1, Active Time = 00:37:19 шлет, принимает, но ничего не меняет

Автор:	snark [ 24 мар 2011, 13:31 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
Kostiksnz писал(а): теперь все интереснее ну дык Kostiksnz писал(а): в конфиг добавил Код: aaa policy interface-config allow-subinterface вот оно и сыграло cisco.com писал(а): A full virtual-access interface is created if a virtual-template or RADIUS feature does not support virtual-access subinterfaces. The Cisco ASR1000 Series Routers only support virtual-access subinterfaces. cisco.com писал(а): Router on a subinterface that has RADIUS attributes (such as an lcp:interface-config) creating full virtual access for broadband access (BBA) sessions да, раз включили в конфиге - не посылайте Код: cisco-avpair="lcp:interface-config=allow-subinterface=yes" или Код: cisco-avpair="lcp:allow-subinterface=yes" а то кота плющить будет Kostiksnz писал(а): шлет, принимает, но ничего не меняет попробуйте удалить это Kostiksnz писал(а): Код: aaa server radius dynamic-author ignore session-key ignore server-key ^^^^^^^^^^^^ вот эти 2 строчки Kostiksnz писал(а): Код: interface GigabitEthernet0/0/0.15 encapsulation dot1Q 15 pppoe enable group PPPoE ! ... и так далее по вланам на разных интерфейсах vlan-range? Код: int gi 0/0/0 vlan-range dot1q 15 <последний VID где есть РРРоЕ> pppoe enable group PPPoE только обязательно проверьте! а то фича хоть и хорошая, но порой в каком-нить IOS-е ее ломают

Автор:	Kostiksnz [ 24 мар 2011, 14:44 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
не стал посылать Код: Cisco-AVPair=lcp:interface-config=ip access-group 101 in опять начали приходить NAK

Автор:	snark [ 24 мар 2011, 15:20 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
в скрипте предобработки приведите Acct-Session-Id из "0/0/3/0_00011407" к "00011407" думаю после этого будет нормально все

Автор:	Kostiksnz [ 25 мар 2011, 14:29 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
так как команда Код: aaa policy interface-config allow-subinterface делает субинтерфейс "как бы" реальным интерфейсом то шейпинг на него вешать и надо как на реальный интерфейс Код: attrset.7.title=750kb attrset.7.attributes=Cisco-AVPair=lcp:interface-config=service-policy input pppoe_750_in;Cisco-AVPair=lcp:interface-config=service-policy output pppoe_750_out все заработало таким вот образом )

Страница 1 из 1	Часовой пояс: UTC + 5 часов [ Летнее время ]
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/

Автор:	snark [ 25 мар 2011, 19:55 ]
Заголовок сообщения:	Re: Проблемки при настройке ASR1002
Kostiksnz писал(а): так как команда Код: aaa policy interface-config allow-subinterface делает субинтерфейс "как бы" реальным интерфейсом ну дык а я об чем выше писал то? cisco.com писал(а): full virtual-access interface is created просто я по быстрому не нашел описания этой комманды и надергал цитат из разных мест не связанных с описанием этой комманды/фичи, но думаю что общий смысл того что делает эта комманда они передали ... но т.к. не передали (сумбурно все, ага), то пожалуй что тут есть более-менее внятное объяснение