Имеем:
root@ххххххх:/usr/local/BGRadiusDialup# ./radius_status.sh
version 5.1 build 298 from 02.12.2011 13:05:01
05.01.2012 15:06:28
Настроили NAS Cisco 7200, тариф, все как надо, в логах connection.log отображается следующее:
01-05/23:40:22 INFO [Thread-22] connections - [ 0000; coa; 58827 ] Tariff option set was changed.
01-05/23:40:22 INFO [Thread-22] connections - [ 0000; coa; 58827 ] Taking zone Turbo 128k from response on calculate sid=41
01-05/23:40:22 INFO [Thread-22] connections - [ 0000; coa; 58827 ] Changed tariff zone from 64k to Turbo 128k
01-05/23:40:22 INFO [Thread-39] connections - [ 0000; coa; 58827 ] Change zone do: 05.01.2012 23:00:00
01-05/23:40:22 INFO [Thread-39] connections - [ 0000; coa; 58827 ] Need CoA request
01-05/23:40:22 INFO [nas-con-insp-PodNasConnectionInspector-Cisco CoA] connections - [ 0000; coa; 58827 ] CoA packet on хх.ххх.ххх.ххх:1700
Packet type: CoA-Request
Identifier: 1
Authenticator: {11 90 66 76 E3 64 62 BE C7 EE A3 32 AA 1D 31 78}
Attributes:
User-Name=coa
Framed-IP-Address=хх.ххх.ххх.хх
Acct-Session-Id=00000041
cisco-avpair=lcp:interface-config=rate-limit output access-group 112 128000 24000 48000 conform-action transmit exceed-action drop
cisco-avpair=lcp:interface-config=rate-limit input access-group 111 128000 24000 48000 conform-action transmit exceed-action drop
01-05/23:40:22 INFO [nas-con-insp-PodNasConnectionInspector-Cisco CoA] connections - [ 0000; coa; 58827 ] CoA packet response:
Packet type: CoA-ACK
Identifier: 1
Authenticator: {C6 FD EB CE 7C 0C 50 9A F0 10 62 21 A5 EB 12 A3}
Attributes: UNKNOWN[-1-101]={00 00 00 C8}
То есть коа запрос с радиуса уходит корректно.
Но на самой циске ничего не происходит - скорость была 64к, так и остается 64к.
Если переподключиться - вступает в действие актуальная скорость 128к.
Не смогли нигде узнать, что означает эта строка в CoA response:
Attributes: UNKNOWN[-1-101]={00 00 00 C8}
Конфиг циски:
Код:
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname coa
!
boot-start-marker
boot-end-marker
!
enable secret 5 ххх
enable password 7 ххх
!
aaa new-model
aaa session-mib disconnect
!
!
aaa group server radius auth
server хх.ххх.ххх.ххх auth-port 1812 acct-port 1813
authorization request accept add
!
aaa authentication login default local
aaa authentication ppp default group auth
aaa authorization network default group auth
aaa authorization subscriber-service default group auth
aaa accounting delay-start all
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
!
aaa nas port extended
!
aaa server radius dynamic-author
client хх.ххх.ххх.ххх
server-key 7 ххх
auth-type any
ignore session-key
ignore server-key
!
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone PST 6
ip subnet-zero
ip flow-cache entries 524288
ip flow-cache timeout inactive 10
ip flow-cache timeout active 1
ip cef
!
!
ip domain name totel.kg
ip name-server хх.ххх.ххх.ххх
ip name-server хх.ххх.ххх.х
no ip dhcp use vrf connected
!
subscriber authorization enable
vpdn enable
!
call rsvp-sync
!
archive
log config
hidekeys
!
class-map type traffic match-any Internet
match access-group output name Internet-out
match access-group input name Internet-in
!
class-map type traffic match-any Local
match access-group output name Local-out
match access-group input name Local-in
!
policy-map type service Local-Acct
class type traffic Local
accounting aaa list PPPoE
!
class type traffic default in-out
drop
!
policy-map type service Internet-Acct
class type traffic Internet
accounting aaa list PPPoE
!
class type traffic default in-out
drop
!
bba-group pppoe global
virtual-template 2
sessions max limit 800
ac name c7206VXR
sessions per-mac throttle 1 30 30
sessions auto cleanup
!
interface Virtual-Template2
mtu 1492
ip unnumbered Loopback0
ip mtu 1492
ppp max-bad-auth 3
ppp dnis 7206VXR
ppp authentication pap chap ms-chap-v2
ppp authorization radius
ppp timeout retry 3
ppp timeout authentication 45
ppp timeout idle 3600
!
ip local pool PPPoE 172.16.21.2 172.16.21.254
ip classless
ip route 0.0.0.0 0.0.0.0 хх.ххх.ххх.хх
ip route 0.0.0.0 255.0.0.0 Null0
ip route 10.0.0.0 255.0.0.0 Null0
ip flow-export source FastEthernet4/0
ip flow-export version 5
ip flow-export destination хх.ххх.ххх.ххх 5006
ip flow-export destination хх.ххх.ххх.ххх 5001
!
no ip http server
!
access-list 111 permit ip хх.ххх.ххх.хх 0.0.0.7 any
access-list 112 permit ip any хх.ххх.ххх.хх 0.0.0.7
!
snmp-server community public RO 1
snmp-server ifindex persist
snmp-server enable traps tty
!
radius-server attribute 44 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format ietf
radius-server attribute 31 remote-id
radius-server host хх.ххх.ххх.ххх auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 30
radius-server deadtime 1
radius-server key 7 ххх
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
!
end
Подскажите пожалуйста, куда копнуть. Может что-то глобально не так делаем.
Вход
Регистрация
FAQ
Поиск
