Настроил биллинг и циску по статье
http://wiki.bitel.ru/index.php/ISG,_схема_со_стартом_сессии_и_ее_авторизацией_по_IP,_выдача_адресов_на_основе_option82
Сессия поднимаеться
Код:
==> BGInetAccess/log/all.log <==
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetAbstractDhcpProcessor - REQUEST:
Message type: BOOT_REQUEST
Dhcp message type: DHCP Request{3}
htype: 1, hlen: 6, hops: 1
xid: 1929576717, secs: 0, flags: 0
Client IP: 194.33.xx.5
Your IP: 0.0.0.0
Server IP: 0.0.0.0
Relay IP: 194.33.xx.1
Client MAC: {DC9FDB01C6E0}
{61}={01DC9FDB01C6E0}
Host name{12}={UBNT}
{60}={756468637020312E31312E32}
Parameter request list{55}={1, 3, 6, 12, 15, 28, 42}
Agent information{82}=
sub{1}={000400280101}
sub{2}={0006ECCD6D6F6902}
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetDhcpDevice - Search serv on deviceId: 10; 1; interfaceId: 1
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetDhcpProcessor - InetServ found: ContractId: 17; servId: 13
Switch: ECCD6D6F6902:-1,1
Options [8:10.08.2013-01.01.1970; ] TariffModuleTreeSet [10:06.06.2013-…; ]
Device state: 1; optionSet:8
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetApplication - inetServ[id=13] balance ok: 2160.00 [0]
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetApplication - TariffOptionMap: {}
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetApplication - OptionSet: [8]
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetDhcpProcessor - Updating of existing connection: InetConnection [id=3086-0, iface=10:1, sessId=77366496, start=11.08.2013 16:03:42, uname=null, addr=194.33.xx.5]
dhcp 08-12/07:00:17 INFO [dhcpLstnr-p-11-t-10] InetAbstractDhcpProcessor - RESPONSE:
Message type: BOOT_RESPONSE
Dhcp message type: DHCP ACK{5}
htype: 1, hlen: 6, hops: 1
xid: 1929576717, secs: 0, flags: 0
Client IP: 194.33.xx.5
Your IP: 194.33.xx.5
Server IP: 0.0.0.0
Relay IP: 194.33.xx.1
Client MAC: {DC9FDB01C6E0}
Agent information{82}=
sub{1}={000400280101}
sub{2}={0006ECCD6D6F6902}
Router{3}=194.33.xx.1
Subnet mask{1}=255.255.255.0
DNS{6}={C2215414}
IP Address Lease Time{51}=600
Server Identifier{54}={C2215421}
Затем идет запрос на авторизацию сервиса
Код:
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] RadiusListenerWorker - REQUEST:
Packet type: Access-Request
Identifier: 113
Authenticator: {D8 20 7B 8F C4 E0 26 DF 77 A7 6F 9F 19 97 B2 9B}
Attributes:
User-Name=194.33.xx.5
NAS-Identifier=BRAS-1.ug.ru
NAS-Port-Id=0/0/0/40
User-Password=pass
Event-Timestamp=1376276415
NAS-IP-Address=194.33.xx.1
NAS-Port=18923
Service-Type=5
Framed-IP-Address=194.33.xx.5
Acct-Session-Id=0/0/0/40_C2215402000049EE
NAS-Port-Type=33
cisco-avpair=circuit-id-tag=000400280101
cisco-avpair=remote-id-tag=0006eccd6d6f6902
cisco-avpair=vendor-class-id-tag=udhcp 1.11.2
cisco-NAS-Port=0/0/0/40
cisco-SSG-Account-Info=S194.33.xx.5
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusProcessor - REQUEST_AFTER_PREPROCESS:
Packet type: Access-Request
Identifier: 113
Authenticator: {D8 20 7B 8F C4 E0 26 DF 77 A7 6F 9F 19 97 B2 9B}
Attributes:
User-Name=194.33.xx.5
NAS-Identifier=BRAS-1.ug.ru
NAS-Port-Id=0/0/0/40
User-Password=pass
Event-Timestamp=1376276415
NAS-IP-Address=194.33.xx.1
NAS-Port=18923
Service-Type=5
Framed-IP-Address=194.33.xx.5
Acct-Session-Id=0/0/0/40_C2215402000049EE
NAS-Port-Type=33
cisco-avpair=circuit-id-tag=000400280101
cisco-avpair=remote-id-tag=0006eccd6d6f6902
cisco-avpair=vendor-class-id-tag=udhcp 1.11.2
cisco-NAS-Port=0/0/0/40
cisco-SSG-Account-Info=S194.33.xx.5
И ответ
Код:
Common options: {agentRemoteId=eccd6d6f6902, agentCircuitId=00280101}
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusProcessor - [username=194.33.xx.5] Authenticated as inetServId:13
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetNas - Found agentDevice:10
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetApplication - inetServ[id=13] balance ok: 2160.00 [0]
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetApplication - TariffOptionMap: {}
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetApplication - OptionSet: [8]
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusProcessor - Write new waiting connection to DB
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusProcessor - New connection id=3962
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusProcessor - Return code=0
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusProcessor - RESPONSE_BEFORE_POSTPROCESS:
Packet type: Access-Accept
Identifier: 113
Authenticator: {}
Attributes:
Acct-Interim-Interval=60
Framed-IP-Address=194.33.xx.5
Idle-Timeout=1300
cisco-avpair=subscriber:accounting-list=ipoe-isg-aaa
cisco-SSG-Account-Info=AISG-10MBPS
Process time auth: 7
radius 08-12/07:01:02 INFO [rdsLstnr-p-9-t-1] InetRadiusListenerWorker - RESPONSE:
Packet type: Access-Accept
Identifier: 113
Authenticator: {C9 79 D0 BF 22 DD 9B CA A2 50 19 C9 1B 60 34 E8}
Attributes:
Acct-Interim-Interval=60
Framed-IP-Address=194.33.xx.5
Idle-Timeout=1300
cisco-avpair=subscriber:accounting-list=ipoe-isg-aaa
cisco-SSG-Account-Info=AISG-10MBPS
Process time auth: 8
И все ничего непроисходит, и опять чз время идет запрос по кругу.
Неделю с цискарем мучали циску и подгоняли конфиг, ничего особо не меняется.
конфиг циски
Код:
aaa group server radius ipoe-radius
server-private 194.33.xx.22 auth-port 1812 acct-port 1813 non-standard key xx
ip radius source-interface Loopback0
!
aaa group server radius ipoe-services-radius
server-private 194.33.xx.22 auth-port 1811 acct-port 1813 non-standard key xx
ip radius source-interface Loopback0
!
aaa authentication login ssh local
aaa authentication login ipoe-isg-aaa group ipoe-radius
aaa authorization exec ssh local
aaa authorization network ipoe-isg-aaa group ipoe-radius
aaa authorization subscriber-service default local group ipoe-services-radius
aaa accounting delay-start
aaa accounting update periodic 2
aaa accounting network ipoe-isg-aaa start-stop group ipoe-radius
!
aaa nas port extended
!
!
!
aaa server radius dynamic-author
client 194.33.xx.22 server-key x
ignore session-key
ignore server-key
!
aaa session-id unique
clock timezone MSK 4 0
!
!
!
ip dhcp smart-relay
ip dhcp relay information option
ip dhcp relay information policy keep
no ip dhcp relay information check
ip dhcp relay information trust-all
!
!
!
ip domain name ug.ru
ip name-server 194.33.xx.20
ip cef
login block-for 5 attempts 3 within 5
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
subscriber authorization enable
multilink bundle-name authenticated
!
redirect server-group NO-MONEY
server ip 194.33.xx.22 port 8080
!
ip tcp selective-ack
ip tcp timestamp
ip ssh time-out 60
ip ssh version 2
class-map type traffic match-any TRAFFIC-FOR-REDIRECT
match access-group input name traffic-for-redirect
!
class-map type traffic match-any ALL-TRAFFIC
match access-group input 101
match access-group output 102
!
class-map type traffic match-any OPENGARDEN-TRAFFIC
match access-group input 155
match access-group output 156
!
class-map type traffic match-any LOCAL-TRAFFIC
match access-group output 2110
!
class-map type control match-all TAL-SUBSCRIBERS
match source-ip-address 194.33.xx.0 255.255.255.0
!
class-map type control match-all ISG-IP-UNAUTH
match timer UNAUTH-TIMER
match authen-status unauthenticated
!
policy-map type service L4REDIRECT
20 class type traffic TRAFFIC-FOR-REDIRECT
redirect to group NO-MONEY
!
!
policy-map type service OPENGARDEN
40 class type traffic OPENGARDEN-TRAFFIC
accounting aaa list ipoe-isg-aaa
police input 1024000
police output 1024000
!
class type traffic default in-out
drop
!
!
policy-map type service ISG-LOCAL
100 class type traffic LOCAL-TRAFFIC
accounting aaa list ipoe-isg-aaa
police input 102400000
police output 102400000
!
!
policy-map type control IPoE-ISG
class type control ISG-IP-UNAUTH event timed-policy-expiry
1 service disconnect
!
class type control always event session-start
10 authorize aaa list ipoe-isg-aaa password pass identifier source-ip-address
20 set-timer UNAUTH-TIMER 1
!
class type control always event service-stop
1 service-policy type service unapply identifier service-name
10 log-session-state
!
class type control always event session-restart
10 authorize aaa list ipoe-isg-aaa password pass identifier source-ip-address
20 set-timer UNAUTH-TIMER 1
!
!
!
interface Loopback0
description --For ISG Purposes--
ip address 194.33.xx.1 255.255.255.0
!
interface GigabitEthernet0/0.40
description --ISG Test Services--
encapsulation dot1Q 40
ip unnumbered Loopback0
ip helper-address 194.33.xx.22
no ip proxy-arp
service-policy type control IPoE-ISG
ip subscriber l2-connected
initiator dhcp class-aware
!
ip forward-protocol nd
!
!
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 mandatory
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 61 extended
radius-server host 194.33.xx.22 auth-port 1812 acct-port 1813 key xx
radius-server host 194.33.xx.22 auth-port 1811 acct-port 1813 key xx
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
Вопрос куда копать ? Или менять схему ?
Могу дать доступ
ps ios 15.2S
Вход
Регистрация
FAQ
Поиск
