Jump to content
Калькуляторы

irihorn95

Пользователи
  • Posts

    54
  • Joined

  • Last visited

About irihorn95

  • Rank
    Абитуриент
    Абитуриент
  1. Спасибо всем за помощь! Прикладываю найденное решение проблемы. Блокирование потокового видео на сайтах. Работает на seasonvar, megogo и т.д. http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video) Блокирование youtube (GET \/videoplayback\?|GET \/crossdomain\.xml)
  2. Здравствуйте! Подскажите пожалуйста, кто как борется с потоковым видео на работе? Какие regexp вы используете для борьбы??
  3. Слишком много воды. Давайте по существу. Два коммутатора. При соединении друг с другом не поднимается порт? Или я не так понял.
  4. interfaces { fe-0/0/5 { unit 0 { encapsulation ppp-over-ether; } } pp0 { unit 0 { ppp-options { pap { access-profile ppp-profile; local-password "dkwoxslxqpz";##SECRET-DATA local-name "username"; passive; } } pppoe-options { underlying-interface fe-0/0/5.0; auto-reconnect 10; client; idle-timeout 0; } family inet { negotiate-address; mtu 1492; } } } } Попробуйте так.
  5. Если решили брас на микротик, то "вполне" им сойдет)
  6. Логи можно? Какой адрес выдается, если не из пула?
  7. Прозеркалируйте трафик. Дайте людям поглазеть на логи. Брас на микротике - это извращение.
  8. Проблема в том, что virtual-template у нас для PPPoE. А проблемы с IPoE. Интерфейс в сторону клиентов - gi0/1.205
  9. Здравствуйте. Подскажите в чем может быть проблема Сессия висит на bras(cisco 7201) даже после того, как вынули кабель. На биллинг шлется acct-update, из-за чего сессия постоянно считается работающей. Помогите, может кто сталкивался с такой проблемой. Конфиг браса Building configuration... Current configuration : 15383 bytes ! ! Last configuration change at 16:20:35 MSK Tue Feb 25 2014 by irihorn ! NVRAM config last updated at 12:10:01 MSK Fri Feb 21 2014 by rizvan ! version 12.2 service nagle service timestamps debug uptime service timestamps log datetime msec service password-encryption ! hostname bras ! boot-start-marker boot system flash c7200p-adventerprisek9-mz.122-33.SRE2.bin boot system flash disk0:c7200p-adventerprisek9-mz.122-33.SRE2.bin boot-end-marker ! security passwords min-length 1 logging snmp-authfail logging buffered 128000 logging console informational enable secret 5 $1$NdnT$tl9jkSpfpIefS/MyhDsev. enable password 7 1421173948102F33 ! aaa new-model ! ! ! aaa group server radius OPT82 server 10.95.11.5 auth-port 1816 acct-port 1817 ip radius source-interface GigabitEthernet0.1/11 ! ! aaa authentication login default group tacacs+ local aaa authentication login console enable none aaa authentication login CONS none aaa authentication login OPT82 group OPT82 aaa authentication enable default none aaa authorization exec default group tacacs+ local aaa authorization commands 1 default group tacacs+ local aaa authorization commands 15 default group tacacs+ local aaa authorization network OPT82 group OPT82 aaa accounting delay-start all aaa accounting jitter maximum 0 aaa accounting update periodic 10 aaa accounting commands 1 tac_acc action-type start-stop group tacacs+ ! aaa accounting commands 15 tac_acc action-type start-stop group tacacs+ ! aaa accounting network PPPoE_ISG action-type start-stop group PPPoE_ISG ! aaa accounting network REDIR-AUTH action-type start-stop group REDIR ! aaa accounting network ISG-AUTH-1 action-type start-stop group ISG-RADIUS ! aaa accounting network OPT82 action-type start-stop group OPT82 ! aaa accounting network ISG-RADIUS action-type start-stop group ISG-RADIUS ! aaa accounting network REDIR action-type start-stop group REDIR ! aaa accounting connection tac_acc action-type start-stop group tacacs+ ! aaa accounting resource tac_acc action-type start-stop-failure group tacacs+ ! ! ! ! ! aaa server radius dynamic-author client 10.95.11.5 server-key 7 XXXXXXX auth-type any ! aaa session-id common clock timezone MSK 4 rlogin trusted-remoteuser-source local rlogin trusted-localuser-source local ip source-route ip address-pool dhcp-pool ip cef ! ! ip dhcp relay information option ip dhcp relay information policy keep no ip dhcp relay information check ip dhcp relay information trust-all ip dhcp excluded-address 10.101.0.1 ip dhcp excluded-address 10.201.0.1 ip dhcp excluded-address 10.202.0.1 ! ip dhcp pool PPPoE network 10.101.0.0 255.255.0.0 default-router 10.101.0.1 dns-server domain-name vertex-com.ru lease 3 ! ip dhcp pool OPT82 update arp relay source 10.205.0.0 255.255.0.0 relay destination 10.95.11.5 ! ! no ip domain lookup ip domain name vetex-com.ru ip name-server no ipv6 cef ! subscriber feature prepaid REDIR threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author REDIR-AUTH method-list accounting REDIR-AUTH password cisco subscriber feature prepaid TEST threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author ISG-AUTH-1 method-list accounting ISG-AUTH-1 password cisco subscriber feature prepaid PREPAID threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author PPPoE_ISG method-list accounting PPPoE_ISG password cisco subscriber feature prepaid OPT82 threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author OPT82 method-list accounting OPT82 password cisco ! multilink bundle-name authenticated ! ! ! ! ip ssh authentication-retries 2 ip ssh source-interface Loopback100 ip ssh version 2 class-map type traffic match-any CLASS-TRUSTED match access-group output 198 match access-group input 198 ! class-map type control match-all ISG-IP-UNAUTH match authen-status unauthenticated match timer UNAUTH-TIMER ! policy-map type service SERVICE-TRUSTED 1 class type traffic CLASS-TRUSTED police input 64000 8000 16000 police output 64000 8000 16000 ! ! policy-map type control DOMAIN_BASED_ACCESS class type control always event session-start 10 authenticate aaa list PPPoE_ISG 20 service local ! ! policy-map type control OPT82_subs_control class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list OPT82 password OPT82 identifier auto-detect 20 set-timer UNAUTH-TIMER 1 30 service-policy type service name DENY-ALL ! class type control always event quota-depleted 1 set-param drop-traffic FALSE ! class type control always event account-logon 10 authenticate aaa list OPT82 ! class type control always event session-restart 10 authorize aaa list OPT82 identifier auto-detect ! ! policy-map type control IPOE_subs_control class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list ISG-AUTH-1 password ISG identifier source-ip-address 20 set-timer UNAUTH-TIMER 1 30 service-policy type service name DENY-ALL ! class type control always event quota-depleted 2 set-param drop-traffic FALSE ! class type control always event account-logon 10 authenticate aaa list ISG-RADIUS ! ! policy-map type control REDIR class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list REDIR-AUTH password ISG identifier source-ip-address 20 set-timer UNAUTH-TIMER 1 30 service-policy type service name DENY-ALL ! class type control always event quota-depleted 2 set-param drop-traffic FALSE ! class type control always event account-logon 10 authenticate aaa list REDIR-AUTH ! ! ! ! ! ! ! bba-group pppoe global virtual-template 2 sessions max limit 8000 ac name PPPoE sessions per-mac limit 2 sessions per-vlan limit 1000 ! ! interface Loopback0 description For | PPPoe ip address 10.101.0.1 255.255.0.0 ! interface Loopback3 description For | LAN ip address 10.201.0.1 255.255.0.0 ! ! ! interface GigabitEthernet0/0 description --- -X- | border@ge-1/0/9 ip address 10.95.0.2 255.255.255.252 no ip proxy-arp media-type sfp speed 1000 duplex auto negotiation auto ! interface GigabitEthernet0/1 description --- -X- | sw01@gi1/0/1 no ip address media-type rj45 speed auto duplex auto negotiation auto ! interface GigabitEthernet0/1.11 description --- -M- | MGMT encapsulation dot1Q 11 ip address 10.95.11.2 255.255.255.224 no ip unreachables no ip proxy-arp ip nat inside ! interface GigabitEthernet0/1.16 description BRAS-IPTV encapsulation dot1Q 16 ip address 10.95.0.22 255.255.255.252 ip access-group 199 in no ip unreachables no ip proxy-arp service-policy type control IPOE_subs_control ip subscriber routed initiator unclassified ip-address ! interface GigabitEthernet0/1.97 description MGMT | Secondary encapsulation dot1Q 97 ip address 172.31.4.6 255.255.252.0 ip access-group 197 in no ip unreachables no ip proxy-arp ip nat inside ! ! interface GigabitEthernet0/1.205 description IPoE-opt82 encapsulation dot1Q 205 ip dhcp relay information trusted ip address 10.205.0.1 255.255.0.0 ip access-group 199 in ip helper-address 10.95.11.5 no ip unreachables no ip proxy-arp service-policy type control OPT82_subs_control ip subscriber routed initiator dhcp ! ! interface GigabitEthernet0/2 no ip address no ip proxy-arp speed 1000 duplex auto negotiation auto ! interface GigabitEthernet0/2.12 encapsulation dot1Q 12 ip address 10.95.0.6 255.255.255.252 no ip unreachables no ip proxy-arp ! interface GigabitEthernet0/3 no ip address speed auto duplex auto negotiation auto ! interface Virtual-Template2 description ==For_PPPoE== ip unnumbered Loopback0 ip access-group 199 in no ip proxy-arp peer default ip address dhcp-pool PPPoE ppp authentication chap pap ms-chap callin PPPoE_ISG ppp authorization PPPoE_ISG ppp accounting PPPoE_ISG ppp ipcp dns XXXXXXXXXX ppp ipcp mask 255.255.255.255 service-policy type control DOMAIN_BASED_ACCESS ! ! ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 10.95.0.5 ! ip radius source-interface GigabitEthernet0/1.11 logging history debugging logging alarm informational logging trap debugging logging facility local5 logging 10.95.11.4 access-list 101 deny ip XXXXXXXXX 0.0.0.31 access-list 101 deny ip 10.0.0.0 0.0.0.255 10.95.0.0 0.0.0.31 access-list 197 permit ip any any access-list 198 permit ip any any access-list 198 permit tcp any any access-list 199 deny ip 192.168.0.0 0.0.255.255 any access-list 199 deny tcp any host XXXXXXX eq 22 access-list 199 deny tcp any host XXXXXXXX eq telnet access-list 199 deny tcp any host XXXXXXXXXX eq ftp access-list 199 deny icmp any host XXXXXXXXX echo access-list 199 deny tcp any XXXXXXX 0.0.0.127 eq 22 access-list 199 deny tcp any XXXXXXXXXX 0.0.0.127 eq telnet access-list 199 deny tcp any XXXXXXXXX 0.0.0.127 eq ftp access-list 199 deny icmp any XXXXXXXXX 0.0.0.127 echo access-list 199 deny icmp any 10.0.0.0 0.255.255.255 echo access-list 199 deny tcp any 10.0.0.0 0.255.255.255 eq 22 access-list 199 deny tcp any 10.0.0.0 0.255.255.255 eq telnet access-list 199 deny tcp any 10.0.0.0 0.255.255.255 eq ftp access-list 199 permit ip any any ! ! tacacs-server host 10.95.11.4 key 7 113D11041427190821207D tacacs-server directed-request radius-server attribute 44 include-in-access-req radius-server attribute 44 extend-with-addr radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server attribute 25 access-request include radius-server attribute 31 mac format unformatted radius-server attribute 31 send nas-port-detail mac-only radius-server host 10.95.11.5 auth-port 1812 acct-port 1813 key 7 XXXXX radius-server host 10.95.11.5 auth-port 1814 acct-port 1815 key 7 XXXXX radius-server host 10.95.11.5 auth-port 1816 acct-port 1817 key 7 XXXXX radius-server host 10.95.11.5 auth-port 1818 acct-port 1819 key 7 XXXXX radius-server key 7 XXXXX radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! privilege exec level 15 access-template privilege exec level 15 clear access-template privilege exec level 1 clear ! line con 0 logging synchronous login authentication console terminal-type mon history size 256 stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 timeout login response 10 privilege level 15 logging synchronous history size 256 transport input telnet ssh transport output telnet ssh line vty 5 15 exec-timeout 120 0 timeout login response 10 privilege level 15 logging synchronous history size 256 transport input telnet ssh transport output telnet ssh ! end
  10. Здравствуйте! Подскажите, что это за дебаг такой: 1w1d: SSS PM: SET-TIMER[1894]: Timed policy expiry Event for timer UNAUTH-TIMER posting complete bras# 1w1d: SSS PM: SET-TIMER[1894]: Timed policy expiry Event for timer UNAUTH-TIMER posting complete bras# 1w1d: SSS PM: SET-TIMER[1894]: Timed policy expiry Event for timer UNAUTH-TIMER posting complete bras#
  11. Если вы хотите пустить iptv и инет в один порт, то лучше пустить в одном влане. Не в транке и не с помощью MVR.
  12. Тут кажется так же, как и в онлайн играх: Никто не любит того, кто сильнее их. Сааб знаток своего дела. Харе уже сопли разводить.