Перейти к содержимому
Калькуляторы

sunsun

Новичок
  • Публикации

    5
  • Зарегистрирован

  • Посещение

О sunsun

  • Звание
    Абитуриент
  1. Настройка ISG

    Тему перенес в рекомендованный раздел. Удалить эту тему к сожалению не могу прав не хватает. Тема переехала сюда. http://forum.nag.ru/forum/index.php?showtopic=102683
  2. Добрый день. Прошу Вашей помощи в настройки ISG ASR 1002X. Необходимо настроить accounting subscribers session и отослать их на RADIUS server с идентификатором пользователя. Может был у кого опыт в настройке подобной конфигурации... Заранее Благодарю за помощь. version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no platform punt-keepalive disable-kernel-core ! hostname WAG_ASR1002X ! boot-start-marker boot-end-marker ! aqm-register-fnf ! ! aaa new-model ! ! aaa group server radius SERVER_GROUP1 server name RAD1 ! aaa authentication login IP_AUTHEN_LIST group SERVER_GROUP1 aaa authorization network default group SERVER_GROUP1 local aaa authorization network AUTHOR_LIST group SERVER_GROUP1 local aaa authorization subscriber-service default local group SERVER_GROUP1 aaa accounting include auth-profile framed-ip-address aaa accounting network IP_SESSION start-stop group SERVER_GROUP1 aaa accounting system default start-stop group radius ! aaa nas port extended aaa server radius sesm client 10.245.1.6 key message-authenticator ignore ! ! ! ! aaa session-id common clock calendar-valid ! ! no ip dhcp use vrf connected ip dhcp excluded-address 172.28.0.254 ! ip dhcp pool WIFI_users network 172.28.0.0 255.255.255.0 default-router 172.28.0.254 dns-server 8.8.8.8 ! ! ! subscriber feature prepaid IP_SESSION threshold time 0 seconds threshold volume 0 bytes method-list author default method-list accounting IP_SESSION ! subscriber service session-accounting subscriber templating subscriber authorization enable subscriber accounting ssg ! multilink bundle-name authenticated ! ! ! ! ! redundancy mode none redirect server-group ISG_GROUP server ip 10.245.1.6 port 80 ! ! ! ! ip tftp source-interface GigabitEthernet0 class-map type traffic match-any ISG_OPENGARDEN match access-group output name ACL_OUT_OPENGARDEN match access-group input name ACL_IN_OPENGARDEN ! class-map type traffic match-any L4REDIRECT match access-group input name ACL_IN_L4REDIRECT ! class-map type control match-all IP_UNAUTH_COND match timer IP_UNAUTH_TIMER match authen-status unauthenticated ! policy-map type service L4REDIRECT_SERVICE 10 class type traffic L4REDIRECT redirect to group ISG_GROUP ! class type traffic default input drop ! ! policy-map type service OPENGARDEN_SERVICE 20 class type traffic ISG_OPENGARDEN ! ! policy-map type service PBHK_SERVICE ip portbundle ! policy-map type control TAL class type control IP_UNAUTH_COND event timed-policy-expiry 10 service disconnect ! class type control always event session-start 20 service-policy type service name L4REDIRECT_SERVICE 25 service-policy type service name OPENGARDEN_SERVICE 30 set-timer IP_UNAUTH_TIMER 10 ! class type control always event account-logon 10 authenticate aaa list IP_AUTHEN_LIST 20 service-policy type service unapply name L4REDIRECT_SERVICE 30 service-policy type service unapply name L4REDIRECT_SERVICE ! ! ! ! ! ! interface GigabitEthernet0/0/1.3901 encapsulation dot1Q 3901 ip address 172.28.0.254 255.255.255.0 service-policy type control TAL ip subscriber routed initiator unclassified ip-address ! ! ip access-list extended ACL_1_ACCESS_TO_WIX_IN permit ip any host 10.245.4.6 permit ip any host 8.8.8.8 permit ip any host 10.245.1.6 deny icmp any any echo permit icmp any any deny ip any any ip access-list extended ACL_1_ACCESS_TO_WIX_OUT permit ip any any ip access-list extended ACL_1_REDIRECT_PORTAL_IN permit tcp any any eq www permit tcp any any eq 3128 permit tcp any any eq 443 deny icmp any any echo permit icmp any any ip access-list extended ACL_1_REDIRECT_PORTAL_OUT permit ip any any ip access-list extended ACL_IN_L4REDIRECT permit tcp any any eq www permit tcp any any eq 443 ip access-list extended ACL_IN_OPENGARDEN permit ip any host 8.8.8.8 permit ip host 8.8.8.8 any ip access-list extended ACL_IN_SERVICE_INTERNET permit ip any any ip access-list extended ACL_OUT_OPENGARDEN permit ip host 8.8.8.8 any permit ip any host 8.8.8.8 ip access-list extended ACL_OUT_SERVICE_INTERNET permit ip any any ip access-list extended test permit ip any any log-input ! ip radius source-interface GigabitEthernet0/0/1.3721 ! ! ! radius-server attribute 44 include-in-access-req all radius-server attribute 188 format non-standard radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server attribute 25 access-request include radius-server attribute nas-port format d radius-server attribute 61 extended radius-server attribute 31 mac format ietf radius-server attribute 31 send nas-port-detail mac-only radius-server dead-criteria tries 3 radius-server host 10.245.1.6 auth-port 1812 acct-port 1813 key radius-server retransmit 5 radius-server timeout 10 radius-server deadtime 15 radius-server directed-request radius-server domain-stripping radius-server key ! radius server RAD1 address ipv4 10.245.0.10 auth-port 1822 acct-port 1823
  3. Настройка ISG

    Если речь идет об этом разделе ( Технические вопросы кабельных сетей (Ethernet, IP, MPLS, SDH/PDH)) То я считаю что теме более уместно быть сдесь так как к сетям как таковым данный вопрос отношения не имеет. а касается RADIUS протокола. Если есть еще какой то раздел дайте сылку пожалуйста, я не нашел... Я тут новичек.... :)
  4. Добрый день. Прошу Вашей помощи в настройки ISG ASR 1002X. Необходимо настроить accounting subscribers session и отослать их на RADIUS server с идентификатором пользователя. Может был у кого опыт в настройке подобной конфигурации... Заранее Благодарю за помощь. version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no platform punt-keepalive disable-kernel-core ! hostname WAG_ASR1002X ! boot-start-marker boot-end-marker ! aqm-register-fnf ! ! aaa new-model ! ! aaa group server radius SERVER_GROUP1 server name RAD1 ! aaa authentication login IP_AUTHEN_LIST group SERVER_GROUP1 aaa authorization network default group SERVER_GROUP1 local aaa authorization network AUTHOR_LIST group SERVER_GROUP1 local aaa authorization subscriber-service default local group SERVER_GROUP1 aaa accounting include auth-profile framed-ip-address aaa accounting network IP_SESSION start-stop group SERVER_GROUP1 aaa accounting system default start-stop group radius ! aaa nas port extended aaa server radius sesm client 10.245.1.6 key message-authenticator ignore ! ! ! ! aaa session-id common clock calendar-valid ! ! no ip dhcp use vrf connected ip dhcp excluded-address 172.28.0.254 ! ip dhcp pool WIFI_users network 172.28.0.0 255.255.255.0 default-router 172.28.0.254 dns-server 8.8.8.8 ! ! ! subscriber feature prepaid IP_SESSION threshold time 0 seconds threshold volume 0 bytes method-list author default method-list accounting IP_SESSION ! subscriber service session-accounting subscriber templating subscriber authorization enable subscriber accounting ssg ! multilink bundle-name authenticated ! ! ! ! ! redundancy mode none redirect server-group ISG_GROUP server ip 10.245.1.6 port 80 ! ! ! ! ip tftp source-interface GigabitEthernet0 class-map type traffic match-any ISG_OPENGARDEN match access-group output name ACL_OUT_OPENGARDEN match access-group input name ACL_IN_OPENGARDEN ! class-map type traffic match-any L4REDIRECT match access-group input name ACL_IN_L4REDIRECT ! class-map type control match-all IP_UNAUTH_COND match timer IP_UNAUTH_TIMER match authen-status unauthenticated ! policy-map type service L4REDIRECT_SERVICE 10 class type traffic L4REDIRECT redirect to group ISG_GROUP ! class type traffic default input drop ! ! policy-map type service OPENGARDEN_SERVICE 20 class type traffic ISG_OPENGARDEN ! ! policy-map type service PBHK_SERVICE ip portbundle ! policy-map type control TAL class type control IP_UNAUTH_COND event timed-policy-expiry 10 service disconnect ! class type control always event session-start 20 service-policy type service name L4REDIRECT_SERVICE 25 service-policy type service name OPENGARDEN_SERVICE 30 set-timer IP_UNAUTH_TIMER 10 ! class type control always event account-logon 10 authenticate aaa list IP_AUTHEN_LIST 20 service-policy type service unapply name L4REDIRECT_SERVICE 30 service-policy type service unapply name L4REDIRECT_SERVICE ! ! ! ! ! ! interface GigabitEthernet0/0/1.3901 encapsulation dot1Q 3901 ip address 172.28.0.254 255.255.255.0 service-policy type control TAL ip subscriber routed initiator unclassified ip-address ! ! ip access-list extended ACL_1_ACCESS_TO_WIX_IN permit ip any host 10.245.4.6 permit ip any host 8.8.8.8 permit ip any host 10.245.1.6 deny icmp any any echo permit icmp any any deny ip any any ip access-list extended ACL_1_ACCESS_TO_WIX_OUT permit ip any any ip access-list extended ACL_1_REDIRECT_PORTAL_IN permit tcp any any eq www permit tcp any any eq 3128 permit tcp any any eq 443 deny icmp any any echo permit icmp any any ip access-list extended ACL_1_REDIRECT_PORTAL_OUT permit ip any any ip access-list extended ACL_IN_L4REDIRECT permit tcp any any eq www permit tcp any any eq 443 ip access-list extended ACL_IN_OPENGARDEN permit ip any host 8.8.8.8 permit ip host 8.8.8.8 any ip access-list extended ACL_IN_SERVICE_INTERNET permit ip any any ip access-list extended ACL_OUT_OPENGARDEN permit ip host 8.8.8.8 any permit ip any host 8.8.8.8 ip access-list extended ACL_OUT_SERVICE_INTERNET permit ip any any ip access-list extended test permit ip any any log-input ! ip radius source-interface GigabitEthernet0/0/1.3721 ! ! ! radius-server attribute 44 include-in-access-req all radius-server attribute 188 format non-standard radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server attribute 25 access-request include radius-server attribute nas-port format d radius-server attribute 61 extended radius-server attribute 31 mac format ietf radius-server attribute 31 send nas-port-detail mac-only radius-server dead-criteria tries 3 radius-server host 10.245.1.6 auth-port 1812 acct-port 1813 key radius-server retransmit 5 radius-server timeout 10 radius-server deadtime 15 radius-server directed-request radius-server domain-stripping radius-server key ! radius server RAD1 address ipv4 10.245.0.10 auth-port 1822 acct-port 1823