amorting

Спасибо! Выставил приоритеты классам и всё заработало, клиссификаторы имеют теперь такой вид: Classifiers: Class-id Dir Packets Bytes Pri. Definition 0 In 20843 1955239 0 Match Any 1 Out 54020 71227045 0 Match Any 22 In 8 440 100 Match ACL ACL_BLOCKED_TRUSTED 23 Out 13 3797 100 Match ACL ACL_BLOCKED_TRUSTED 24 In 13 4143 500 Match ACL ACL_BLOCKED_REDIRECT 4294967294 In 59 3326 - Drop Большое спасибо всем !!!

Вот: l3.asr1001-x.1#show subscriber session uid 582 Type: IPv4, UID: 582, State: authen, Identity: 10.27.1.27 IPv4 Address: 10.27.1.27 Session Up-time: 06:23:26, Last Changed: 06:23:25 Switch-ID: 6422 Policy information: Authentication status: authen Active services associated with session: name "FWPOL_BLOCKED_TRUSTED", applied before account logon name "FWPOL_BLOCKED_REDIRECT", applied before account logon Rules, actions and conditions executed: subscriber rule-map CTRL_IPOE condition always event session-start 10 set-timer TIMER_AUTH 10080 20 authorize aaa list AAA_LIST_IPOE identifier source-ip-address subscriber rule-map default-internal-rule condition always event service-start 1 service-policy type service identifier service-name subscriber rule-map default-internal-rule condition always event service-start 1 service-policy type service identifier service-name subscriber rule-map default-internal-rule condition always event service-start 1 service-policy type service identifier service-name subscriber rule-map default-internal-rule condition always event service-start 1 service-policy type service identifier service-name subscriber rule-map default-internal-rule condition always event service-stop 1 service-policy type service unapply identifier service-name subscriber rule-map default-internal-rule condition always event service-stop 1 service-policy type service unapply identifier service-name Classifiers: Class-id Dir Packets Bytes Pri. Definition 0 In 1437 365508 0 Match Any 1 Out 691 591049 0 Match Any 402 In 64 8052 0 Match ACL ACL_BLOCKED_REDIRECT 404 In 274 23400 0 Match ACL ACL_BLOCKED_TRUSTED 405 Out 595 579029 0 Match ACL ACL_BLOCKED_TRUSTED 4294967294 In 1099 334056 - Drop Template Id : 210 Features: Accounting: Class-id Dir Packets Bytes Source 0 In 338 31452 Peruser 1 Out 691 591049 Peruser L4 Redirect: Class-id Rule cfg Definition Source 402 #1 SVC to group RSG_BLOCKED_REDIRECT FWPOL_BLOCKED_REDIRECT Policing: Class-id Dir Avg. Rate Normal Burst Excess Burst Source 0 In 5120000 960000 1920000 Peruser 1 Out 5120000 960000 1920000 Peruser Configuration Sources: Type Active Time AAA Service ID Name SVC 06:23:26 - FWPOL_BLOCKED_REDIRECT SVC 06:23:26 - FWPOL_BLOCKED_TRUSTED USR 06:23:26 - Peruser INT 06:23:26 - TenGigabitEthernet0/0/0.6

Без изменений. И сдаётся мне, что это приоритеты классов внутри сервисного полисера. А вот приоритет самих сервисных полисеров указан в control полисере и там белый список четко перед редиректом. policy-map type control CTRL_IPOE class type control always event timed-policy-expiry 1 service disconnect ! class type control always event account-logoff 1 service disconnect ! class type control always event radius-timeout 10 set-timer TIMER_UNAUTH 10 20 service-policy type service name FWPOL_DEFAULT ! class type control always event session-start 10 set-timer TIMER_AUTH 10080 20 authorize aaa list AAA_LIST_IPOE password servicemode identifier source-ip-address 30 set-timer TIMER_UNAUTH 5 40 service-policy type service name FWPOL_BLOCKED_TRUSTED 50 service-policy type service name FWPOL_BLOCKED_REDIRECT !

Добрый день! Помогите найти причину проблемы. Используем ASR1001X как BRAS/IPoE. Soft: asr1001x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin License Level: adventerprise Для переадресации абонентов на страницу блокировки с открытым доступом в "Личный кабинет" используется следующая конструкция: ! redirect server-group RSG_BLOCKED_REDIRECT server ip 10.10.10.10 port 444 ! class-map type traffic match-any CLS_BLOCKED_REDIRECT match access-group input name ACL_BLOCKED_REDIRECT ! class-map type traffic match-any CLS_BLOCKED_TRUSTED match access-group input name ACL_BLOCKED_TRUSTED match access-group output name ACL_BLOCKED_TRUSTED ! policy-map type service FWPOL_BLOCKED_TRUSTED service local class type traffic CLS_BLOCKED_TRUSTED ! ! policy-map type service FWPOL_BLOCKED_REDIRECT service local class type traffic CLS_BLOCKED_REDIRECT redirect to group RSG_BLOCKED_REDIRECT ! class type traffic default in-out drop ! ! policy-map type control CTRL_IPOE class type control always event timed-policy-expiry 1 service disconnect ! class type control always event account-logoff 1 service disconnect ! class type control always event radius-timeout 10 set-timer TIMER_UNAUTH 10 20 service-policy type service name FWPOL_DEFAULT ! class type control always event session-start 10 set-timer TIMER_AUTH 10080 20 authorize aaa list AAA_LIST_IPOE password servicemode identifier source-ip-address 30 set-timer TIMER_UNAUTH 5 40 service-policy type service name FWPOL_BLOCKED_TRUSTED 50 service-policy type service name FWPOL_BLOCKED_REDIRECT ! ip access-list extended ACL_BLOCKED_REDIRECT permit tcp any any eq www deny ip any any ! ip access-list extended ACL_BLOCKED_TRUSTED permit udp any any eq domain permit ip any host 10.10.10.10 permit ip host 10.10.10.10 any ! 10.10.10.10:80 - личный кабинет 10.10.10.10:444 - страница блокировки Переадресация при этом происходит, но она так же происходит при переходе на адрес личного кабинета, при том что доступ на DNS открыт по белому списку и работает. Т.е. белые списки не работают. Кто сталкивался с подобной проблемой можете поделиться решением ?