skew_death

Лог только по pppoe/aaa Log Buffer (4096 bytes): 3: ppp98 PPP LCP: neg is authorized, processing incoming CONFREQ Nov 3 09:38:58.665: ppp98 PPP LCP: neg is authorized, processing incoming CONFREQ Nov 3 09:38:58.681: ppp98 MS-CHAP-V2: O CHALLENGE id 1 len 30 from "New_cisco" Nov 3 09:38:58.684: ppp98 MS-CHAP-V2: I RESPONSE id 1 len 61 from "test123" Nov 3 09:38:58.685: AAA/AUTHEN/PPP (000000AE): Pick method list 'pppoe' Nov 3 09:38:58.685: ppp98 PPP: Sent MSCHAP_V2 LOGIN Request Nov 3 09:38:58.686: Getting session id for NET(000000AE) : db=3F247548 Nov 3 09:38:58.688: ppp98 PPP: Received LOGIN Response PASS Nov 3 09:38:58.688: ppp98 PPP AUTHOR: Author Data Available Nov 3 09:38:58.688: ppp98 PPP: Receive Attrs from[authen] Keep[LCP] MERGE Nov 3 09:38:58.688: ppp98 PPP: Keep Attr: Framed-Protocol 0 1 [PPP] Nov 3 09:38:58.688: ppp98 PPP: Updated the attr Framed-Protocol in datalist Nov 3 09:38:58.688: ppp98 PPP: Skip Attr: link-compression 0 4 [vj] Nov 3 09:38:58.689: ppp98 PPP: Keep Attr: service-type 0 2 [Framed] Nov 3 09:38:58.689: ppp98 PPP: Updated the attr service-type in datalist Nov 3 09:38:58.689: ppp98 PPP: Keep Attr: acct-interval 0 60 (0x3C) Nov 3 09:38:58.689: ppp98 PPP: Updated the attr acct-interval in datalist Nov 3 09:38:58.689: ppp98 PPP: Skip Attr: interface-config 0 "service-policy output bezlim_e" Nov 3 09:38:58.689: ppp98 PPP: Skip Attr: interface-config 0 "service-policy input bezlim_e" Nov 3 09:38:58.689: ppp98 PPP: Skip Attr: addr 0 10.1.19.27 Nov 3 09:38:58.689: ppp98 PPP: Keep Attr: MS-CHAP-V2-Success 0 <hidden> Nov 3 09:38:58.689: ppp98 PPP: Updated the attr MS-CHAP-V2-Success in datalist Nov 3 09:38:58.689: ppp98 PPP: Skip Attr: MS-MPPE-Recv-Key 0 26 51 C9 92 50 36 EC 1F B4 3F 94 6D 82 E2 F3 F2 Nov 3 09:38:58.689: ppp98 PPP: Skip Attr: MS-MPPE-Send-Key 0 AF 22 09 64 8D 03 AD 3A 9D 2E 3D DD 0B 90 C7 CE Nov 3 09:38:58.690: ppp98 PPP: Receive Attrs from[SSS] Keep[NCPs] MERGE Nov 3 09:38:58.690: ppp98 PPP: Skip Attr: Framed-Protocol 0 1 [PPP] Nov 3 09:38:58.690: ppp98 PPP: Skip Attr: link-compression 0 4 [vj] Nov 3 09:38:58.690: ppp98 PPP: Skip Attr: service-type 0 2 [Framed] Nov 3 09:38:58.690: ppp98 PPP: Skip Attr: interface-config 0 "service-policy output bezlim_e" Nov 3 09:38:58.690: ppp98 PPP: Skip Attr: interface-config 0 "service-policy input bezlim_e" Nov 3 09:38:58.690: ppp98 PPP: Keep Attr: addr 0 10.1.19.27 Nov 3 09:38:58.690: ppp98 PPP: Updated the attr addr in datalist Nov 3 09:38:58.690: ppp98 PPP: Skip Attr: MS-CHAP-V2-Success 0 <hidden> Nov 3 09:38:58.690: ppp98 PPP: Keep Attr: MS-MPPE-Recv-Key 0 26 51 C9 92 50 36 EC 1F B4 3F 94 6D 82 E2 F3 F2 Nov 3 09:38:58.691: ppp98 PPP: Updated the attr MS-MPPE-Recv-Key in datalist Nov 3 09:38:58.691: ppp98 PPP: Keep Attr: MS-MPPE-Send-Key 0 AF 22 09 64 8D 03 AD 3A 9D 2E 3D DD 0B 90 C7 CE Nov 3 09:38:58.691: ppp98 PPP: Updated the attr MS-MPPE-Send-Key in datalist Nov 3 09:38:58.707: INFO: AAA/AUTHOR: Processing PerUser AV link-compression Nov 3 09:38:58.742: AAA/ACCT/CLIENT(000000AE): recv 1000000000bps xmit 1000000000bps Nov 3 09:38:58.743: AAA/ACCT/HC(000000AE): Update PPPoE/A4000114 Nov 3 09:38:58.743: AAA/ACCT/HC(000000AE): no HC PPPoE/A4000114 Nov 3 09:38:58.743: ppp98 PPP: Sending Acct Event[Down] id[AE] Nov 3 09:38:58.743: AAA/ACCT/EVENT/(000000AE): NET DOWN Nov 3 09:38:58.743: AAA/ACCT/NET(000000AE): Method list not found Nov 3 09:38:58.743: AAA/ACCT(000000AE): del node, session 164 Nov 3 09:38:58.743: AAA/ACCT/NET(000000AE): free_rec, count 0 Nov 3 09:38:58.743: /AAA/ACCTNET(000000AE) reccnt 0, csr TRUE, osr 0 Nov 3 09:38:58.743: AAA/ACCT/NET(000000AE): Last rec in db, intf enqueued Nov 3 09:38:58.743: ppp98 MS-CHAP-V2: O FAILURE id 1 len 13 msg is "E=691 R=0" Nov 3 09:38:58.743: AAA/ACCT/EVENT/(000000AE): NET DOWN Nov 3 09:38:58.744: AAA/ACCT/EVENT/(000000AE): CALL STOP Nov 3 09:38:58.744: AAA/ACCT(000000AE) reccnt 0, osr 0 Nov 3 09:38:58.763: ppp98 PPP: Clearing AAA Unique Id = AE

Tue Nov 3 13:12:49 2020 Packet-Type = Access-Request Framed-Protocol = PPP User-Name = "test123" MS-CHAP-Challenge = 0x9985080ce2009168f83a6e602dc5faf5 MS-CHAP2-Response = 0x0100bcf73c3e643c1e10dc4cb717def5b25500000000000000009b975fa0d96e7726b$ NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = "0/0/2/745" Cisco-AVPair = "client-mac-address=00e0.4a39.2c5b" Service-Type = Framed-User NAS-IP-Address = 172.16.15.251 Acct-Session-Id = "00000085" NAS-Identifier = "New_cisco" @zhenya` Забыл добавить, да это уже поправил что вы написали, перед тем как лог выкладывать. Log Buffer (4096 bytes): rt [5] 6 0 Nov 3 08:00:25.694: RADIUS: NAS-Port-Id [87] 11 "0/0/2/745" Nov 3 08:00:25.694: RADIUS: Vendor, Cisco [26] 41 Nov 3 08:00:25.694: RADIUS: Cisco AVpair [1] 35 "client-mac-address=00e0.4a39.2c5b" Nov 3 08:00:25.694: RADIUS: Service-Type [6] 6 Framed [2] Nov 3 08:00:25.694: RADIUS: NAS-IP-Address [4] 6 172.16.15.251 Nov 3 08:00:25.694: RADIUS: Acct-Session-Id [44] 10 "00000085" Nov 3 08:00:25.694: RADIUS: Nas-Identifier [32] 11 "New_cisco" Nov 3 08:00:25.694: RADIUS(0000008F): Sending a IPv4 Radius Packet Nov 3 08:00:25.695: RADIUS(0000008F): Started 15 sec timeout Nov 3 08:00:25.697: RADIUS: Received from id 1645/85 172.16.4.3:1812, Access-Accept, len 326 Nov 3 08:00:25.697: RADIUS: authenticator AA 9E 44 7F 92 DF AE 8A - 7B BA 9B 08 21 05 7F 89 Nov 3 08:00:25.697: RADIUS: Framed-Protocol [7] 6 PPP [1] Nov 3 08:00:25.697: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1] Nov 3 08:00:25.697: RADIUS: Service-Type [6] 6 Framed [2] Nov 3 08:00:25.697: RADIUS: Acct-Interim-Interva[85] 6 60 Nov 3 08:00:25.697: RADIUS: Vendor, Cisco [26] 59 Nov 3 08:00:25.697: RADIUS: Cisco AVpair [1] 53 "lcp:interface-config=service-policy output bezlim_e" Nov 3 08:00:25.697: RADIUS: Vendor, Cisco [26] 58 Nov 3 08:00:25.697: RADIUS: Cisco AVpair [1] 52 "lcp:interface-config=service-policy input bezlim_e" Nov 3 08:00:25.697: RADIUS: Framed-IP-Address [8] 6 10.1.19.27 Nov 3 08:00:25.697: RADIUS: Vendor, Microsoft [26] 51 Nov 3 08:00:25.697: RADIUS: MS-CHAP-V2-Success [26] 45 "^AS=9D47C4F6C55CE4A25A08881288C00D14DFC6C51F" Nov 3 08:00:25.697: RADIUS: Vendor, Microsoft [26] 42 Nov 3 08:00:25.697: RADIUS: MS-MPPE-Recv-Key [17] 36 * Nov 3 08:00:25.697: RADIUS: Vendor, Microsoft [26] 42 Nov 3 08:00:25.697: RADIUS: MS-MPPE-Send-Key [16] 36 * Nov 3 08:00:25.697: RADIUS: Vendor, Microsoft [26] 12 Nov 3 08:00:25.697: RADIUS: MS-MPPE-Enc-Policy [7] 6 Nov 3 08:00:25.697: RADIUS: 00 00 00 01 Nov 3 08:00:25.697: RADIUS: Vendor, Microsoft [26] 12 Nov 3 08:00:25.697: RADIUS: MS-MPPE-Enc-Type [8] 6 Nov 3 08:00:25.697: RADIUS: 00 00 00 06 Nov 3 08:00:25.698: RADIUS(0000008F): Received from id 1645/85 Nov 3 08:00:25.698: ppp86 PPP: Received LOGIN Response PASS Nov 3 08:00:25.716: PPPoE: Can't retrieve sub-block for VAI Nov 3 08:00:25.716: PPPoE: Can't retrieve sub-block for VAI Nov 3 08:00:25.718: PPPoE: Can't retrieve sub-block for VAI Nov 3 08:00:25.718: PPPoE: Can't retrieve sub-block for VAI Nov 3 08:00:25.727: PPPoE: Can't retrieve sub-block for VAI Nov 3 08:00:25.727: PPPoE: Can't retrieve sub-block for VAI Nov 3 08:00:25.740: dyn_attrs->xmit_rate: 1000000000 dyn_attrs->rcv_rate: 1000000000 Nov 3 08:00:25.740: [86]PPPoE 86: AAA get dynamic attrs Nov 3 08:00:25.740: [86]PPPoE 86: State LCP_NEGOTIATION Event SSS DISCONNECT Nov 3 08:00:25.740: ppp86 MS-CHAP-V2: O FAILURE id 1 len 13 msg is "E=691 R=0" Nov 3 08:00:25.740: [86]PPPoE 86: O PADT R:00e0.4a39.2c5b L:0022.5563.ad02 Gi0/0/2.745 contiguous pak, size 64 00 E0 4A 39 2C 5B 00 22 55 63 AD 02 81 00 02 E9 88 63 11 A7 00 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 3 08:00:25.741: [86]PPPoE 86: Destroying R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745 Nov 3 08:00:25.741: [86]PPPoE 86: AAA account stopped Nov 3 08:00:25.762: PPPoE 86: I PADT R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745 contiguous pak, size 64 00 22 55 63 AD 02 00 E0 4A 39 2C 5B 81 00 02 E9 88 63 11 A7 00 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 3 08:00:25.764: [86]PPPoE 86: Segment (SSS class): UNPROVISION аналогично. aaa authentication login default line aaa authentication login auth_none none aaa authentication ppp pppoe group radius aaa authorization network pppoe group radius aaa accounting delay-start all aaa accounting update periodic 10 interface Virtual-Template1 description ---- PPPoE Dial-Up ---- mtu 1492 ip unnumbered Port-channel1 ip access-group 101 in peer default ip address pool pppoe-pool ppp mtu adaptive ppp authentication ms-chap-v2 ms-chap chap pppoe ppp authorization pppoe ppp accounting pppoe ppp ipcp dns 10.5.0.2 8.8.8.8 ppp ipcp mask 255.255.255.255 ppp ipcp address unique !

Log Buffer (4096 bytes): rt [5] 6 0 Nov 3 05:24:37.854: RADIUS: NAS-Port-Id [87] 11 "0/0/2/745" Nov 3 05:24:37.854: RADIUS: Vendor, Cisco [26] 41 Nov 3 05:24:37.854: RADIUS: Cisco AVpair [1] 35 "client-mac-address=00e0.4a39.2c5b" Nov 3 05:24:37.854: RADIUS: Service-Type [6] 6 Framed [2] Nov 3 05:24:37.854: RADIUS: NAS-IP-Address [4] 6 172.16.x.x Nov 3 05:24:37.854: RADIUS: Acct-Session-Id [44] 10 "00000075" Nov 3 05:24:37.854: RADIUS: Nas-Identifier [32] 11 "New_cisco" Nov 3 05:24:37.855: RADIUS(0000007F): Sending a IPv4 Radius Packet Nov 3 05:24:37.855: RADIUS(0000007F): Started 15 sec timeout Nov 3 05:24:37.856: RADIUS: Received from id 1645/83 172.16.x.x:1812, Access-Accept, len 326 Nov 3 05:24:37.856: RADIUS: authenticator 6E FC 32 27 17 90 76 39 - C6 73 61 84 CA 2B 7B 55 Nov 3 05:24:37.856: RADIUS: Framed-Protocol [7] 6 PPP [1] Nov 3 05:24:37.856: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1] Nov 3 05:24:37.856: RADIUS: Service-Type [6] 6 Framed [2] Nov 3 05:24:37.856: RADIUS: Acct-Interim-Interva[85] 6 60 Nov 3 05:24:37.856: RADIUS: Vendor, Cisco [26] 59 Nov 3 05:24:37.856: RADIUS: Cisco AVpair [1] 53 "lcp:interface-config=service-policy output bezlim_e" Nov 3 05:24:37.856: RADIUS: Vendor, Cisco [26] 58 Nov 3 05:24:37.856: RADIUS: Cisco AVpair [1] 52 "lcp:interface-config=service-policy input bezlim_e" Nov 3 05:24:37.856: RADIUS: Framed-IP-Address [8] 6 10.1.19.27 Nov 3 05:24:37.856: RADIUS: Vendor, Microsoft [26] 51 Nov 3 05:24:37.856: RADIUS: MS-CHAP-V2-Success [26] 45 "^AS=0DE40988923211C4D7235FD8067E8AC608DAF10D" Nov 3 05:24:37.857: RADIUS: Vendor, Microsoft [26] 42 Nov 3 05:24:37.857: RADIUS: MS-MPPE-Recv-Key [17] 36 * Nov 3 05:24:37.857: RADIUS: Vendor, Microsoft [26] 42 Nov 3 05:24:37.857: RADIUS: MS-MPPE-Send-Key [16] 36 * Nov 3 05:24:37.857: RADIUS: Vendor, Microsoft [26] 12 Nov 3 05:24:37.857: RADIUS: MS-MPPE-Enc-Policy [7] 6 Nov 3 05:24:37.857: RADIUS: 00 00 00 01 Nov 3 05:24:37.857: RADIUS: Vendor, Microsoft [26] 12 Nov 3 05:24:37.857: RADIUS: MS-MPPE-Enc-Type [8] 6 Nov 3 05:24:37.857: RADIUS: 00 00 00 06 Nov 3 05:24:37.857: RADIUS(0000007F): Received from id 1645/83 Nov 3 05:24:37.857: ppp84 PPP: Received LOGIN Response PASS Nov 3 05:24:37.876: PPPoE: Can't retrieve sub-block for VAI Nov 3 05:24:37.877: PPPoE: Can't retrieve sub-block for VAI Nov 3 05:24:37.878: PPPoE: Can't retrieve sub-block for VAI Nov 3 05:24:37.878: PPPoE: Can't retrieve sub-block for VAI Nov 3 05:24:37.887: PPPoE: Can't retrieve sub-block for VAI Nov 3 05:24:37.887: PPPoE: Can't retrieve sub-block for VAI Nov 3 05:24:37.900: dyn_attrs->xmit_rate: 1000000000 dyn_attrs->rcv_rate: 1000000000 Nov 3 05:24:37.900: [84]PPPoE 84: AAA get dynamic attrs Nov 3 05:24:37.900: [84]PPPoE 84: State LCP_NEGOTIATION Event SSS DISCONNECT Nov 3 05:24:37.900: ppp84 MS-CHAP-V2: O FAILURE id 1 len 13 msg is "E=691 R=0" Nov 3 05:24:37.901: [84]PPPoE 84: O PADT R:00e0.4a39.2c5b L:0022.5563.ad02 Gi0/0/2.745 contiguous pak, size 64 00 E0 4A 39 2C 5B 00 22 55 63 AD 02 81 00 02 E9 88 63 11 A7 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 3 05:24:37.901: [84]PPPoE 84: Destroying R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745 Nov 3 05:24:37.901: [84]PPPoE 84: AAA account stopped Nov 3 05:24:37.924: PPPoE 84: I PADT R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745 contiguous pak, size 64 00 22 55 63 AD 02 00 E0 4A 39 2C 5B 81 00 02 E9 88 63 11 A7 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 3 05:24:37.927: [84]PPPoE 84: Segment (SSS class): UNPROVISION В любом случае возвращается 691. В логах freeradius'а все правильно. Tue Nov 3 09:54:23 2020 Packet-Type = Access-Request Framed-Protocol = PPP User-Name = "test123" MS-CHAP-Challenge = 0xd6faf85873f009c99d71d0005a44cc67 MS-CHAP2-Response = 0x0100934d2ba3d0701377b61369345054e86000000000000000000547c3a88d53d6e20$ NAS-Port-Type = Virtual Cisco-NAS-Port = "0/0/2/745" NAS-Port = 0 NAS-Port-Id = "0/0/2/745" Cisco-AVPair = "client-mac-address=00e0.4a39.2c5b" Service-Type = Framed-User NAS-IP-Address = 172.16.x.x Acct-Session-Id = "0000005A" NAS-Identifier = "New_cisco"

Собственно не подключается, выдает или 691 или 734, смотря что писать в aaa authorization. В данный момент есть 7002g2, конфиг практически тот же, за исключением radius server в новой циске. Конфиг циски: hostname New_cisco ! boot-start-marker boot system bootflash:/asr1000rp1-adventerprisek9.03.16.09.S.155-3.S9-ext.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 xxxxxxxx. ! aaa new-model aaa session-mib disconnect ! ! aaa authentication login default line aaa authentication login auth_none none aaa authentication ppp pppoe none aaa accounting delay-start all aaa accounting update periodic 10 aaa accounting network pppoe action-type start-stop group radius ! ! ! ! ! ! aaa server radius dynamic-author client 172.16.x.x server-key 7 xxxxxx auth-type any ! aaa session-id common aaa policy interface-config allow-subinterface clock timezone EKT 5 0 clock calendar-valid ! ! ! ! ! ! ! ! ! ! ! no ip bootp server no ip domain lookup ! ! ! ! ! ! ! ! ! ! no subscriber templating ! multilink bundle-name authenticated vpdn enable ! ! ! ! ! ! ! ! ! ! ! spanning-tree extend system-id ! ! redundancy mode none ! ! ! ! ! ! ! policy-map blocked class class-default police cir 8000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_7 class class-default police cir 7168000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_5 class class-default police cir 5242500 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_4 class class-default police cir 4096000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_2 class class-default police cir 2048000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_1 class class-default police cir 1024000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_0 class class-default police cir 256000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_z class class-default police cir 524288000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_q class class-default police cir 52428500 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_e class class-default police cir 104857500 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_d class class-default police cir 31457000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_c class class-default police cir 20971500 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_b class class-default police cir 15360000 conform-action transmit exceed-action drop violate-action drop policy-map bezlim_a class class-default police cir 10240000 conform-action transmit exceed-action drop violate-action drop ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! bba-group pppoe global virtual-template 1 sessions max limit 500 ac name GARANT sessions per-mac limit 1 sessions per-vlan limit 1000 sessions per-mac throttle 30 1 30 sessions auto cleanup ! ! ! interface Port-channel1 ip address 10.5.0.4 255.255.255.248 no negotiation auto ! interface GigabitEthernet0/0/0 no ip address negotiation auto channel-group 1 mode active ! interface GigabitEthernet0/0/1 no ip address negotiation auto channel-group 1 mode active ! interface GigabitEthernet0/0/2 no ip address no negotiation auto ! interface GigabitEthernet0/0/2.99 encapsulation dot1Q 99 ip address 172.16.15.251 255.255.240.0 ! interface GigabitEthernet0/0/2.745 encapsulation dot1Q 745 pppoe enable group global ! interface GigabitEthernet0/0/3 no ip address shutdown negotiation auto ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! interface Virtual-Template1 description ---- PPPoE Dial-Up ---- mtu 1492 ip unnumbered Port-channel1 ip access-group 101 in ip tcp header-compression peer default ip address pool pppoe-pool ppp mtu adaptive ppp authentication ms-chap-v2 ms-chap chap pppoe ppp authorization pppoe ppp accounting exit ppp ipcp dns 10.5.0.2 8.8.8.8 ! ip local pool pppoe-pool 10.1.0.1 10.1.3.254 ip forward-protocol nd ! ip http server no ip http secure-server ip tftp source-interface GigabitEthernet0 ip route 0.0.0.0 0.0.0.0 10.5.0.2 ip route 10.10.10.1 255.255.255.255 10.5.0.2 255 ! access-list 101 deny tcp any eq 445 any access-list 101 deny udp any host 255.255.255.255 access-list 101 deny udp any any range netbios-ns netbios-ss access-list 101 deny tcp any any range 137 139 access-list 101 permit ip any any ! snmp-server community garantsnmp RO ! ! radius-server attribute 44 include-in-access-req default-vrf radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 31 mac format unformatted radius-server retransmit 5 radius-server timeout 15 radius-server optional-passwords radius-server key 7 xxxxxxx radius-server vsa send cisco-nas-port radius-server vsa send accounting 3gpp2 radius-server vsa send authentication 3gpp2 ! radius server radius address ipv4 172.16.x.x auth-port 1812 acct-port 1813 key 7 xxxxxx ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 password 123 stopbits 1 line aux 0 stopbits 1 line vty 0 4 password 123 ! ! end Вывод: Log Buffer (4096 bytes): Port-Type [61] 6 Virtual [5] Nov 2 12:10:49.382: RADIUS: Vendor, Cisco [26] 17 Nov 2 12:10:49.382: RADIUS: cisco-nas-port [2] 11 "0/0/2/745" Nov 2 12:10:49.382: RADIUS: NAS-Port [5] 6 0 Nov 2 12:10:49.382: RADIUS: NAS-Port-Id [87] 11 "0/0/2/745" Nov 2 12:10:49.382: RADIUS: Vendor, Cisco [26] 41 Nov 2 12:10:49.382: RADIUS: Cisco AVpair [1] 35 "client-mac-address=00e0.4a39.2c5b" Nov 2 12:10:49.382: RADIUS: Service-Type [6] 6 Outbound [5] Nov 2 12:10:49.382: RADIUS: NAS-IP-Address [4] 6 172.16.x.x Nov 2 12:10:49.382: RADIUS: Acct-Session-Id [44] 10 "00000057" Nov 2 12:10:49.382: RADIUS: Nas-Identifier [32] 11 "New_cisco" Nov 2 12:10:49.382: RADIUS(00000061): Sending a IPv4 Radius Packet Nov 2 12:10:49.382: RADIUS(00000061): Started 15 sec timeout Nov 2 12:10:49.383: RADIUS/ENCODE: Best Local IP-Address 172.16.x.x for Radius-Server 172.16.x.x Nov 2 12:10:49.383: RADIUS(00000061): Send Access-Request to 172.16.x.x:1812 onvrf(0) id 1645/67, len 167 Nov 2 12:10:49.383: RADIUS: authenticator EB 68 89 26 71 77 DF 44 - 9E 10 84 9B 86 C3 84 43 Nov 2 12:10:49.383: RADIUS: Framed-Protocol [7] 6 PPP [1] Nov 2 12:10:49.383: RADIUS: User-Name [1] 9 "test123" Nov 2 12:10:49.383: RADIUS: User-Password [2] 18 * Nov 2 12:10:49.383: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Nov 2 12:10:49.383: RADIUS: Vendor, Cisco [26] 17 Nov 2 12:10:49.383: RADIUS: cisco-nas-port [2] 11 "0/0/2/745" Nov 2 12:10:49.383: RADIUS: NAS-Port [5] 6 0 Nov 2 12:10:49.383: RADIUS: NAS-Port-Id [87] 11 "0/0/2/745" Nov 2 12:10:49.383: RADIUS: Vendor, Cisco [26] 41 Nov 2 12:10:49.383: RADIUS: Cisco AVpair [1] 35 "client-mac-address=00e0.4a39.2c5b" Nov 2 12:10:49.383: RADIUS: Service-Type [6] 6 Outbound [5] Nov 2 12:10:49.383: RADIUS: NAS-IP-Address [4] 6 172.16.x.x Nov 2 12:10:49.383: RADIUS: Acct-Session-Id [44] 10 "00000057" Nov 2 12:10:49.383: RADIUS: Nas-Identifier [32] 11 "New_cisco" Nov 2 12:10:49.383: RADIUS(00000061): Sending a IPv4 Radius Packet Nov 2 12:10:49.383: RADIUS(00000061): Started 15 sec timeout Nov 2 12:10:50.384: RADIUS: Received from id 1645/66 172.16.x.x:1812, Access-Reject, len 20 Nov 2 12:10:50.384: RADIUS: authenticator C9 AE B7 55 A1 CF 5A 08 - 8D F1 36 87 65 E7 AE 1D Nov 2 12:10:50.384: RADIUS(00000061): Received from id 1645/66 Nov 2 12:10:50.385: ppp68 PPP: Sending AAA radius abort Nov 2 12:10:50.385: RADIUS: Received from id 1645/67 172.16.x.x:1812, Access-Reject, len 20 Nov 2 12:10:50.386: RADIUS: authenticator 4B 2D 0F 6E B4 30 12 89 - 1F 99 5D AA DD FB A9 9A Nov 2 12:10:50.386: RADIUS(00000061): Received from id 1645/67 Nov 2 12:10:50.390: [68]PPPoE 68: State LCP_NEGOTIATION Event PPP DISCONNECT Nov 2 12:10:50.390: [68]PPPoE 68: O PADT R:00e0.4a39.2c5b L:0022.5563.ad02 Gi0/0/2.745 contiguous pak, size 64 00 E0 4A 39 2C 5B 00 22 55 63 AD 02 81 00 02 E9 88 63 11 A7 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 2 12:10:50.390: [68]PPPoE 68: Destroying R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745 Nov 2 12:10:50.390: dyn_attrs->xmit_rate: 1000000000 dyn_attrs->rcv_rate: 1000000000 Nov 2 12:10:50.390: [68]PPPoE 68: AAA get dynamic attrs Nov 2 12:10:50.390: [68]PPPoE 68: AAA account stopped Nov 2 12:10:50.391: [68]PPPoE 68: Segment (SSS class): UNPROVISION Nov 2 12:10:50.399: PPPoE 68: I PADT R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745 contiguous pak, size 64 00 22 55 63 AD 02 00 E0 4A 39 2C 5B 81 00 02 E9 88 63 11 A7 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

@Кошачии ловец Спасибо, тоже попробую ваш вариант.

@alibek Спасибо.

Биллинг самописный. Принимаем в данным момент через бисис, надо сделать через сбер, в бисис формируется xml запрос, в сбере через GET(POST) и с этим небольшая проблема. <?php /* Скрипт для обработки запросов Протокола оператора Версии 3.5. Редакции 5. 19.01.2012 Версия скрипта 11 ООО "Биллинговые системы" http://bisys.ru/ */ $agent_id = 1; // Идентификатор агента в базе платежей $password = "test1234"; // Пароль для генерации подписи запросов $allowed_ips = "127.0.0.1"; // Список разрешенных адресов для запросов, перечисляются через запятую $check_sign = TRUE; // Проверять ли подпись // Параметры подключения к БД $db_host = "localhost"; $db_user = "test"; $db_password = "test"; $db_name = "bd"; $in_data = ""; // Входные данные запроса $out_data = ""; // Выходные данные запроса $err_code_g = ""; // Код ошибки $err_text_g = ""; // Текст ошибки $query_sign = ""; // Подпись запроса // Извлечение тега из строки function get_tag_content($string, $tagname) { $pattern = "|<".$tagname.">(.+)</".$tagname."|si"; preg_match($pattern, $string, $matches); return $matches[1]; } // Формирование тега вида <tagname>value</tagname> // Если $newline истинно, то в начало добавляется переход на новую строку function tag_format($tagname, $value, $newline = TRUE) { if ($newline) return "\n<".$tagname.">".$value."</".$tagname.">"; else return "<".$tagname.">".$value."</".$tagname.">"; } // Генерация ответа сервера на запрос function response( $err_code, // Код ошибки $err_text, // Текст ошибки $params = "", // Параметры $signed = TRUE // Подписывать ли ответ ) { // Записывам выходные данные в глобальные переменные, для дальнейшего сохранения их в логах global $out_data; global $err_code_g; global $err_text_g; global $password; $err_code_g = $err_code; $err_text_g = $err_text; global $query_sign; if ($params == "") $params = tag_format("err_code", $err_code, FALSE).tag_format("err_text", $err_text); else $params = tag_format("err_code", $err_code, FALSE).tag_format("err_text", $err_text).$params; if ($signed == TRUE) $sign = tag_format("sign", strtoupper(md5($params.$query_sign.$password))); else $sign = ""; $out_data = "<?xml version=\"1.0\" encoding=\"utf8\"?><response><params>".$params."</params>".$sign."</response>"; echo $out_data; // Выводим ответ } // Проверка параметров платежа function check_payment( $account, // Счет $pay_amount, // Сумма $params, // Параметры &$balance, // Баланс &$login ) { // Проверить существование указанного номера $sql_result = mysql_query("SELECT * FROM accounts WHERE `account` = '".$account."' AND status = 1"); if (!$sql_result) return 90; $row = mysql_fetch_assoc($sql_result); $account_id = (int)$row['uid']; if ($account_id == 0) return 20; // Проверить $pay_amount и другие параметры при необоходимости if ($pay_amount == 0) $pay_amount = 10000; if (!(($pay_amount >= 100) and ($pay_amount <= 1500000))) return 29; // Вернуть баланс, если возможно $balance = $row['balance']; $login = $row['login']; return 0; } // Проведение платежа function do_payment( $account, // Счет $pay_amount, // Сумма $pay_id, // Уникальный номер платежа $pay_date, // Дата платежа $params, // Параметры &$account_id // ID счета в базе ) { // Проверить существование указанного номера $sql_result = mysql_query("SELECT * FROM users WHERE id = ".$account." "); if (!$sql_result) return 90; $row = mysql_fetch_assoc($sql_result); $account_id = (int)$row['id']; if ($account_id == 0) return 20; if (!(($pay_amount >= 100) and ($pay_amount <= 1500000))) return 29; $client_id = $row['id']; // Провести платеж, вернуть 0 в случае успеха, 90 в случае ошибки // [!] Здесь необходимо вставить свой код пополнения баланса указанного счета //add to users.deposit $ndeposit = $row['balance'] + ($pay_amount * 10000 ); mysql_query('UPDATE `users` SET `balance` = '.(int)$ndeposit.' WHERE `id` = '.(int)$account); $source = 'Sberbank Billing System'; $source_id = 2; $serv_code = (int)get_tag_content($params, "serv_code"); if ($serv_code == 2){ $source = 'Sberbank Billing System'; $source_id = 2; } elseif ($serv_code == 3){ $source = 'Site Billing System'; $source_id = 3; } mysql_query("INSERT INTO `log` (`date`, `payer`, `type`, `user`, `before`, `payment`) VALUES ('".date("Y-m-d H:i:s")."', '".$source."', ".$source_id.", '".$row['login']."', ".$row['balance'].", ".($pay_amount/100).")"); return 0; } // Проверка разрешенных IP для доступа $ips = explode(",",$allowed_ips); if (array_search($_SERVER["REMOTE_ADDR"],$ips) === FALSE) { response(10, "Запрос выполнен с неразрешенного адреса", "", FALSE); exit; }; if (!isset($_POST['params'])) { response(11, "Указаны не все необходимые параметры", "", FALSE); exit; } $query = $_POST['params']; $in_data = $query; $params = get_tag_content($query, "params"); $query_sign = get_tag_content($query, "sign"); $sign = md5($params.$password); // Проверка подписи if ($check_sign and (($query_sign == "") or (strtoupper($sign) <> strtoupper($query_sign)))) { response(13, "Неверная цифровая подпись", "", FALSE); exit; } $act = (int)get_tag_content($params, "act"); if (($act == "") or ($act == 0)) { response(11, "Указаны не все необходимые параметры", ""); exit; } // Проверка доступа к базе $link = mysql_connect($db_host,$db_user,$db_password); if (!$link) { response(90, "Временная техническая ошибка [1]"); exit; } $db_selected = mysql_select_db($db_name); if (!$db_selected) { response(90, "Временная техническая ошибка [2]"); exit; } mysql_query("SET NAMES 'utf8'"); mysql_query("SET CHARACTER SET 'utf8'"); switch ($act) { // Проверка параметров платежа case 1: $account = mysql_escape_string(get_tag_content($params, "account")); if ($account <> "") { $pay_amount = (int)get_tag_content($params, "pay_amount"); $result = check_payment($account, $pay_amount, $params, $balance, $login); switch ($result) { case 0: $params = tag_format("account",$account, FALSE); if ($balance <> "") $params = $params.tag_format("balance", number_format($balance/100, 2, '.', '')); $params .= $params.tag_format("client_name", $login); response(0, "OK", $params); break; case 20: response(20, "Указанный номер счета отсутствует"); break; case 21: response(21, "Запрещены платежи на указанный номер счета"); break; case 22: response(22, "Запрещены платежи для указанной услуги"); break; case 23: response(23, "Запрещены платежи для указанного агента"); break; case 29: response(29, "Неверная сумма платежа"); break; case 90: response(90, "Временная техническая ошибка"); break; default: response(99, "Неизвестный ответ функции проверки параметров платежа"); } } else response(11, "Указаны не все необходимые параметры"); break; // Проведение платежа case 2: $account = mysql_escape_string(get_tag_content($params, "account")); if ($account <> "") { $pay_amount = (int)get_tag_content($params, "pay_amount"); $pay_id = mysql_escape_string(get_tag_content($params, "pay_id")); $pay_date = get_tag_content($params, "pay_date"); $agent_date = get_tag_content($params, "agent_date"); if ($pay_id == "") { response(11, "Указаны не все необходимые параметры"); exit; } $sql_result = mysql_query(" SELECT a_payments.*, users.id FROM a_payments, users WHERE a_payments.account_id = users.id AND agent_id = ".$agent_id." AND pay_num = '".$pay_id."'"); if (!$sql_result) { response(90, "Временная техническая ошибка"); exit; } $row = mysql_fetch_assoc($sql_result); $reg_id = (int)$row['payment_id']; // Проверка на дублирование if ($reg_id <> 0) { $pay_amount_db = $row['amount']; $account_db = $row['account_id']; $reg_id = $row['payment_id']; $reg_date = $row['reg_date']; $params = tag_format("account",$account, FALSE); if ($account == $account_db) { if ($pay_amount != $pay_amount_db) { //$params = $params.tag_format("reg_id",$reg_id).tag_format("reg_date", date("Y-m-d H:i:s",strtotime($reg_date))); response(30, "Был другой платеж другой суммы с указанным номером", $params); } else { //$params = $params.tag_format("reg_id",$reg_id).tag_format("reg_date", date("Y-m-d H:i:s",strtotime($reg_date))); $params .= tag_format("reg_date",$reg_date, FALSE); $params .= tag_format("reg_id",$reg_id, FALSE); response(1, "Платеж уже был проведен", $params); } } else { $params .= tag_format("reg_date",$reg_date, FALSE); $params .= tag_format("reg_id",$reg_id, FALSE); response(1, "Был другой платеж с указанным номером", $params); } } else { $result = do_payment($account, $pay_amount, $pay_id, $pay_date, $params, $account_id); switch ($result) { case 0: $params = tag_format("account",$account, FALSE); mysql_query("INSERT INTO S_payments (agent_id, pay_num, account_id, amount, pay_date, reg_date, agent_date) VALUES ('".$agent_id."', '".$pay_id."', '".$account_id."', ".$pay_amount.", '".$pay_date."', NOW(), '".$agent_date."' ) "); $reg_id = mysql_insert_id(); $sql_result = mysql_query("SELECT * FROM s_payments WHERE payment_id = ".$reg_id); if ((!$sql_result) or ($reg_id == 0)) { // Ошибка при добавлении платежа в базу // Возвращать техническую ошибку только в случе, если пополнение происходит вне функции do_payment // response(90, "Временная техническая ошибка [3]"); } else { $row = mysql_fetch_assoc($sql_result); $reg_date = $row['reg_date']; $params = $params.tag_format("reg_id",$reg_id).tag_format("reg_date", date("Y-m-d H:i:s",strtotime($reg_date))); } response(0, "OK", $params); break; case 20: response(20, "Указанный номер счета отсутствует"); break; case 21: response(21, "Запрещены платежи на указанный номер счета"); break; case 22: response(22, "Запрещены платежи для указанной услуги"); break; case 23: response(23, "Запрещены платежи для указанного агента"); break; case 29: response(29, "Неверная сумма платежа"); break; case 90: response(90, "Временная техническая ошибка"); break; default: response(99, "Неизвестный ответ функции отправки платежа"); } } } else response(11, "Указаны не все необходимые параметры"); break; default: response(12, "Неверный формат параметров"); } ?>   @ixi Гуглил $_POST, вешается с ошибкой 500, или выдает пустой массив данных. К примеру: $query = $_POST; $in_data = $query; if ($act == $_POST['check']) { $act = 1; }; if ($act == $_POST['payment']) { $act = 2; }; switch ($act) { // Проверка параметров платежа case 1: $account = mysql_escape_string($_POST['ACCOUNT']); if ($account <> "") { $pay_amount = $_POST['amount']); $result = check_payment($account, $pay_amount, $balance, $login); switch ($result) { case 0: $params = tag_format("account",$account, FALSE); if ($balance <> "") $params = $params.tag_format("balance", number_format($balance/100, 2, '.', '')); $params .= $params.tag_format("client_name", $login); response(0, "OK", $params); break; case 20: response(20, "Указанный номер счета отсутствует"); break; case 21: response(21, "Запрещены платежи на указанный номер счета"); break; case 22: response(22, "Запрещены платежи для указанной услуги"); break; case 23: response(23, "Запрещены платежи для указанного агента"); break; case 29: response(29, "Неверная сумма платежа"); break; case 90: response(90, "Временная техническая ошибка"); break; default: response(99, "Неизвестный ответ функции проверки параметров платежа"); } } else response(11, "Указаны не все необходимые параметры"); break;

Всем привет, собственно кто может подсказать как на php допилить скрипт от bisys, а именно разделение строки в методом POST? Изначально в скрипте от bisys идет такой код(прием xml и дальнейшее разделение), а в сбере идет изначально формат script.php?ACTION=check&ACCOUNT=000. function get_tag_content($string, $tagname) { $pattern = "|<".$tagname.">(.+)</".$tagname."|si"; preg_match($pattern, $string, $matches); return $matches[1]; }

@vop captive portal это конечно хорошо, только вот не знаю как оно будет работать на 7, 10 точно поддерживает, но большинство людей все еще сидят на 7, молчу про xp, такие тоже есть. Но опять же таких уже не так много и у многих есть смартфоны.

Вполне этого хватит, чтобы люди ввели л\с и проверили баланс. Пробовали делать это на beget, не получилось, возможно из-за ddos защиты которая у них стоит. Если я правильно понял, то через dstnat заворачиваем на внутренний сервер(mikrotik не поддерживает ссылки, только адреса), далее 302ым отправляем на страницу оплаты?

Был такой вариант, но не совсем понятно, тоже использовать proxy на nginx?

Добрый день, в данный момент пытаюсь сделать страницу заглушку на Squid + Mikrotik, из того что есть: Mikrotik с адрес листами абонентов которые "должны" денег, есть "белые" адреса сайта и оплаты, есть DSTnat который отправляет пользователей с сайтов не из "белого" списка по портам 80,8080,443 на внутренний адрес со squid. Squid настроен ssl_bump + intercept по порту 3129. Собственно сама проблема: не работает переадресация на squid, браузер или не выдает ничего(таймаут) или ERR_CONNECTION_REFUSED. В итоге "хочецца" как у ростелекома, при минусе на балансе отправлять на страницу "дай денег", можно с матами на сертификат, ну или просто скидывать на IP адрес с уже имеющимся OV сертификатом от комодо. Кто что подскажет?

@UglyAdmin То есть на практике разницы между г1 и г2 нету?

Вообщем так и не понятно, почему загрузка процессора абсолютно такая же как на G1, хотя вместо нее трудится теперь G2. G2 же более производительная?

Трафик 450 по вечерам(полка). IP cef и ip flow включен, но не настроен(netflow снимается с микротика).