Jump to content
Калькуляторы

gadrus42

Новичок
  • Content Count

    9
  • Joined

  • Last visited

About gadrus42

  • Rank
    Абитуриент
  1. Добрый день! Похожая проблема. Sending CoA-Request of id 67 to 10.0.9.99 port 1777 User-Name = "100.110.0.1" Cisco-Account-Info = "S100.110.0.1" Cisco-AVPair = "subscriber:command=account-logoff" rad_recv: CoA-NAK packet from host 10.0.9.99 port 1777, id=67, length=99 User-Name = "100.110.0.1" Cisco-Account-Info = "S100.110.0.1" Cisco-Command-Code = "\0202;100.110.0.1" Reply-Message = "No valid Session" Error-Cause = Unsupported-Service Feb 19 12:13:23: RADIUS: COA received from id 67 10.0.9.1:43076, CoA Request, len 94 Feb 19 12:13:23: RADIUS/ENCODE(00000000):Orig. component type = Invalid Feb 19 12:13:23: RADIUS(00000000): sending Feb 19 12:13:23: RADIUS(00000000): Send CoA Nack Response to 10.0.9.1:43076 id 67, len 99 Feb 19 12:13:23: RADIUS: authenticator 06 73 27 4F 52 2F 95 A7 - 63 B0 92 21 50 54 5A B2 Feb 19 12:13:23: RADIUS: User-Name [1] 13 "100.110.0.1" Feb 19 12:13:23: RADIUS: Vendor, Cisco [26] 20 Feb 19 12:13:23: RADIUS: ssg-account-info [250] 14 "S100.110.0.1" Feb 19 12:13:23: RADIUS: Vendor, Cisco [26] 22 TCS0.IZK.ToB# Feb 19 12:13:23: RADIUS: ssg-command-code [252] 16 Feb 19 12:13:23: RADIUS: 10 32 3B 31 30 30 2E 31 31 30 2E 30 2E 31 [Error-Code 2;100.110.0.1] Feb 19 12:13:23: RADIUS: Reply-Message [18] 18 Feb 19 12:13:23: RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session] Feb 19 12:13:23: RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405] #!/bin/bash nas_id=10.0.9.99 nas_port=1777 nas_secret=ХХХХХХ sess_id="$1" /bin/echo "User-Name="$1", Cisco-Account-Info=S"$1", cisco-avpair=\"subscriber:command=account-logoff\"" | /usr/bin/radclient -x "$nas_id":"$nas_port" coa "$nas_secret" Подскажите куда копать? На ASR1001: class type control always event account-logoff 1 service disconnect delay 5
  2. Idle Timeout: Class-id Dir Timeout value Idle-Time Source 1 Out 30 00:00:29 Peruser Добавил атрибут, навешивается, теперь доходит до 30, и сбрасывается счетчик, сессия дальше висит....( Один раз все-таки сбросил сессию....но не стабильно как-то работает(((( Подскажите в чем может быть проблема?
  3. Все разобрался, спасибо!
  4. Добрый день! Подскажите куда этот атрибут нужно добавить? Столкнулся с такой же проблемой.
  5. Я ожидаю, что ASR ,будет реквесты слать в биллинг. По этому прошу помощи у опытных взглянуть на конфиг, может чего то не хватает. Дебаг копирну, но там пусто((((
  6. Добрый день! Коллеги, помогите пожалуйста, вторую неделю не могу разобраться, что делаю не так. Перепробовал настройки с разных статей. Клиент по DHCP получает ip, но ASR не отправляется никаких запросов в Lanbilling. Оборудование cisco ASR1001 Version 15.3(3)S4 + LAnBilling (он же Radius он же DHCP) Вот мой конфиг: aaa authentication login default local aaa authentication login CONS none aaa authentication login ISG-AUTH-1 group ISG-RADIUS aaa authentication enable default enable aaa authorization network default group ISG-RADIUS aaa authorization network ISG-AUTH-1 group ISG-RADIUS aaa authorization subscriber-service default local aaa authorization subscriber-service ISG-AUTH-1 group ISG-RADIUS aaa authorization console aaa accounting network ISG-AUTH-1 start-stop group ISG-RADIUS aaa accounting delay-start aaa accounting jitter maximum 0 aaa accounting update periodic 1 ! ! ! aaa server radius dynamic-author client 91.109.224.23 server-key client 91.109.224.25 server-key port 1777 auth-type any ignore session-key ignore server-key ! ! radius-server attribute 44 extend-with-addr radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute nas-port format d radius-server attribute 31 mac format ietf radius-server dead-criteria time 120 tries 3 radius-server host 91.109.224.23 auth-port 1852 acct-port 1853 radius-server retry method reorder radius-server retransmit 5 radius-server deadtime 3 radius-server key 7 XXXXXXXXXXXXXXXXX radius-server vsa send cisco-nas-port ! aaa group server radius ISG-RADIUS server 91.109.224.23 auth-port 1852 acct-port 1853 server 91.109.224.25 auth-port 1852 acct-port 1853 ip radius source-interface Port-channel10.10 access-list 197 permit tcp any any eq www access-list 197 permit tcp any eq www any access-list 197 deny ip any any access-list 198 permit udp any any eq domain access-list 198 permit udp any eq domain any access-list 198 permit tcp any host 91.109.224.25 eq www access-list 198 permit tcp any host 91.109.224.25 eq 443 access-list 198 permit tcp any host 91.109.224.7 eq www access-list 198 permit tcp any host 91.109.224.7 eq 443 access-list 198 permit tcp any host 192.168.77.20 eq www access-list 198 permit icmp any any access-list 198 deny ip any any interface Port-channel10.97 description IPoE_ISG_FIXA encapsulation dot1Q 97 vrf forwarding ipoe ip address 10.97.1.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp service-policy type control ISG-CUSTOMERS-POLICY ip subscriber routed initiator unclassified ip-address policy-map type control ISG-CUSTOMERS-POLICY class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list ISG-AUTH-1 identifier source-ip-address 20 set-timer UNAUTH-TIMER 3 30 service-policy type service name SERVICE-TRUSTED 40 service-policy type service name LOCAL_L4R ! class type control always event radius-timeout 1 service-policy type service name SERVICE-TRUSTED 2 service-policy type service name LOCAL_L4R ! class type control always event session-restart 10 authorize aaa list ISG-AUTH-1 identifier source-ip-address 20 set-timer UNAUTH-TIMER 3 30 service-policy type service name SERVICE-TRUSTED 40 service-policy type service name LOCAL-L4R ! class type control always event account-logoff 1 service disconnect delay 5   Благодарю за помощь!
  7. Добрый день! Коллеги, помогите пожалуйста, вторую неделю не могу разобраться, что делаю не так. Перепробовал настройки с разных статей. Клиент по DHCP получает ip, но ASR не отправляется никаких запросов в Lanbilling. Вот мой конфиг: aaa authentication login default local aaa authentication login CONS none aaa authentication login ISG-AUTH-1 group ISG-RADIUS aaa authentication enable default enable aaa authorization network default group ISG-RADIUS aaa authorization network ISG-AUTH-1 group ISG-RADIUS aaa authorization subscriber-service default local aaa authorization subscriber-service ISG-AUTH-1 group ISG-RADIUS aaa authorization console aaa accounting network ISG-AUTH-1 start-stop group ISG-RADIUS aaa accounting delay-start aaa accounting jitter maximum 0 aaa accounting update periodic 1 ! ! ! aaa server radius dynamic-author client 91.109.224.23 server-key client 91.109.224.25 server-key port 1777 auth-type any ignore session-key ignore server-key ! ! radius-server attribute 44 extend-with-addr radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute nas-port format d radius-server attribute 31 mac format ietf radius-server dead-criteria time 120 tries 3 radius-server host 91.109.224.23 auth-port 1852 acct-port 1853 radius-server retry method reorder radius-server retransmit 5 radius-server deadtime 3 radius-server key 7 XXXXXXXXXXXXXXXXX radius-server vsa send cisco-nas-port ! aaa group server radius ISG-RADIUS server 91.109.224.23 auth-port 1852 acct-port 1853 server 91.109.224.25 auth-port 1852 acct-port 1853 ip radius source-interface Port-channel10.10 access-list 197 permit tcp any any eq www access-list 197 permit tcp any eq www any access-list 197 deny ip any any access-list 198 permit udp any any eq domain access-list 198 permit udp any eq domain any access-list 198 permit tcp any host 91.109.224.25 eq www access-list 198 permit tcp any host 91.109.224.25 eq 443 access-list 198 permit tcp any host 91.109.224.7 eq www access-list 198 permit tcp any host 91.109.224.7 eq 443 access-list 198 permit tcp any host 192.168.77.20 eq www access-list 198 permit icmp any any access-list 198 deny ip any any interface Port-channel10.97 description IPoE_ISG_FIXA encapsulation dot1Q 97 vrf forwarding ipoe ip address 10.97.1.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp service-policy type control ISG-CUSTOMERS-POLICY ip subscriber routed initiator unclassified ip-address policy-map type control ISG-CUSTOMERS-POLICY class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list ISG-AUTH-1 identifier source-ip-address 20 set-timer UNAUTH-TIMER 3 30 service-policy type service name SERVICE-TRUSTED 40 service-policy type service name LOCAL_L4R ! class type control always event radius-timeout 1 service-policy type service name SERVICE-TRUSTED 2 service-policy type service name LOCAL_L4R ! class type control always event session-restart 10 authorize aaa list ISG-AUTH-1 identifier source-ip-address 20 set-timer UNAUTH-TIMER 3 30 service-policy type service name SERVICE-TRUSTED 40 service-policy type service name LOCAL-L4R ! class type control always event account-logoff 1 service disconnect delay 5 Оборудование cisco ASR1001 Version 15.3(3)S4 + LAnBilling (он же Radius он же DHCP)
  8. Добрый день! Коллеги, помогите пожалуйста, вторую неделю не могу разобраться, что делаю не так. Перепробовал настройки с разных статей. Клиент по DHCP получает ip, но ASR не отправляется никаких запросов в Lanbilling