Minotaur
Пользователи-
Публикации
22 -
Зарегистрирован
-
Посещение
О Minotaur
-
Звание
Абитуриент
Контакты
-
ICQ
Array
Посетители профиля
Блок посетителей профиля отключен и не будет отображаться другим пользователям
-
Можно ли использовать в качестве бордера Juniper SRX210?
тему ответил в micho пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
Ну если в даташите написано, что умеет BGP, значит будет. Единственное, что не сможет сделать, как правильно заметил коллега в предыдущем посте, - так это держать full-view. В таком случае принимайте от обоих аплинков только дефолт. Правда, в таком случае столкнетесь с задачей распределения исходящего трафика, которую можно попытаться решить с помощью специального Extended community bandwidth:* -
ESR 10K в качестве браса
тему ответил в catalist пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
ISG умеет инициализировать сессии не только по PPPoE. В Вашем случае можно использовать initiator unclassified ip-address -
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
С этой проблемой разобрался. Очень похоже на баг. Описанная ситуация возникает в том случае, если на ISG уже есть описанный DHCP pool, даже если он не принимает никакого участия в раздаче адресов для подписчиков. Есть Workaround, посоветованный коллегой: сделать DHCP relay не через ip helper-address, а через relay pool, например так: ip dhcp pool pool-Test update arp relay source 178.214.200.0 255.255.255.0 relay destination 178.214.192.2 ! interface GigabitEthernet0/2.33 encapsulation dot1Q 33 ip dhcp relay information trusted ip dhcp relay information policy-action keep ip address 178.214.200.1 255.255.255.0 arp timeout 60 service-policy type control DHCP-Subscriber ip subscriber l2-connected initiator dhcp class-aware Так работает, но при такой конфигурации есть сложности с unnumbered на Gi0/2.33. Эта проблема описана в отдельной теме тут. -
Приветствую! Дано: Cisco 7206VXR, IOS 12.2(33)SRD3. Определен пул для relay: ip dhcp pool pool-Test update arp relay source 178.214.200.0 255.255.255.0 relay destination 178.214.192.2 И сконфигурирован саб-интефейс: interface GigabitEthernet0/2.33 encapsulation dot1Q 33 ip dhcp relay information trusted ip dhcp relay information policy-action keep ip address 178.214.200.1 255.255.255.0 arp timeout 60 service-policy type control DHCP-Subscriber ip subscriber l2-connected initiator dhcp class-aware Все отлично работает, пул привязывается к интерфейсу по сети, определенной в relay source. А как привязать пул к интерфейсу, если он - ip unnumbered loopback0, а на lo0 висит адрес с маской /32 ? Спасибо.
-
Не будет. То, что пишут в даташитах - маркетинговое фуфло. Максимальный стек, поддерживаемый нп. 650: SummitStack512, - поддерживает 128G на одном стековом порту, но при этом нельзя объединить в стек больше двух свитчей. SummitStack128 обеспечивает 64G на порт при стеке до восьми коммутаторов. Кроме этого, у Extreme Summit имеется идиотский недостаток (один из многих, впрочем) - он не умеет отдавать по SNMP загрузку со стековых портов. По крайней мере в XOS 12.4. Лихо Вы поделили пропускную способность стека:) Посмотрите на картинке, как модуль выглядит. Маркетинговое число 512 можно поделить на 2(так как считается Rx + Tx), а не на 8. Ткните меня носом, где я разделил маркетинговое число на 8? На 4 - да, потому что оно так и есть в действительности. И да - опечатался выше, извиняюсь, вместо SummitStack128 хотел написать SummitStack256. У меня стоит два 650х, соединенных через SummitStack256: # show stacking stack-ports Stack Topology is a Ring Slot Port Node MAC Address Port State Flags Speed ---- ---- ----------------- ----------- ----- ----- *1 1 00:04:96:51:f1:b5 Operational C- 64G *1 2 00:04:96:51:f1:b5 Operational CB 64G 2 1 00:04:96:51:79:7a Operational CB 64G 2 2 00:04:96:51:79:7a Operational C- 64G * - Indicates this node Flags: (C) Control path is active, (B) Port is Blocked Да, есть два стековых порта, но они не обеспечивают того, что при стеке из > 2 свитчей у вас трафик между первым и последним будет ездить по обеим портам. Ага: # snmpwalk -v2c -c public sw2-gdr .1.3.6.1.4.1.1916.1.4.5.1.2 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1000 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1001 = INTEGER: 56 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1002 = INTEGER: 26 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1003 = INTEGER: 16 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1004 = INTEGER: 42 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1005 = INTEGER: 5 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1006 = INTEGER: 7 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1007 = INTEGER: 14 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1008 = INTEGER: 49 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1009 = INTEGER: 74 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1010 = INTEGER: 70 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1011 = INTEGER: 23 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1012 = INTEGER: 35 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1013 = INTEGER: 12 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1014 = INTEGER: 16 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1015 = INTEGER: 29 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1016 = INTEGER: 82 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1017 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1018 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1019 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1020 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1021 = INTEGER: 30 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1022 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1023 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.1024 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2001 = INTEGER: 37 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2002 = INTEGER: 3 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2003 = INTEGER: 9 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2004 = INTEGER: 77 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2005 = INTEGER: 4 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2006 = INTEGER: 6 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2007 = INTEGER: 20 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2008 = INTEGER: 9 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2009 = INTEGER: 5 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2010 = INTEGER: 12 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2011 = INTEGER: 7 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2012 = INTEGER: 6 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2013 = INTEGER: 8 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2014 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2015 = INTEGER: 15 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2016 = INTEGER: 25 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2017 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2018 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2019 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2020 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2021 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2022 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2023 = INTEGER: 0 EXTREME-PORT-MIB::extremePortUtilizationAvgRxBw.2024 = INTEGER: 0 Стек из двух свитчей, по 24 порта в каждом. Покажите мне пожалуйста, какая из этих строчек показывает загрузку стековых портов?
-
Не будет. То, что пишут в даташитах - маркетинговое фуфло. Максимальный стек, поддерживаемый нп. 650: SummitStack512, - поддерживает 128G на одном стековом порту, но при этом нельзя объединить в стек больше двух свитчей. SummitStack128 обеспечивает 64G на порт при стеке до восьми коммутаторов. Кроме этого, у Extreme Summit имеется идиотский недостаток (один из многих, впрочем) - он не умеет отдавать по SNMP загрузку со стековых портов. По крайней мере в XOS 12.4.
-
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
ip dhcp relay information trust-all Написанная Вами команда есть у меня в глобальном конфиге, она выполняет то же самое, что ip dhcp relay information trusted в конфигурации интерфейса, и она никак не влияет на сессии. -
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
Не вижу в первом дебаге даже попыток релея, а во втором - всё на месте. Можно попробовать поставить: 10 authorize aaa list DHCP-BRAS identifier mac-address В session-start и постепенно добавлять опции, до начала проблем. Я упорно не понимаю, причем тут DHCP релей и идентификатор? Клиент нормально получает IP-адрес. А IP-адрес он может получить только в случае успешной авторизации на этапе session-start. Аутентицикация была успешной, Radius отдал настройки сессии на ISG, клиент в свою очередь получил адрес. Дальше - просто не поднимается сессия. Но если Вас мучают смутные сомнения, Вот кусок из радиуса, подтверждающий нормальную авторизацию: rad_recv: Access-Request packet from host 178.214.192.68 port 1645, id=202, length=128 User-Name = "000600226b2a8d52#000400210117#0007.e90a.75b2" User-Password = "cisco" NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = "0/0/2/33" Service-Type = Outbound-User NAS-IP-Address = 178.214.192.68 Acct-Session-Id = "00001283" server ISG_Authorization { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/ISG.conf +- entering group authorize {...} ++[preprocess] returns ok ++[control] returns ok rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair Acct-Session-Id = 00001283 rlm_perl: Added pair Service-Type = Outbound-User rlm_perl: Added pair User-Name = 000600226b2a8d52#000400210117#0007.e90a.75b2 rlm_perl: Added pair User-Password = cisco rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair NAS-IP-Address = 178.214.192.68 rlm_perl: Added pair NAS-Port-Id = 0/0/2/33 rlm_perl: Added pair Cisco-AVPair = subscriber:keepalive=protocol ARP rlm_perl: Added pair Service-Type = Outbound-User rlm_perl: Added pair Cisco-Account-Info = Apms-1M rlm_perl: Added pair Auth-Type = Accept ++[iSG_Auth] returns ok Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [000600226b2a8d52#000400210117#0007.e90a.75b2] (from client bras1-gdr port 0) WARNING: Empty post-auth section. Using default return values. } # server ISG_Authorization Sending Access-Accept of id 202 to 178.214.192.68 port 1645 Cisco-AVPair = "subscriber:keepalive=protocol ARP" Service-Type = Outbound-User Cisco-Account-Info = "Apms-1M" Finished request 44. Going to the next request Waking up in 4.9 seconds. Received DHCP-Discover of id 220c03fd from 178.214.200.1:67 to 178.214.192.2:67 DHCP-Opcode = Client-Message ... ну и дальше пошел DHCP. При session-restart происходит то же самое: rad_recv: Access-Request packet from host 178.214.192.68 port 1645, id=203, length=98 User-Name = "0007.e90a.75b2" User-Password = "cisco" NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = "0/0/2/33" Service-Type = Outbound-User NAS-IP-Address = 178.214.192.68 Acct-Session-Id = "00001286" server ISG_Authorization { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/ISG.conf +- entering group authorize {...} ++[preprocess] returns ok ++[control] returns ok rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair Acct-Session-Id = 00001286 rlm_perl: Added pair Service-Type = Outbound-User rlm_perl: Added pair User-Name = 0007.e90a.75b2 rlm_perl: Added pair User-Password = cisco rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair NAS-IP-Address = 178.214.192.68 rlm_perl: Added pair NAS-Port-Id = 0/0/2/33 rlm_perl: Added pair Cisco-AVPair = subscriber:keepalive=protocol ARP rlm_perl: Added pair Service-Type = Outbound-User rlm_perl: Added pair Cisco-Account-Info = Apms-1M rlm_perl: Added pair Auth-Type = Accept ++[iSG_Auth] returns ok Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [0007.e90a.75b2] (from client bras1-gdr port 0) WARNING: Empty post-auth section. Using default return values. } # server ISG_Authorization Sending Access-Accept of id 203 to 178.214.192.68 port 1645 Cisco-AVPair = "subscriber:keepalive=protocol ARP" Service-Type = Outbound-User Cisco-Account-Info = "Apms-1M" Finished request 47. Going to the next request Waking up in 4.9 seconds. -
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
Т.е. DHCP не на этой железке? Cisco ISG работает как DHCP relay. Клиенты все видны на Layer2, подключены к свитчам, которые добавляют Option 82. DHCP и авторизация отрабатывает нормально. Просто не поднимается сессия. А поток мыслей предыдущего оратора не осилил. -
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
RADIUS не выдаёт связку IP/MASK, а вот по этому: - выдаёт. Надо смотреть/проверять запросы к RADIUS-у. Стоп. IP/MASK вообще выдается по DHCP. Данный запрос нужен только для того, чтобы сказать ISG, разрешать ли DHCP DISCOVER от этого клиента, или нет. -
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
Вот еще один дебаг того, что происходит при попытке поднять сессию. Но он тоже пока что не особо проясняет ситуацию: bras1-gdr.ki#show debugging IP Subscriber: IP subscriber events debugging is on IP subscriber errors debugging is on IP subscriber fsm debugging is on *Feb 6 18:42:17.038: IPSUB: Create session keys from SSS key list *Feb 6 18:42:17.038: IPSUB: Mac_addr = 0007.e90a.75b2, Recvd Macaddr = 0007.e90a.75b2 *Feb 6 18:42:17.038: IPSUB: Session input interface(0x6BD31BC) = GigabitEthernet0/2.33 *Feb 6 18:42:17.038: IPSUB: Circuit_id = 000400210117 *Feb 6 18:42:17.038: IPSUB: Remote_id = 000600226b2a8d52 *Feb 6 18:42:17.038: IPSUB: Vendor_Class_id = MSFT 5.0 *Feb 6 18:42:17.042: IPSUB: Try to create a new session *Feb 6 18:42:17.042: IPSUB: [uid:0] Request to create a new session *Feb 6 18:42:17.042: IPSUB: [uid:0] Session start event for session *Feb 6 18:42:17.042: IPSUB: [uid:0] Event session start, state changed from idle to requesting *Feb 6 18:42:17.042: IPSUB: [uid:5] AAA unique ID allocated *Feb 6 18:42:17.042: IPSUB: [uid:5] Added session 0007.e90a.75b2 to L2 session table *Feb 6 18:42:17.042: IPSUB: [uid:5] Added session to session table with access session keys *Feb 6 18:42:17.042: IPSUB: [uid:5] IP session(0x130005DF) on L2 interface to be associated to Gi0/2.33, mac 0007.e90a.75b2 *Feb 6 18:42:17.042: IPSUB: [uid:5] Inserted IP session(0x130005DF) to sessions-per-interface db with interface Gi0/2.33 *Feb 6 18:42:17.058: IPSUB: [uid:5] IP session context 0x12C0BB98 available to authorize *Feb 6 18:42:17.058: IPSUB-VRFSET: [uid:5] Entered allocate feature info *Feb 6 18:42:17.058: IPSUB-VRFSET: [uid:5] Allocated sg vrfset info 0x1EA52E48 *Feb 6 18:42:17.058: IPSUB-VRFSET: [uid:5] Freeing the sg vrfset info 0x1EA52E48 *Feb 6 18:42:17.058: IPSUB: [uid:5] IP session context 0x12C0BB98 available to authorize *Feb 6 18:42:17.058: IPSUB-VRFSET: [uid:5] Entered allocate feature info *Feb 6 18:42:17.058: IPSUB-VRFSET: [uid:5] Allocated sg vrfset info 0x1EA52E48 *Feb 6 18:42:17.058: IPSUB-VRFSET: [uid:5] Freeing the sg vrfset info 0x1EA52E48 *Feb 6 18:42:17.058: IPSUB: [uid:5] Recieved Message = connect local *Feb 6 18:42:17.058: IPSUB: [uid:5] Connect Local event for session *Feb 6 18:42:17.058: IPSUB: [uid:5] Event connect local, state changed from requesting to waiting *Feb 6 18:42:17.058: IPSUB: [uid:5] Inside processing IPSIP info *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Checking whether routes to be inserted/removed *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Context not present, creating context *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Entered the sg subrte context alloc *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Returning the sg subrte context 0x198428F0 *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Trying to remove Subscriber routes *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Entered the plane feature context free *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Freeing the sg subrte context 0x198428F0 *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Removed SG SUBRTE feature *Feb 6 18:42:17.058: IPSUB-ROUTE: [uid:5] Reqd keys are not available, postponing route insert *Feb 6 18:42:17.058: IPSUB: [uid:5] Keys not changed, seg needn't be updated *Feb 6 18:42:17.058: IPSUB: [uid:5] Key list to be created to update SM *Feb 6 18:42:17.058: IPSUB: [uid:5] Created key list to update SM *Feb 6 18:42:17.074: Invalid interface number *Feb 6 18:42:17.074: Invalid interface number *Feb 6 18:42:17.074: IPSUB: [uid:5] Recieved Message = disconnect *Feb 6 18:42:17.074: IPSUB: [uid:5] SSS Manager disconnect event for session *Feb 6 18:42:17.074: IPSUB: [uid:5] Event sss mgr disc, state changed from waiting to disconnecting *Feb 6 18:42:17.074: IPSUB-VRFSET: [uid:5] Removing SG VRFSET feature *Feb 6 18:42:17.074: IPSUB-VRFSET: [uid:5] SG VRFSET context is not present *Feb 6 18:42:17.074: IPSUB-ROUTE: [uid:5] Trying to remove Subscriber routes *Feb 6 18:42:17.078: IPSUB-ROUTE: [uid:5] SG SUBRTE context is not present *Feb 6 18:42:17.078: IPSUB: [uid:5] Removed session from session table with access session keys *Feb 6 18:42:17.078: IPSUB: [uid:5] Removed session from session table with service session keys *Feb 6 18:42:17.078: IPSUB: [uid:5] Deleted session(0x130005DF) from sessions per interface db with intf: Gi0/2.33 *Feb 6 18:42:17.078: IPSUB: No IP session with handle 0x130005DF, ignore client disconnect message И все. *Feb 6 18:42:17.074: Invalid interface number *Feb 6 18:42:17.074: Invalid interface number в дебаге - смущает. Далее, при приходе первого пакета от клиента по session-restart все нормально поднимается: *Feb 6 18:44:53.642: IPSUB_DP: [uid:0] Insert new entry for mac 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] Processing new in-band session request *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] Delete mac entry 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] In-band session request event for session *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] Insert new entry for mac 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] Added upstream entry into the classifier *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] MAC = 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB: Try to create a new session *Feb 6 18:44:53.646: IPSUB: IPSUB: Check IP DHCP session recovery: 178.214.200.2 Gi0/2.33 mac 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB: Create session keys from SSS key list *Feb 6 18:44:53.646: IPSUB: Mac_addr = 0007.e90a.75b2, Recvd Macaddr = 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB: Session input interface(0x6BD31BC) = GigabitEthernet0/2.33 *Feb 6 18:44:53.646: IPSUB: Recovery DHCP session hdl = 452986336 *Feb 6 18:44:53.646: IPSUB: IPSUB: IP DHCP session recovery started *Feb 6 18:44:53.646: IPSUB: [uid:0] Request to create a new session placeholder for session recovery *Feb 6 18:44:53.646: IPSUB: [uid:0] Session restart event for session *Feb 6 18:44:53.646: IPSUB: [uid:0] Event session restart, state changed from idle to recovery-req *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] Sent message to control plane for in-band session creation *Feb 6 18:44:53.646: IPSUB_DP: [uid:0] Event inband-session, state changed from idle to intiated *Feb 6 18:44:53.646: IPSUB: Try to create a new session *Feb 6 18:44:53.646: IPSUB: Try to complete a DHCP initiated session recovery *Feb 6 18:44:53.646: IPSUB: [uid:0] Request to convert a new session placeholder and start it *Feb 6 18:44:53.646: IPSUB: [uid:0] Session start event for session *Feb 6 18:44:53.646: IPSUB: [uid:0] Event session start, state changed from recovery-req to requesting *Feb 6 18:44:53.646: IPSUB: [uid:7] AAA unique ID allocated *Feb 6 18:44:53.646: IPSUB: [uid:7] Added session 0007.e90a.75b2 to L2 session table *Feb 6 18:44:53.646: IPSUB: [uid:7] Added session to session table with access session keys *Feb 6 18:44:53.646: IPSUB: [uid:7] IP session(0x1B0005E0) on L2 interface to be associated to Gi0/2.33, mac 0007.e90a.75b2 *Feb 6 18:44:53.646: IPSUB: [uid:7] Inserted IP session(0x1B0005E0) to sessions-per-interface db with interface Gi0/2.33 *Feb 6 18:44:53.666: IPSUB: [uid:7] IP session context 0x12C0BB98 available to authorize *Feb 6 18:44:53.666: IPSUB-VRFSET: [uid:7] Entered allocate feature info *Feb 6 18:44:53.666: IPSUB-VRFSET: [uid:7] Allocated sg vrfset info 0x1EA52E48 *Feb 6 18:44:53.666: IPSUB-VRFSET: [uid:7] Freeing the sg vrfset info 0x1EA52E48 *Feb 6 18:44:53.670: IPSUB: [uid:7] IP session context 0x12C0BB98 available to authorize *Feb 6 18:44:53.670: IPSUB-VRFSET: [uid:7] Entered allocate feature info *Feb 6 18:44:53.670: IPSUB-VRFSET: [uid:7] Allocated sg vrfset info 0x1EA52E48 *Feb 6 18:44:53.670: IPSUB-VRFSET: [uid:7] Freeing the sg vrfset info 0x1EA52E48 *Feb 6 18:44:53.670: IPSUB: [uid:7] Recieved Message = connect local *Feb 6 18:44:53.670: IPSUB: [uid:7] Connect Local event for session *Feb 6 18:44:53.670: IPSUB: [uid:7] Event connect local, state changed from requesting to waiting *Feb 6 18:44:53.670: IPSUB: [uid:7] Inside processing IPSIP info *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Checking whether routes to be inserted/removed *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Context not present, creating context *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Entered the sg subrte context alloc *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Returning the sg subrte context 0x198428F0 *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Trying to remove Subscriber routes *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Entered the plane feature context free *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Freeing the sg subrte context 0x198428F0 *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Removed SG SUBRTE feature *Feb 6 18:44:53.670: IPSUB-ROUTE: [uid:7] Reqd keys are not available, postponing route insert *Feb 6 18:44:53.670: IPSUB: [uid:7] Keys not changed, seg needn't be updated *Feb 6 18:44:53.670: IPSUB: [uid:7] Key list to be created to update SM *Feb 6 18:44:53.670: IPSUB: [uid:7] Created key list to update SM *Feb 6 18:44:53.678: IPSUB: [uid:7] IP session context 0x12C0BB98 available to authorize *Feb 6 18:44:53.678: IPSUB-VRFSET: [uid:7] Entered allocate feature info *Feb 6 18:44:53.678: IPSUB-VRFSET: [uid:7] Allocated sg vrfset info 0x1EA52E48 *Feb 6 18:44:53.678: IPSUB-VRFSET: [uid:7] Freeing the sg vrfset info 0x1EA52E48 *Feb 6 18:44:53.678: IPSUB: [uid:7] IPSIP Parsing HostIP: 178.214.200.2 SubnetMask= 255.255.255.0 *Feb 6 18:44:53.678: IPSUB: [uid:7] Recieved Message = update SIP config *Feb 6 18:44:53.678: IPSUB: [uid:7] Config Update event for session *Feb 6 18:44:53.678: IPSUB: [uid:7] Event config update, state changed from waiting to waiting *Feb 6 18:44:53.678: IPSUB: [uid:7] Inside processing IPSIP info *Feb 6 18:44:53.678: IPSUB: [uid:7] Processing IPSIP info: 0x1832E3CC (APPLY) *Feb 6 18:44:53.678: IPSUB: [uid:7] Got IP address- IP:-178.214.200.2 *Feb 6 18:44:53.678: IPSUB: [uid:7] Set IP address- IP:-178.214.200.2 *Feb 6 18:44:53.678: IPSUB-VRFSET: [uid:7] Applying SG VRFSET info *Feb 6 18:44:53.678: IPSUB-VRFSET: [uid:7] DHCP Initiated session, no config, ignore *Feb 6 18:44:53.678: IPSUB-ROUTE: [uid:7] Checking whether routes to be inserted/removed *Feb 6 18:44:53.678: IPSUB-ROUTE: [uid:7] Context not present, creating context *Feb 6 18:44:53.678: IPSUB-ROUTE: [uid:7] Entered the sg subrte context alloc *Feb 6 18:44:53.678: IPSUB-ROUTE: [uid:7] Returning the sg subrte context 0x198428F0 *Feb 6 18:44:53.678: IPSUB-ROUTE: [uid:7] Installed ARP entry [DFL]: 178.214.200.2 *Feb 6 18:44:53.678: IPSUB-ROUTE: [uid:7] Both IP addresses and VRF are same, no need to add route *Feb 6 18:44:53.678: IPSUB: [uid:7] Found that seg to be updated with new session keys *Feb 6 18:44:53.678: IPSUB: [uid:7] Key list to be created to update SM *Feb 6 18:44:53.678: IPSUB: [uid:7] Update IP-Address-VRF key: 178.214.200.2:0 *Feb 6 18:44:53.678: IPSUB: [uid:7] Created key list to update SM *Feb 6 18:44:53.678: IPSUB: [uid:7] Found address change to be notified *Feb 6 18:44:53.678: IPSUB: [uid:7] Session Keys Available event for session *Feb 6 18:44:53.678: IPSUB: [uid:7] Event session keys available, state changed from waiting to provisioning *Feb 6 18:44:53.678: IPSUB: [uid:7] Added session 178.214.200.2 to L3 session table *Feb 6 18:44:53.678: IPSUB: [uid:7] Added session to session table with service session keys *Feb 6 18:44:53.686: IPSUB_DP: [uid:0] Setup event for session (session hdl 3170894932) *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] Added downstream entry into the classifier *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] VRF = DFL, IP = 178.214.200.2, MASK = 255.255.255.0 *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] Session setup successful *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] Event setup-session, state changed from intiated to established *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] Sent update msg to the control plane *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] Activate event for session *Feb 6 18:44:53.686: IPSUB_DP: [uid:7] Event activate-session, state changed from established to connected *Feb 6 18:44:53.686: IPSUB: [uid:7] Data plane prov successful event for session *Feb 6 18:44:53.686: IPSUB: [uid:7] Event dataplane prov successful, state changed from provisioning to connected *Feb 6 18:44:53.686: IPSUB: [uid:7] Notifying about address change: 178.214.200.2 *Feb 6 18:45:00.514: IPSUB_DP: [uid:0] Found mac entry 0007.e90a.75b2 -
Cisco ISG авторизирует пользователя, но не поднимает сессию
тему ответил в Minotaur пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
Даю: aaa new-model ! ! aaa group server radius ISG-RADIUS server-private 178.214.192.2 auth-port 1812 acct-port 1813 key 7 08344E580F120315 ip radius source-interface Loopback0 ! subscriber authorization enable ! aaa authentication login DHCP-BRAS group ISG-RADIUS aaa authorization network DHCP-BRAS group ISG-RADIUS aaa authorization subscriber-service default local ! ! class-map type traffic match-any cmt-Any-Traffic match access-group input name acl-Any match access-group output name acl-Any ! policy-map type service pms-1M class type traffic cmt-Any-Traffic police input 1000000 187500 375000 police output 1000000 187500 375000 ! policy-map type control DHCP-Subscriber class type control always event session-start 10 authorize aaa list DHCP-BRAS identifier remote-id plus circuit-id plus mac-address separator # ! class type control always event session-restart 10 authorize aaa list DHCP-BRAS identifier mac-address ! ! interface GigabitEthernet0/2.33 encapsulation dot1Q 33 ip dhcp relay information trusted ip address 178.214.200.1 255.255.255.0 ip helper-address 178.214.192.2 ip directed-broadcast arp timeout 60 service-policy type control DHCP-Subscriber ip subscriber l2-connected initiator dhcp class-aware Смотрим следующий дебаг: bras1-gdr.ki#show debugging Subscriber Service Switch/Policy rules: Subscriber Service Switch policy rules errors debugging is on Subscriber Service Switch policy rules events debugging is on Клиент отсылает DHCP DISCOVER и на ISG возникает ивент session-start: *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE: Looking for a rule for event session-start *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-start *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE: Matched "DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#cir" *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[0]: Start *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[0]: DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#circuit-id#ms *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[0]: Using author method AAA service *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[0]: Have key combo_keys *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[0]: Using key combo_keys *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[1]: Start *Feb 6 18:11:31.888: SSS PM [uid:983][12BB3658]: RULE[1]: DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#circuit-id#ms *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: VRF Parsing routine: keepalive "protocol ARP" service-type 5 [Outbound] ssg-account-info "Apms-1M" Т.е. радиус ответил Access-Accept'ом с тремя параметрами, включая имя сервиса. Дебаг продолжается: *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Looking for a rule for event service-start *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Evaluate "DHCP-Subscriber" for service-start *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Intf AccessIE Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Evaluate "DHCP-Subscriber" for service-start *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Intf InputI/f Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Evaluate "DHCP-Subscriber" for service-start *Feb 6 18:11:31.900: SSS PM [12BB34B8]: RULE: Glob: service-rule any: None *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[0]: Continue *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[0]: DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#circuit-id#ms *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[0]: Author finished *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[1]: Continue *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[1]: DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#circuit-id#ms *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[1]: TAL authorization succesful, stop *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[2]: Continue *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[2]: DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#circuit-id#ms *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[2]: Give default directive *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[3]: Continue *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE[3]: DHCP-Subscriber/always event session-start/10 authorize aaa list DHCP-BRAS identifier remote-id#circuit-id#ms *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Looking for a rule for event session-default-service *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-default-service *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Intf AccessIE Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-default-service *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Intf InputI/f Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-default-service *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Glob: service-rule any: None *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Looking for a rule for event session-service-found *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-service-found *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Intf AccessIE Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-service-found *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Intf InputI/f Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-service-found *Feb 6 18:11:31.900: SSS PM [uid:983][12BB3658]: RULE: Glob: service-rule any: None *Feb 6 18:11:31.904: SSS PM [uid:983][12BB34B8]: RULE: VRF Parsing routine: username "pms-1M" clid-mac-addr 00 07 E9 0A 75 B2 password <hidden> traffic-class "output access-group name acl-Any" traffic-class "input access-group name acl-Any" ssg-service-info "QU;1000000;187500;375000;D;1000000;187500;375000" *Feb 6 18:11:31.904: SSS PM [uid:983][12BB34B8]: RULE: VRF Check: session logging off or not VRF dependent Все. Сессии нет. Когда клиент пускает например один исходящий ICMP-пакет, дебаг едет дальше, стартуя с ивента session-restart: *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE: Looking for a rule for event session-restart *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-restart *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE: Matched "DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address" *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[0]: Start *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[0]: DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[0]: Using author method AAA service *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[0]: Have key combo_keys *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[0]: Using key combo_keys *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[1]: Start *Feb 6 18:18:18.678: SSS PM [uid:989][12BB3658]: RULE[1]: DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address *Feb 6 18:18:18.682: SSS PM [uid:989][12BB3658]: RULE: VRF Parsing routine: keepalive "protocol ARP" service-type 5 [Outbound] ssg-account-info "Apms-1M" *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Looking for a rule for event service-start *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Evaluate "DHCP-Subscriber" for service-start *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Intf AccessIE Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Evaluate "DHCP-Subscriber" for service-start *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Intf InputI/f Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Evaluate "DHCP-Subscriber" for service-start *Feb 6 18:18:18.682: SSS PM [12BB34B8]: RULE: Glob: service-rule any: None *Feb 6 18:18:18.682: SSS PM [uid:989][12BB3658]: RULE[0]: Continue *Feb 6 18:18:18.682: SSS PM [uid:989][12BB3658]: RULE[0]: DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address *Feb 6 18:18:18.682: SSS PM [uid:989][12BB3658]: RULE[0]: Author finished *Feb 6 18:18:18.682: SSS PM [uid:989][12BB3658]: RULE[1]: Continue *Feb 6 18:18:18.682: SSS PM [uid:989][12BB3658]: RULE[1]: DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE[1]: TAL authorization succesful, stop *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE[2]: Continue *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE[2]: DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE[2]: Give default directive *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE[3]: Continue *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE[3]: DHCP-Subscriber/always event session-restart/10 authorize aaa list DHCP-BRAS identifier mac-address *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Looking for a rule for event session-default-service *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-default-service *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Intf AccessIE Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-default-service *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Intf InputI/f Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-default-service *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Glob: service-rule any: None *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Looking for a rule for event session-service-found *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Intf CloneSrc Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-service-found *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Intf AccessIE Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-service-found *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Intf InputI/f Gi0/2.33: service-rule any: DHCP-Subscriber *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Evaluate "DHCP-Subscriber" for session-service-found *Feb 6 18:18:18.686: SSS PM [uid:989][12BB3658]: RULE: Glob: service-rule any: None *Feb 6 18:18:18.686: SSS PM [uid:989][12BB34B8]: RULE: VRF Parsing routine: username "pms-1M" clid-mac-addr 00 07 E9 0A 75 B2 password <hidden> traffic-class "output access-group name acl-Any" traffic-class "input access-group name acl-Any" ssg-service-info "QU;1000000;187500;375000;D;1000000;187500;375000" *Feb 6 18:18:18.690: SSS PM [uid:989][12BB34B8]: RULE: VRF Check: session logging off or not VRF dependent *Feb 6 18:18:18.698: SSS PM [uid:989][12BB3658]: RULE: VRF Parsing routine: clid-mac-addr 00 07 E9 0A 75 B2 addr 178.214.200.2 netmask 255.255.255.255 config-source-dpm True После этого сессия отлично поднимается. Я уже сломал мозг, но не могу понять чем отличается происходящее в session-start от происходящего в session-restart, и почему первый не поднимает сессию... -
Приветствую! Коллеги, кто-то сталкивался с таким поведением ISG? Сессия инициируется по DHCP Discover, срабатывает событие session-start, пользователь успешно авторизируется через Radius, Radius отдает имя сервиса...и сессия не поднимается. Поднимается она позже только после того, как от пользователя приедет первый пакет и вызовет ивент session-restart. Это поведение можно изменить? Спасибо.
-
ASR1004, ISG, BGBilling. L4Redirect, dns трафик
тему ответил в FessAectan пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
А как выставляются приоритеты сервисов? -
cisco AS 5300
тему ответил в Smin пользователя Minotaur в Активное оборудование Ethernet, IP, MPLS, SDN/NFV...
Для каждого направления лучше делать отдельный dial peer, нп. для направления "входящие звонки через E1": dial-peer voice 11 pots permission orig description Incoming from PSTN huntstop incoming called-number <тут pattern для допустимых входящих номеров> direct-inward-dial port 0:D Далее - term dial peer для отправления звонков в сторону VoIP-коробки: dial-peer voice 28106 voip description to Asterisk huntstop destination-pattern <тут pattern, аналогичный тому, что выше> voice-class codec 711 session protocol sipv2 session target sip-server dtmf-relay rtp-nte SIPv2 в примере меняете на тот протокол, который вам нужен.