Jump to content
Калькуляторы

Настройка ISG subscriber accounting

Добрый день.

Прошу Вашей помощи в настройки ISG ASR 1002X.

Необходимо настроить accounting subscribers session и отослать их на RADIUS server с идентификатором пользователя.

Может был у кого опыт в настройке подобной конфигурации...

Заранее Благодарю за помощь.

 

 

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname WAG_ASR1002X
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
aaa new-model
!
!
aaa group server radius SERVER_GROUP1
server name RAD1
!
aaa authentication login IP_AUTHEN_LIST group SERVER_GROUP1
aaa authorization network default group SERVER_GROUP1 local 
aaa authorization network AUTHOR_LIST group SERVER_GROUP1 local 
aaa authorization subscriber-service default local group SERVER_GROUP1 
aaa accounting include auth-profile framed-ip-address
aaa accounting network IP_SESSION start-stop group SERVER_GROUP1
aaa accounting system default start-stop group radius
!
aaa nas port extended
aaa server radius sesm
client 10.245.1.6 key 
message-authenticator ignore
!
!
!
!
aaa session-id common
clock calendar-valid
!
!

no ip dhcp use vrf connected
ip dhcp excluded-address 172.28.0.254
!
ip dhcp pool WIFI_users
network 172.28.0.0 255.255.255.0
default-router 172.28.0.254 
dns-server 8.8.8.8 
!
!
!
subscriber feature prepaid IP_SESSION
threshold time 0 seconds
threshold volume 0 bytes
method-list author default
method-list accounting IP_SESSION

!
subscriber service session-accounting
subscriber templating
subscriber authorization enable
subscriber accounting ssg
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
mode none
redirect server-group ISG_GROUP
server ip 10.245.1.6 port 80
!
!
!
!
ip tftp source-interface GigabitEthernet0

class-map type traffic match-any ISG_OPENGARDEN
match access-group output name ACL_OUT_OPENGARDEN
match access-group input name ACL_IN_OPENGARDEN
!
class-map type traffic match-any L4REDIRECT
match access-group input name ACL_IN_L4REDIRECT
!
class-map type control match-all IP_UNAUTH_COND
match timer IP_UNAUTH_TIMER 
match authen-status unauthenticated 
!
policy-map type service L4REDIRECT_SERVICE
10 class type traffic L4REDIRECT
 redirect to group ISG_GROUP
!
class type traffic default input
 drop
!
!
policy-map type service OPENGARDEN_SERVICE
20 class type traffic ISG_OPENGARDEN
!
!
policy-map type service PBHK_SERVICE
ip portbundle
!


policy-map type control TAL
class type control IP_UNAUTH_COND event timed-policy-expiry
 10 service disconnect
!
class type control always event session-start
 20 service-policy type service name L4REDIRECT_SERVICE
 25 service-policy type service name OPENGARDEN_SERVICE
 30 set-timer IP_UNAUTH_TIMER 10
!
class type control always event account-logon
 10 authenticate aaa list IP_AUTHEN_LIST 
 20 service-policy type service unapply name L4REDIRECT_SERVICE
 30 service-policy type service unapply name L4REDIRECT_SERVICE
!
!         
!
! 
!

!
interface GigabitEthernet0/0/1.3901
encapsulation dot1Q 3901
ip address 172.28.0.254 255.255.255.0
service-policy type control TAL
ip subscriber routed
 initiator unclassified ip-address
!
!
ip access-list extended ACL_1_ACCESS_TO_WIX_IN
permit ip any host 10.245.4.6
permit ip any host 8.8.8.8
permit ip any host 10.245.1.6
deny   icmp any any echo
permit icmp any any
deny   ip any any
ip access-list extended ACL_1_ACCESS_TO_WIX_OUT
permit ip any any
ip access-list extended ACL_1_REDIRECT_PORTAL_IN
permit tcp any any eq www
permit tcp any any eq 3128
permit tcp any any eq 443
deny   icmp any any echo
permit icmp any any
ip access-list extended ACL_1_REDIRECT_PORTAL_OUT
permit ip any any
ip access-list extended ACL_IN_L4REDIRECT
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended ACL_IN_OPENGARDEN
permit ip any host 8.8.8.8
permit ip host 8.8.8.8 any
ip access-list extended ACL_IN_SERVICE_INTERNET
permit ip any any
ip access-list extended ACL_OUT_OPENGARDEN
permit ip host 8.8.8.8 any
permit ip any host 8.8.8.8
ip access-list extended ACL_OUT_SERVICE_INTERNET
permit ip any any
ip access-list extended test
permit ip any any log-input
!
ip radius source-interface GigabitEthernet0/0/1.3721 
!
!
!
radius-server attribute 44 include-in-access-req all
radius-server attribute 188 format non-standard
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req 
radius-server attribute 32 include-in-accounting-req 
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute nas-port format d
radius-server attribute 61 extended
radius-server attribute 31 mac format ietf 
radius-server attribute 31 send nas-port-detail mac-only
radius-server dead-criteria tries 3
radius-server host 10.245.1.6 auth-port 1812 acct-port 1813 key 
radius-server retransmit 5
radius-server timeout 10
radius-server deadtime 15
radius-server directed-request
radius-server domain-stripping
radius-server key 
!
radius server RAD1
address ipv4 10.245.0.10 auth-port 1822 acct-port 1823

Share this post


Link to post
Share on other sites

разместите эту тему в другом разделе где железо

Share this post


Link to post
Share on other sites

Если речь идет об этом разделе ( Технические вопросы кабельных сетей (Ethernet, IP, MPLS, SDH/PDH))

 

То я считаю что теме более уместно быть сдесь так как к сетям как таковым данный вопрос отношения не имеет. а касается RADIUS протокола.

 

Если есть еще какой то раздел дайте сылку пожалуйста, я не нашел...

 

Я тут новичек.... :)

Share this post


Link to post
Share on other sites

Если речь идет об этом разделе ( Технические вопросы кабельных сетей (Ethernet, IP, MPLS, SDH/PDH))

 

То я считаю что теме более уместно быть сдесь так как к сетям как таковым данный вопрос отношения не имеет. а касается RADIUS протокола.

 

Если есть еще какой то раздел дайте сылку пожалуйста, я не нашел...

 

Я тут новичек.... :)

Уже сказали - ошибся разделом.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this