Jump to content

BGBilling + ASR + опция Framed-Pool небольшие странности с радиусом

Доброго дня, друзья ! Пытаюсь ввести новый NAS в существующий BGBilling, в роли наса выступает Cisco ASR 1002 с софтом версии 15.4(3)S2 от января 2015. ASR сконфигурирован по образу и подобию существующих насов в сети

 

show run | i radius
aaa authentication login default local group radius
aaa authentication ppp default group radius
aaa authorization network default group radius 
aaa accounting network default start-stop group radius
aaa server radius dynamic-author
ip radius source-interface GigabitEthernet0/0/3.4090 
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req 
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format unformatted 
radius-server host %адрес_радиуса% auth-port 1812 acct-port 1813 key cisco
radius-server retransmit 5
radius-server timeout 2
radius-server deadtime 1
radius-server authorization default Framed-Protocol ppp
radius-server vsa send cisco-nas-port


show run | i aaa
aaa new-model
aaa authentication login default local group radius
aaa authentication ppp default group radius
aaa authorization exec default local 
aaa authorization network default group radius 
aaa accounting delay-start all
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
aaa server radius dynamic-author
aaa session-id common
aaa policy interface-config allow-subinterface

Адрес, с которого начинается PPPoE

interface GigabitEthernet0/0/0.996
description # to dlink 3620 172.17.0.4 port#7
encapsulation dot1Q 996
no ip redirects
pppoe enable group global

Группа PPPoE

bba-group pppoe global
virtual-template 1
sessions max limit 1000
sessions per-mac limit 1
sessions per-vlan limit 500

 

И куда ж без него

 

interface Virtual-Template1
mtu 1492
ip unnumbered Loopback1
no ip redirects
no ip proxy-arp
no logging event link-status
load-interval 60
no peer default ip address
ppp authentication pap

 

 

 

А также, есть конфигурация этого нового NASa в BGBilling`e

 

#Для автозакрытия соединений "висящих" более часа при наличии активных соединений на этом же NASе
drop.sleep.timeout=7200
#числовые коды услуг времени, трафика входящего и исходящего
nas.port_time.default.*=526
#nas.port_traffic.default.*=520:RADIN;522:RADIN;524:RADIN;521:RADOUT;523:RADOUT;525:RADOUT
nas.port_traffic.default.*=520:COLLECTOR;521:COLLECTOR;522:COLLECTOR;523:COLLECTOR;524:COLLECTOR;525:COLLECTOR;526:COLLECTOR;527:COLLECTOR
#разрешение активировать все типы карточек на этом NASе
card.activate.service=0
#поддержка CallBack (1-включите)
callback.support=0
#принудительный разрыв соединений на границе месяца
#month.break=0
#интервал между посылками на проверку либо сброс соедиенения
nas.inspector.sleep_time=60
#максимальное число попыток сброса соединения
nas.inspector.kill.max_messages=5
#порт приема для netflow потока
#номер порта
collector.capture.flow.port.1=2007
#тип слушателя - netflow
collector.capture.flow.port.1.type=netflow

netflow.receive.from=%адрес_наса%
#
ipn.module.id=37
ipn.source.id=4
nas.inspector.class=bitel.billing.server.processor.ISGNasConnectionInspector
nas.inspector.radius.attributes=Acct-Session-Id;User-Name
nas.inspector.pod.fixed.attributes=Cisco-AVPair=subscriber:command=account-logoff
nas.inspector.class=bitel.billing.server.processor.PoDNASConnectionInspector 
nas.inspector.pod.host=%адрес_наса%
nas.inspector.pod.port=1700 
nas.inspector.pod.secret=2456 
#перечисление атрибутов, необходимых в PoD пакете, если пустое - высылаются все атрибуты 
#nas.inspector.pod.attributes=User-Name;Framed-IP-Address;NAS-Identifier;Calling-Station-Id
nas.inspector.pod.attributes=Acct-Session-Id
radius.attributes=Service-Type;Framed-Protocol;Framed-IP-Address;Framed-IP-Netmask;Framed-Routing;Filter-Id;Framed-MTU;Framed-Compression;Login-IP-Host;Login-Service;Login-TCP-Port;Old-Password;Reply-Message;Callback-Number;Callback-Id;Expiration;Framed-Route;Framed-IPX-Network;State;Class;Session-Timeout;Idle-Timeout;Termination-Action;NAS-Identifier;Proxy-State;Framed-Pool;Cisco-Service-Info;cisco-avpair;cisco-SSG-Service-Info;Cisco-SSG-Account-Info;Acct-Status-Type
nas.pools.pool_500=1.1.1.1-1.1.1.254
attrset.32.title=SIMPLE
attrset.32.attributes=Framed-Pool=pool_500;Framed-IP-Address;Service-Type=Framed-User;Framed-Protocol=PPP

 

Теперь опишу проблему: если в тарифе присутствует Framed-Pool=pool_500, который описан выше как nas.pools.pool_500=1.1.1.1-1.1.1.254, то клиент получит ошибку 720. Если же убрать эту опцию, то клиент успешно авторизуется и ему назначится адрес из pools.global=10.100.100.0-10.100.255.255, который описан в глобальном конфиге модуля Dial-Up. В логах Cisco ASR в это время происходит следующее:

 

 

 


[i]  AAA Authentication debugging is on
 AAA Authorization debugging is on
 AAA Accounting debugging is on
 Radius protocol debugging is on
 Radius packet protocol debugging is on[/i]


May 26 12:50:03.698: AAA/BIND(00000022): Bind i/f Virtual-Template1 
May 26 12:50:03.698: AAA/ACCT/CLIENT(00000022): recv 1000000000bps xmit 1000000000bps
May 26 12:50:03.698: AAA/ACCT/HC(00000022): Register PPPoE/9700003D 64 bit counter support not configured
May 26 12:50:03.698: AAA/ACCT/HC(00000022): Update PPPoE/9700003D 
May 26 12:50:03.698: AAA/ACCT/HC(00000022): no HC PPPoE/9700003D 
May 26 12:50:03.698: AAA/ACCT/EVENT/(00000022): CALL START
May 26 12:50:03.698: Getting session id for NET(00000022) : db=435A052C
May 26 12:50:03.698: AAA/ACCT(00000000): add node, session 24
May 26 12:50:03.698: AAA/ACCT/NET(00000022): add, count 1
May 26 12:50:03.698: AAA/ACCT/NET(00000022): Pick method list 'default'
May 26 12:50:03.698: AAA/ACCT/SETMLIST(00000022): Handle 0, mlist 423C3F68, Name default
May 26 12:50:03.698: AAA/ACCT/EVENT/(00000022): ATTR REPLACE
May 26 12:50:03.698: AAA/ACCT(00000022): Accounting response status = FAILURE
May 26 12:50:03.698: AAA/ACCT(00000022): Send NEWINFO accounting notification to EM successfully
May 26 12:50:03.698: AAA/ACCT/EVENT/(00000022): ATTR REPLACE
May 26 12:50:03.698: AAA/ACCT/EVENT/(00000022): ATTR REPLACE
May 26 12:50:03.712: AAA/AUTHEN/PPP (00000022): Pick method list 'default' 
May 26 12:50:03.712: RADIUS/ENCODE(00000022):Orig. component type = PPPoE
May 26 12:50:03.712: RADIUS: DSL line rate attributes successfully added
May 26 12:50:03.712: RADIUS: Format E value 0x18 for character U with bitmask 0xFFFFFFFF
May 26 12:50:03.712: RADIUS: Format E port 0x18 with bit 32 processed
May 26 12:50:03.712: RADIUS(00000022): Config NAS IP: адрес_наса
May 26 12:50:03.712: RADIUS(00000022): Config NAS IPv6: ::
May 26 12:50:03.712: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
May 26 12:50:03.712: Getting session id for NET(00000022) : db=435A052C
May 26 12:50:03.712: RADIUS/ENCODE(00000022): acct_session_id: 24
May 26 12:50:03.712: RADIUS(00000022): Config NAS IP: адрес_наса
May 26 12:50:03.712: RADIUS(00000022): sending
May 26 12:50:03.713: RADIUS(00000022): Send Access-Request to адрес_радиуса:1812 id 1645/21, len 162
May 26 12:50:03.713: RADIUS:  authenticator 42 91 C2 38 FD C9 51 EA - DC D2 E9 07 CC EA 74 E9
May 26 12:50:03.713: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
May 26 12:50:03.713: RADIUS:  User-Name           [1]   7   "artem"
May 26 12:50:03.713: RADIUS:  User-Password       [2]   18  *
May 26 12:50:03.713: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
May 26 12:50:03.713: RADIUS:  Vendor, Cisco       [26]  17  
May 26 12:50:03.713: RADIUS:   cisco-nas-port     [2]   11  "0/0/0/996"
May 26 12:50:03.713: RADIUS:  NAS-Port            [5]   6   24                        
May 26 12:50:03.713: RADIUS:  NAS-Port-Id         [87]  11  "0/0/0/996"
May 26 12:50:03.713: RADIUS:  Vendor, Cisco       [26]  41  
May 26 12:50:03.713: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=ecf4.bb75.77fb"
May 26 12:50:03.713: RADIUS:  Service-Type        [6]   6   Framed                    [2]
May 26 12:50:03.713: RADIUS:  NAS-IP-Address      [4]   6   адрес_наса              
May 26 12:50:03.713: RADIUS:  Nas-Identifier      [32]  18  "bras"
May 26 12:50:03.713: RADIUS(00000022): Sending a IPv4 Radius Packet
May 26 12:50:03.713: RADIUS(00000022): Started 30 sec timeout
May 26 12:50:03.776: RADIUS: Received from id 1645/21 адрес_радиуса:1812, Access-Accept, len 54
May 26 12:50:03.776: RADIUS:  authenticator 4D 29 CD AD D7 30 C6 09 - E0 B2 87 EB ED 07 20 5D
May 26 12:50:03.776: RADIUS:  Service-Type        [6]   6   Framed                    [2]
May 26 12:50:03.776: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
May 26 12:50:03.776: RADIUS:  Framed-IP-Address   [8]   6   1.1.1.139            
May 26 12:50:03.777: RADIUS:  Session-Timeout     [27]  6   475915                    
May 26 12:50:03.777: RADIUS:  Framed-IP-Pool      [88]  10  "pool_500"
May 26 12:50:03.777: RADIUS(00000022): Received from id 1645/21
May 26 12:50:03.794: AAA/BIND(00000022): Bind i/f Virtual-Access2.1 
May 26 12:50:03.795: AAA/ACCT/NET(00000022): Pick method list 'default'
May 26 12:50:03.795: AAA/ACCT/SETMLIST(00000022): Handle 0, mlist 423C3F68, Name default
May 26 12:50:03.795: AAA/ACCT/EVENT/(00000022): NET UP
May 26 12:50:03.795: AAA/ACCT/CLIENT(00000022): recv 1000000000bps xmit 1000000000bps
May 26 12:50:03.795: AAA/ACCT/HC(00000022): Update PPPoE/9700003D 
May 26 12:50:03.795: AAA/ACCT/HC(00000022): no HC PPPoE/9700003D 
May 26 12:50:03.800: AAA/ACCT/NET(00000022): Pick method list 'default'
May 26 12:50:03.800: AAA/ACCT/SETMLIST(00000022): Handle 0, mlist 423C3F68, Name default
May 26 12:50:03.800: AAA/ACCT/EVENT/(00000022): NET DOWN
May 26 12:50:03.801: AAA/ACCT/CLIENT(00000022): recv 1000000000bps xmit 1000000000bps
May 26 12:50:03.801: AAA/ACCT/HC(00000022): Update PPPoE/9700003D 
May 26 12:50:03.801: AAA/ACCT/HC(00000022): no HC PPPoE/9700003D 
May 26 12:50:03.801: AAA/ACCT/NET(00000022): Accounting record not sent
May 26 12:50:03.801: AAA/ACCT(00000022): del node, session 24
May 26 12:50:03.801: AAA/ACCT/NET(00000022): free_rec, count 0
May 26 12:50:03.801: /AAA/ACCTNET(00000022) reccnt 0, csr FALSE, osr 0
May 26 12:50:03.804: AAA/ACCT/EVENT/(00000022): NET DOWN
May 26 12:50:03.805: AAA/ACCT/EVENT/(00000022): CALL STOP
May 26 12:50:03.805: AAA/ACCT(00000022) reccnt 0, osr 0
May 26 12:50:03.820: RADIUS: Removing all radius source-int. pointing to Virtual-Access2.1

 

Форум и саппорт BGB меня пока бреет, а на НАГе есть много умных парней, я уверен, что коллективный разум укажет мне на ошибку.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.