alexaaa Posted March 14, 2016 Настроена ASR1002-X в качестве NAS PPPoE PPPoE подключается работает, Radius атребуты скорости передаем с биллинга, проблема заключается в частом пропадании пингов в интернет через PPPoE и не правильной нарезки скорости, перепробывали куча вариантов, у кого такая железка используется под PPPoE, стоит такой IOS asr1002x-universalk9.03.14.00.S.155-1.S-std.SPA.bin и в чём разница между std.SPA.bin и ext.SPA.bin Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
ShyLion Posted March 15, 2016 До шлюза есть потери? Пробовали без ограничения скорости? С самого роутера до инета есть потери? Где конфиг, Карл? Для информации: asr1002x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin 800 абонентов PPPoE с CGNAT, полет нормальный. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
alexaaa Posted March 15, 2016 (edited) Проверили ошибки на портах, заменили SFP, пачкорды сменили ios на asr1002x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin проблема пропадания пингов через pppoe осталась показания с ASR ASR-BRS-01#sh interface TenGigabitEthernet0/1/0 TenGigabitEthernet0/1/0 is up, line protocol is up Hardware is SPA-1X10GE-L-V2, address is a46c.2aa5.d810 (bia a46c.2aa5.d810) MTU 1500 bytes, BW 10000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set Keepalive not supported Full Duplex, 10000Mbps, link type is force-up, media type is 10GBase-LR output flow-control is on, input flow-control is on ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 30 second input rate 405000 bits/sec, 253 packets/sec 30 second output rate 5000 bits/sec, 6 packets/sec 3750074 packets input, 2453174445 bytes, 0 no buffer Received 467530 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 2 input errors, 0 CRC, 2 frame, 0 overrun, 0 ignored 0 watchdog, 529405 multicast, 0 pause input 729768 packets output, 659445972 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 442 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out ASR-BRS-01#sh hw-module subslot 0/1 transceiver 0 status The Transceiver in slot 0 subslot 1 port 0 is enabled. Module temperature = 32.796 C Transceiver Tx bias current = 26396 uAmps Transceiver Tx power = -1.8 dBm Transceiver Rx optical power = -3.1 dBm interface TenGigabitEthernet0/1/0.3322 encapsulation dot1Q 3322 pppoe enable group global ! interface TenGigabitEthernet0/1/0.4220 encapsulation dot1Q 4220 ip address x.x.x.x 255.255.255.192 Показания с коммутатора QSW-8300-52F#sh interface ethernet1/0/52 Interface brief: Ethernet1/0/52 is up, line protocol is up Ethernet1/0/52 is layer 2 port, alias name is (null), index is 52 Hardware is SFP+, address is 00-1f-ce-5e-ed-3b PVID is 1 MTU 1500 bytes, BW 10000000 Kbit Time since last status change:0w-0d-1h-31m-13s (5473 seconds) Encapsulation ARPA, Loopback not set Auto-duplex: Negotiation full-duplex, Auto-speed: Negotiation 10G bits FlowControl is off, MDI type is auto Transceiver info: SFP+ found in this port, manufactured by OEM, on May 29 2014. Type is 10GBASE-LR. Serial number is SE5T630125. Link length is 10000 m for Single Mode Fiber. Nominal bit rate is 10300 Mb/s. Laser wavelength is 1310 nm. Statistics: 5 minute input rate 7965 bits/sec, 7 packets/sec 5 minute output rate 481084 bits/sec, 265 packets/sec The last 5 second input rate 37022 bits/sec, 20 packets/sec The last 5 second output rate 489912 bits/sec, 257 packets/sec Input packets statistics: 14784567 input packets, 13778800248 bytes, 0 no buffer 14744061 unicast packets, 3409 multicast packets, 10 broadcast packets 0 input errors, 0 CRC, 0 frame alignment, 0 overrun, 0 ignored, 0 abort, 0 length error, 37087 pause frame Output packets statistics: 19455005 output packets, 17106790949 bytes, 0 underruns 17898952 unicast packets, 820834 multicast packets, 735219 broadcast packets 0 output errors, 0 collisions, 0 late collisions, 0 pause frame QSW-8300-52F#sh transceive interface ethernet1/0/52 Interface Temp(--) Voltage(V) Bias(mA) RX Power(dBM) TX Power(dBM) --------- -------- ---------- -------- ------------- ------------- 1/0/52 40 3.16 36.21 -1.50 -1.01 Interface Ethernet1/0/52 switchport mode trunk switchport trunk allowed vlan 3322;4220 Edited March 15, 2016 by alexaaa Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
alexaaa Posted March 15, 2016 У кого реализована работа ASR + UTM5 как реализовать шейпинг скорости тарифов через radius без использования правил policy-map Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
s.lobanov Posted March 15, 2016 alexaaa Привязать радиус-аттрибут к сервису тарифа, содержащий скорость или название политики. Примеры аттрибутов http://monsterdark.com/asr-1000-parameterized-qos/ Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
alexaaa Posted March 16, 2016 Неправильно режеться скорость Атрибуты с radius передаём QU;1024000;512000;D;1024000;512000 version 15.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption no platform punt-keepalive disable-kernel-core platform hardware throughput level 36000000 ! hostname ASR-BRS-01 ! boot-start-marker boot system flash bootflash:asr1002x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! aaa new-model ! ! aaa group server radius ISG-PPPoE server name UTM ip radius source-interface GigabitEthernet0 ! aaa group server radius ACC-PPPoE server name UTM ip radius source-interface GigabitEthernet0 ! aaa group server radius ISG-PROFILES server name UTM ip radius source-interface GigabitEthernet0 ! aaa authentication login default local aaa authentication enable default none aaa authentication ppp PPPoE group ISG-PPPoE aaa authorization exec default local aaa authorization network PPPoE group ISG-PPPoE aaa authorization subscriber-service default group ISG-PROFILES aaa authorization subscriber-service PPPoE group ISG-PROFILES aaa accounting update periodic 1800 aaa accounting network PPPoE start-stop group ACC-PPPoE ! ! ! ! aaa server radius dynamic-author client 192.168.1.4 server-key 7 121A0C041104020539 auth-type all ignore session-key ignore server-key ! aaa session-id common aaa policy interface-config allow-subinterface ppp packet throttle 30 1 10 clock timezone YEKT 5 0 ! ! no ip domain lookup ip name-server my.ru ip name-server 77.88.8.8 ! ! subscriber templating ! multilink bundle-name authenticated ! ! license udi pid ASR1002-X sn JAE191405WR license boot level advipservices spanning-tree extend system-id ! username root privilege 15 secret 5 $1$ewBn$NKRLNs ! redundancy mode none ! ! ! ip telnet source-interface GigabitEthernet0 ip tftp source-interface GigabitEthernet0 ip ssh time-out 60 ip ssh source-interface GigabitEthernet0 ip ssh rsa keypair-name ASR-BRS-01.my.ru ip ssh version 2 ! ! ! ! bba-group pppoe global virtual-template 1 sessions max limit 10000 ac name ASR-BRS-01 sessions per-mac limit 2 sessions auto cleanup ! ! interface Loopback100 ip address 172.30.0.1 255.255.255.255 ! interface GigabitEthernet0/0/0 no ip address negotiation auto ! interface GigabitEthernet0/0/1 no ip address negotiation auto ! interface GigabitEthernet0/0/2 no ip address negotiation auto ! interface GigabitEthernet0/0/3 no ip address negotiation auto ! interface GigabitEthernet0/0/4 no ip address negotiation auto ! interface GigabitEthernet0/0/5 no ip address negotiation auto ! interface TenGigabitEthernet0/1/0 no ip address load-interval 30 ! interface TenGigabitEthernet0/1/0.3350 encapsulation dot1Q 3350 pppoe enable group global ! interface TenGigabitEthernet0/1/0.4220 encapsulation dot1Q 4220 ip address 195.xx.xx.x 255.255.255.192 ! interface GigabitEthernet0 vrf forwarding Mgmt-intf ip address 192.168.1.103 255.255.255.0 negotiation auto ! interface Virtual-Template1 mtu 1492 ip unnumbered Loopback100 ip tcp adjust-mss 1452 no peer default ip address ppp authentication chap PPPoE ppp authorization PPPoE ppp accounting PPPoE ppp ipcp dns 77.88.8.8 ! router ospf 65000 router-id 195.xx.xx.x redistribute connected subnets redistribute static subnets passive-interface default no passive-interface TenGigabitEthernet0/1/0.4220 network 195.xx.xx.x 0.0.0.63 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 195.xx.xx.x ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 192.168.1.1 ! ip access-list standard MGMT permit 192.168.0.0 0.0.255.255 permit 172.0.0.0 0.15.255.255 permit 10.0.0.0 0.255.255.255 permit 195.0.0.0 0.0.3.255 ! ip access-list extended one permit ip any any ! ! snmp-server community public RO MGMT snmp ifmib ifindex persist ! ! radius-server attribute 44 include-in-access-req all no radius-server attribute 77 include-in-acct-req no radius-server attribute 77 include-in-access-req radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server attribute 30 original-called-number radius-server attribute nas-port format d radius-server attribute 61 extended radius-server attribute 31 mac format ietf radius-server attribute 31 send nas-port-detail mac-only radius-server attribute 31 remote-id radius-server attribute nas-port-id include circuit-id plus remote-id plus vendor-class-id radius-server vsa send cisco-nas-port ! radius server UTM address ipv4 192.168.1.4 auth-port 1812 acct-port 1813 key 7 05080F1C224340080A ! ! control-plane ! ! ! line con 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class MGMT in vrf-also exec-timeout 60 0 logging synchronous transport input ssh line vty 5 15 transport input none ! ntp server 31.28.161.68 ! ! end Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
ShyLion Posted March 17, 2016 (edited) Проверили ошибки на портах, заменили SFP, пачкорды сменили ios на asr1002x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin проблема пропадания пингов через pppoe осталась Без шейпинга есть проблема или нет? Атрибуты с radius передаём QU;1024000;512000;D;1024000;512000 Передавайте просто: QU;1024000;D;1024000 Edited March 17, 2016 by ShyLion Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
alexaaa Posted March 17, 2016 как сбросить (убить) сессию pppoe в консоле? Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
ShyLion Posted March 18, 2016 как сбросить (убить) сессию pppoe в консоле? asr-1002x-621#clear subscriber session ? all All the Subscriber service sessions identifier Specify the identifier to match against uid Based on Unique ID username Based on username Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
