Andrey75 Posted May 13, 2016 Posted May 13, 2016 помогите с редиректом при не авторизованном абоненте конфиг redirect server-group RSG_NEGBAL_REDIRECT server ip 10.1.0.2 port 442 ! redirect server-group RSG_BLOCKED_REDIRECT server ip 10.1.0.2 port 444 ! redirect server-group RSG_RADIUS_REDIRECT server ip 10.1.0.2 port 440 ! ! ! ip ssh version 1 class-map type traffic match-any CLS_RADIUS_REDIRECT match access-group input name ACL_RADIUS_REDIRECT ! class-map type traffic match-any CLS_ACCEPT match access-group input name ACL_NEGBAL_TRUSTED match access-group output name ACL_NEGBAL_TRUSTED ! class-map type traffic match-any CLS_NEGBAL_TRUSTED match access-group input name ACL_NEGBAL_TRUSTED match access-group output name ACL_NEGBAL_TRUSTED ! class-map type traffic match-any CLS_NEGBAL_REDIRECT match access-group input name ACL_NEGBAL_REDIRECT ! class-map type traffic match-any CLS_NOSHAPE match access-group output name ACL_NOSHAPE match access-group input name ACL_NOSHAPE ! class-map type traffic match-any CLS_BLOCKED_TRUSTED match access-group input name ACL_BLOCKED_TRUSTED match access-group output name ACL_BLOCKED_TRUSTED ! class-map type traffic match-any CLS_BLOCKED_REDIRECT match access-group input name ACL_BLOCKED_REDIRECT ! class-map type control match-all CTRL_TIMER_UNAUTH match authen-status unauthenticated match timer TIMER_UNAUTH ! class-map type control match-all CTRL_TIMER_AUTH match authen-status authenticated match timer TIMER_AUTH ! ! policy-map type service FWPOL_ACCEPT service local class type traffic CLS_ACCEPT ! ! policy-map type service FWPOL_NEGBAL_TRUSTED service local class type traffic CLS_NEGBAL_TRUSTED ! ! policy-map type service FWPOL_NEGBAL_REDIRECT service local class type traffic CLS_NEGBAL_REDIRECT redirect to group RSG_NEGBAL_REDIRECT ! class type traffic default in-out drop ! ! policy-map type service FWPOL_BLOCKED_TRUSTED service local class type traffic CLS_BLOCKED_TRUSTED ! ! policy-map type service FWPOL_BLOCKED_REDIRECT service local class type traffic CLS_BLOCKED_REDIRECT redirect to group RSG_BLOCKED_REDIRECT ! class type traffic default in-out drop ! ! policy-map type service FWPOL_DEFAULT service local 10 class type traffic CLS_ACCEPT police input 512000 police output 512000 ! ! policy-map type service FWPOL_NOSHAPE class type traffic CLS_NOSHAPE police input 90000000 police output 90000000 ! ! policy-map type service FWPOL_RADIUS_REDIRECT service local class type traffic CLS_RADIUS_REDIRECT redirect to group RSG_RADIUS_REDIRECT ! ! policy-map type control CTRL_IPOE class type control always event timed-policy-expiry 1 service disconnect ! class type control always event account-logoff 1 service disconnect ! class type control always event radius-timeout 10 set-timer TIMER_UNAUTH 10 20 service-policy type service name FWPOL_DEFAULT ! class type control always event session-start 10 authorize aaa list AAA_LIST_IPOE password adminIPoE identifier source-ip-address 20 set-timer TIMER_UNAUTH 1 30 service-policy type service name FWPOL_ACCEPT 40 service-policy type service name FWPOL_NEGBAL_TRUSTED 50 service-policy type service name FWPOL_NEGBAL_REDIRECT 60 service-policy type service name FWPOL_BLOCKED_TRUSTED 70 service-policy type service name FWPOL_BLOCKED_REDIRECT 80 service-policy type service name FWPOL_RADIUS_REDIRECT ! class type control always event session-restart 10 authorize aaa list AAA_LIST_IPOE password adminIPoE identifier source-ip-address 20 set-timer TIMER_UNAUTH 1 30 service-policy type service name FWPOL_ACCEPT 40 service-policy type service name FWPOL_NEGBAL_TRUSTED 50 service-policy type service name FWPOL_NEGBAL_REDIRECT 60 service-policy type service name FWPOL_BLOCKED_TRUSTED 70 service-policy type service name FWPOL_BLOCKED_REDIRECT 80 service-policy type service name FWPOL_RADIUS_REDIRECT ! ! ip access-list extended ACL_ACCEPT permit ip any any ip access-list extended ACL_BLOCKED_REDIRECT deny ip any host 10.1.0.2 deny ip host 10.1.0.2 any permit tcp any any eq www deny ip any any ip access-list extended ACL_BLOCKED_TRUSTED permit udp any any eq domain permit ip any host 10.1.0.2 permit ip host 10.1.0.2 any ip access-list extended ACL_NAT permit ip any 10.1.10.0 0.0.0.255 permit ip 10.1.10.0 0.0.0.255 any ip access-list extended ACL_NEGBAL_REDIRECT deny ip any host 10.1.0.2 deny ip host 10.1.0.2 any permit tcp any any eq www deny ip any any ip access-list extended ACL_NEGBAL_TRUSTED permit udp any any eq domain permit ip any host 10.1.0.2 permit ip host 10.1.0.2 any ip access-list extended ACL_NOSHAPE permit ip any host 10.1.0.2 permit ip host 10.1.0.2 any ip access-list extended ACL_RADIUS_REDIRECT deny ip any host 10.1.0.2 deny ip host 10.1.0.2 any permit tcp any any eq www deny ip any any ip access-list extended WIFIGainy permit ip any any где у меня ошибка? ПОМОГИТЕ! KharinoIPoE#show subscriber session Codes: Lterm - Local Term, Fwd - forwarded, unauth - unathenticated, authen - authenticated, TC Ct. - Number of Traffic Classes on the main session Current Subscriber Information: Total sessions 47 Uniq ID Interface State Service Up-time TC Ct. Identifier 46 IP authen Lterm 3d00h 2 10.1.10.52 988 IP authen Lterm 3d00h 2 10.1.10.106 312 IP unauthen Attempting 00:00:00 0 172.24.7.202 1031 IP authen Lterm 2d23h 2 10.1.10.64 1040 IP authen Lterm 1d00h 2 172.24.0.77 998 IP authen Lterm 1d00h 2 10.1.10.130 764 IP authen Lterm 1d21h 2 172.24.0.73 733 IP authen Lterm 1d21h 2 10.1.10.49 749 IP authen Lterm 1d21h 2 10.1.10.20 10 IP authen Lterm 2d05h 2 10.1.10.61 305 IP unauthen Lterm 22:33:30 2 172.24.7.200 303 IP unauthen Lterm 23:29:50 0 172.24.7.201 1038 IP authen Lterm 2d09h 2 10.1.10.34 1036 IP authen Lterm 2d11h 2 10.1.10.109 996 IP authen Lterm 2d10h 2 10.1.10.103 1034 IP authen Lterm 2d20h 2 10.1.10.85 991 IP authen Lterm 2d21h 2 10.1.10.82 956 IP authen Lterm 2d12h 2 10.1.10.58 1032 IP authen Lterm 2d22h 2 10.1.10.16 473 IP authen Lterm 2d22h 2 10.1.10.115 835 IP authen Lterm 3d00h 2 172.24.0.69 816 IP authen Lterm 3d00h 2 10.1.10.94 825 IP authen Lterm 3d00h 2 10.1.10.19 831 IP authen Lterm 3d01h 2 10.1.10.5 826 IP authen Lterm 3d00h 2 10.1.10.124 829 IP authen Lterm 3d00h 2 10.1.10.100 827 IP authen Lterm 3d01h 2 10.1.10.55 811 IP authen Lterm 3d01h 2 10.1.10.127 823 IP authen Lterm 3d01h 2 10.1.10.37 820 IP authen Lterm 3d01h 2 10.1.10.79 828 IP authen Lterm 3d00h 2 10.1.10.67 806 IP authen Lterm 3d01h 2 10.1.10.31 821 IP authen Lterm 3d01h 2 10.1.10.121 822 IP authen Lterm 3d01h 2 10.1.10.70 817 IP authen Lterm 3d01h 2 10.1.10.135 815 IP authen Lterm 3d01h 2 10.1.10.118 810 IP authen Lterm 3d01h 2 10.1.10.22 819 IP authen Lterm 3d01h 2 10.1.10.136 813 IP authen Lterm 3d01h 2 10.1.10.76 809 IP authen Lterm 3d01h 2 10.1.10.131 814 IP authen Lterm 3d01h 2 10.1.10.7 808 IP authen Lterm 3d01h 2 10.1.10.15 818 IP authen Lterm 3d01h 2 10.1.10.88 800 IP authen Lterm 3d01h 2 10.1.10.138 807 IP authen Lterm 3d01h 2 10.1.10.140 804 IP authen Lterm 3d01h 2 10.1.10.97 812 IP authen Lterm 3d01h 2 10.1.10.40 KharinoIPoE#show subscriber session uid 312 KharinoIPoE# ip 172.24.0.202 присваивает биллинг без привязки к мак адресу. как редиректить такой ip Вставить ник Quote
evgenich Posted May 24, 2016 Posted May 24, 2016 нафига ? accept и редирект в сервисе. Вставить ник Quote
Andrey75 Posted June 9, 2016 Author Posted June 9, 2016 нафига ? accept и редирект в сервисе. неавторизованные абоненты на страницу заявления при сети WI FI например Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.