Jump to content
Калькуляторы

redirect при Reject редирект при не авторизованном абоненте

помогите с редиректом при не авторизованном абоненте

 

конфиг

 

 

redirect server-group RSG_NEGBAL_REDIRECT

server ip 10.1.0.2 port 442

!

redirect server-group RSG_BLOCKED_REDIRECT

server ip 10.1.0.2 port 444

!

redirect server-group RSG_RADIUS_REDIRECT

server ip 10.1.0.2 port 440

!

!

!

ip ssh version 1

class-map type traffic match-any CLS_RADIUS_REDIRECT

match access-group input name ACL_RADIUS_REDIRECT

!

class-map type traffic match-any CLS_ACCEPT

match access-group input name ACL_NEGBAL_TRUSTED

match access-group output name ACL_NEGBAL_TRUSTED

!

class-map type traffic match-any CLS_NEGBAL_TRUSTED

match access-group input name ACL_NEGBAL_TRUSTED

match access-group output name ACL_NEGBAL_TRUSTED

!

class-map type traffic match-any CLS_NEGBAL_REDIRECT

match access-group input name ACL_NEGBAL_REDIRECT

!

class-map type traffic match-any CLS_NOSHAPE

match access-group output name ACL_NOSHAPE

match access-group input name ACL_NOSHAPE

!

class-map type traffic match-any CLS_BLOCKED_TRUSTED

match access-group input name ACL_BLOCKED_TRUSTED

match access-group output name ACL_BLOCKED_TRUSTED

!

class-map type traffic match-any CLS_BLOCKED_REDIRECT

match access-group input name ACL_BLOCKED_REDIRECT

!

class-map type control match-all CTRL_TIMER_UNAUTH

match authen-status unauthenticated

match timer TIMER_UNAUTH

!

class-map type control match-all CTRL_TIMER_AUTH

match authen-status authenticated

match timer TIMER_AUTH

!

!

policy-map type service FWPOL_ACCEPT

service local

class type traffic CLS_ACCEPT

!

!

policy-map type service FWPOL_NEGBAL_TRUSTED

service local

class type traffic CLS_NEGBAL_TRUSTED

!

!

policy-map type service FWPOL_NEGBAL_REDIRECT

service local

class type traffic CLS_NEGBAL_REDIRECT

redirect to group RSG_NEGBAL_REDIRECT

!

class type traffic default in-out

drop

!

!

policy-map type service FWPOL_BLOCKED_TRUSTED

service local

class type traffic CLS_BLOCKED_TRUSTED

!

!

policy-map type service FWPOL_BLOCKED_REDIRECT

service local

class type traffic CLS_BLOCKED_REDIRECT

redirect to group RSG_BLOCKED_REDIRECT

!

class type traffic default in-out

drop

!

!

policy-map type service FWPOL_DEFAULT

service local

10 class type traffic CLS_ACCEPT

police input 512000

police output 512000

!

!

policy-map type service FWPOL_NOSHAPE

class type traffic CLS_NOSHAPE

police input 90000000

police output 90000000

!

!

policy-map type service FWPOL_RADIUS_REDIRECT

service local

class type traffic CLS_RADIUS_REDIRECT

redirect to group RSG_RADIUS_REDIRECT

!

!

policy-map type control CTRL_IPOE

class type control always event timed-policy-expiry

1 service disconnect

!

class type control always event account-logoff

1 service disconnect

!

class type control always event radius-timeout

10 set-timer TIMER_UNAUTH 10

20 service-policy type service name FWPOL_DEFAULT

!

class type control always event session-start

10 authorize aaa list AAA_LIST_IPOE password adminIPoE identifier source-ip-address

20 set-timer TIMER_UNAUTH 1

30 service-policy type service name FWPOL_ACCEPT

40 service-policy type service name FWPOL_NEGBAL_TRUSTED

50 service-policy type service name FWPOL_NEGBAL_REDIRECT

60 service-policy type service name FWPOL_BLOCKED_TRUSTED

70 service-policy type service name FWPOL_BLOCKED_REDIRECT

80 service-policy type service name FWPOL_RADIUS_REDIRECT

!

class type control always event session-restart

10 authorize aaa list AAA_LIST_IPOE password adminIPoE identifier source-ip-address

20 set-timer TIMER_UNAUTH 1

30 service-policy type service name FWPOL_ACCEPT

40 service-policy type service name FWPOL_NEGBAL_TRUSTED

50 service-policy type service name FWPOL_NEGBAL_REDIRECT

60 service-policy type service name FWPOL_BLOCKED_TRUSTED

70 service-policy type service name FWPOL_BLOCKED_REDIRECT

80 service-policy type service name FWPOL_RADIUS_REDIRECT

!

 

!

ip access-list extended ACL_ACCEPT

permit ip any any

ip access-list extended ACL_BLOCKED_REDIRECT

deny ip any host 10.1.0.2

deny ip host 10.1.0.2 any

permit tcp any any eq www

deny ip any any

ip access-list extended ACL_BLOCKED_TRUSTED

permit udp any any eq domain

permit ip any host 10.1.0.2

permit ip host 10.1.0.2 any

ip access-list extended ACL_NAT

permit ip any 10.1.10.0 0.0.0.255

permit ip 10.1.10.0 0.0.0.255 any

ip access-list extended ACL_NEGBAL_REDIRECT

deny ip any host 10.1.0.2

deny ip host 10.1.0.2 any

permit tcp any any eq www

deny ip any any

ip access-list extended ACL_NEGBAL_TRUSTED

permit udp any any eq domain

permit ip any host 10.1.0.2

permit ip host 10.1.0.2 any

ip access-list extended ACL_NOSHAPE

permit ip any host 10.1.0.2

permit ip host 10.1.0.2 any

ip access-list extended ACL_RADIUS_REDIRECT

deny ip any host 10.1.0.2

deny ip host 10.1.0.2 any

permit tcp any any eq www

deny ip any any

ip access-list extended WIFIGainy

permit ip any any

 

 

 

где у меня ошибка? ПОМОГИТЕ!

KharinoIPoE#show subscriber session

Codes: Lterm - Local Term, Fwd - forwarded, unauth - unathenticated, authen -

authenticated, TC Ct. - Number of Traffic Classes on the main session

 

Current Subscriber Information: Total sessions 47

Uniq ID Interface State Service Up-time TC Ct. Identifier

46 IP authen Lterm 3d00h 2 10.1.10.52

988 IP authen Lterm 3d00h 2 10.1.10.106

312 IP unauthen Attempting 00:00:00 0 172.24.7.202

1031 IP authen Lterm 2d23h 2 10.1.10.64

1040 IP authen Lterm 1d00h 2 172.24.0.77

998 IP authen Lterm 1d00h 2 10.1.10.130

764 IP authen Lterm 1d21h 2 172.24.0.73

733 IP authen Lterm 1d21h 2 10.1.10.49

749 IP authen Lterm 1d21h 2 10.1.10.20

10 IP authen Lterm 2d05h 2 10.1.10.61

305 IP unauthen Lterm 22:33:30 2 172.24.7.200

303 IP unauthen Lterm 23:29:50 0 172.24.7.201

1038 IP authen Lterm 2d09h 2 10.1.10.34

1036 IP authen Lterm 2d11h 2 10.1.10.109

996 IP authen Lterm 2d10h 2 10.1.10.103

1034 IP authen Lterm 2d20h 2 10.1.10.85

991 IP authen Lterm 2d21h 2 10.1.10.82

956 IP authen Lterm 2d12h 2 10.1.10.58

1032 IP authen Lterm 2d22h 2 10.1.10.16

473 IP authen Lterm 2d22h 2 10.1.10.115

835 IP authen Lterm 3d00h 2 172.24.0.69

816 IP authen Lterm 3d00h 2 10.1.10.94

825 IP authen Lterm 3d00h 2 10.1.10.19

831 IP authen Lterm 3d01h 2 10.1.10.5

826 IP authen Lterm 3d00h 2 10.1.10.124

829 IP authen Lterm 3d00h 2 10.1.10.100

827 IP authen Lterm 3d01h 2 10.1.10.55

811 IP authen Lterm 3d01h 2 10.1.10.127

823 IP authen Lterm 3d01h 2 10.1.10.37

820 IP authen Lterm 3d01h 2 10.1.10.79

828 IP authen Lterm 3d00h 2 10.1.10.67

806 IP authen Lterm 3d01h 2 10.1.10.31

821 IP authen Lterm 3d01h 2 10.1.10.121

822 IP authen Lterm 3d01h 2 10.1.10.70

817 IP authen Lterm 3d01h 2 10.1.10.135

815 IP authen Lterm 3d01h 2 10.1.10.118

810 IP authen Lterm 3d01h 2 10.1.10.22

819 IP authen Lterm 3d01h 2 10.1.10.136

813 IP authen Lterm 3d01h 2 10.1.10.76

809 IP authen Lterm 3d01h 2 10.1.10.131

814 IP authen Lterm 3d01h 2 10.1.10.7

808 IP authen Lterm 3d01h 2 10.1.10.15

818 IP authen Lterm 3d01h 2 10.1.10.88

800 IP authen Lterm 3d01h 2 10.1.10.138

807 IP authen Lterm 3d01h 2 10.1.10.140

804 IP authen Lterm 3d01h 2 10.1.10.97

812 IP authen Lterm 3d01h 2 10.1.10.40

 

KharinoIPoE#show subscriber session uid 312

KharinoIPoE#

 

ip 172.24.0.202 присваивает биллинг без привязки к мак адресу.

как редиректить такой ip

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.