Jump to content
Калькуляторы

вопрос по cisco isg

имеем 7206 g2 в качестве bras для pppoe клиентов, необходим аккаунтинг по двум типам трафика - внутренний и в Интернет.

 

 

выдержка из конфига

 

 

boot-start-marker

boot system flash disk2:/c7200p-js-mz.122-31.SB10.bin

boot-end-marker

!

!

interface Virtual-Template1

mtu 1492

bandwidth 64

ip unnumbered GigabitEthernet0/2

ip verify unicast reverse-path

no ip redirects

no ip proxy-arp

ip mtu 1492

ip flow ingress

ip flow egress

ip tcp adjust-mss 1452

load-interval 30

peer default ip address pool ADSL_POOL

ppp authentication pap callin

ppp eap refuse

ppp chap refuse

ppp ms-chap refuse

ppp ms-chap-v2 refuse

ppp ipcp dns 10.0.0.2 10.0.1.2

 

 

 

конфиг радиус сервера:

# клиент

xxx-user Password == "123", Service-Type == Framed-User, Huntgroup-Name == "isg"

Cisco-Account-Info = "Ainternal",

Cisco-Account-Info += "Ainternet",

Cisco-AVPair = "ip:inacl=150",

Framed-Protocol = PPP,

Framed-MTU = 1492,

Framed-Compression = None

 

 

# сервисы

internal Password == "cisco", Service-Type == Outbound-User, Huntgroup-Name == "isg"

Cisco-AVPair = "subscriber:accounting-list=ATLANT_AAA_LIST",

Cisco-AVPair += "ip:traffic-class=in default drop",

Cisco-AVPair += "ip:traffic-class=out default drop",

Cisco-AVPair += "ip:traffic-class=in access-group 110 priority 20",

Cisco-AVPair += "ip:traffic-class=out access-group 111 priority 20",

Cisco-Service-Info = "Iinternal",

Cisco-Service-Info += "QU;512000;64000;128000;D;512000;64000;128000"

 

 

internet Password == "cisco", Service-Type == Outbound-User, Huntgroup-Name == "isg"

Cisco-AVPair = "subscriber:accounting-list=ATLANT_AAA_LIST",

Cisco-AVPair += "ip:traffic-class=in access-group 1 priority 30",

Cisco-AVPair += "ip:traffic-class=out access-group 1 priority 30",

Cisco-AVPair += "ip:traffic-class=in default drop",

Cisco-AVPair += "ip:traffic-class=out default drop",

Cisco-Service-Info = "Iinternet",

Cisco-Service-Info += "QU;256000;32000;64000;D;256000;32000;64000",

Cisco-Service-Info += "R0.0.0.0;0.0.0.0",

Cisco-Service-Info += "MC",

Cisco-Service-Info += "TP"

 

 

 

Сервисы активируются, но в аккаунтинге по сервисам идёт трафик с дропанными пакетами, а вот для родительской сессии ("классический" радиус) траф считается правильно, т.е. аккаунтинг по сервисам значительно отличается от того что получил клиент. Если qos-policy снять то, сумма трафика по внутренним сетям и в инет совпадает с "обычным" радиусом

 

 

Wed Jan 23 09:47:11 2008

Acct-Session-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0_00000034"

Framed-Protocol = PPP

Cisco-Service-Info = "Ninternal"

Cisco-AVPair = "parent-session-id=ether 0/0/1:4096.0 0/0/0/0/0/0_00000025"

Framed-IP-Address = 192.168.0.6

User-Name = "xxx-atlant"

Acct-Terminate-Cause = User-Request

Cisco-AVPair = "disc-cause-ext=PPP Receive Term"

Acct-Input-Packets = 439

Acct-Output-Packets = 874

Acct-Input-Octets = 19941

Acct-Output-Octets = 1271040

Acct-Session-Time = 81

Acct-Status-Type = Stop

NAS-Port-Type = Virtual

NAS-Port = 16777216

NAS-Port-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0"

Cisco-AVPair = "client-mac-address=0010.4b2e.32d4"

Service-Type = Framed-User

NAS-IP-Address = 192.168.0.2

X-Ascend-Session-Svr-Key = "2EDD814E"

Event-Timestamp = "Jan 23 2008 09:47:12 EET"

Acct-Delay-Time = 0

Client-IP-Address = 192.168.0.2

Acct-Unique-Session-Id = "cf575a984bb7d9ad"

Timestamp = 1201074431

 

 

 

Wed Jan 23 09:47:11 2008

Acct-Session-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0_00000035"

Framed-Protocol = PPP

Cisco-Service-Info = "Ninternet"

Cisco-AVPair = "parent-session-id=ether 0/0/1:4096.0 0/0/0/0/0/0_00000025"

Framed-IP-Address = 192.168.0.6

User-Name = "xxx-atlant"

Acct-Terminate-Cause = User-Request

Cisco-AVPair = "disc-cause-ext=PPP Receive Term"

Acct-Input-Packets = 135

Acct-Output-Packets = 126

Acct-Input-Octets = 15299

Acct-Output-Octets = 81868

Acct-Session-Time = 81

Acct-Status-Type = Stop

NAS-Port-Type = Virtual

NAS-Port = 16777216

NAS-Port-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0"

Cisco-AVPair = "client-mac-address=0010.4b2e.32d4"

Service-Type = Framed-User

NAS-IP-Address = 192.168.0.2

X-Ascend-Session-Svr-Key = "2EDD814E"

Event-Timestamp = "Jan 23 2008 09:47:12 EET"

Acct-Delay-Time = 0

Client-IP-Address = 192.168.0.2

Acct-Unique-Session-Id = "52dfa7943ea8ecb0"

Timestamp = 1201074431

 

 

Wed Jan 23 09:47:11 2008

Acct-Session-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0_00000027"

Framed-Protocol = PPP

Framed-IP-Address = 192.168.0.6

Cisco-AVPair = "ppp-disconnect-cause=Received LCP TERMREQ from peer"

User-Name = "xxx-atlant"

Acct-Authentic = RADIUS

Cisco-AVPair = "connect-progress=LAN Ses Up"

Cisco-AVPair = "nas-tx-speed=100000000"

Cisco-AVPair = "nas-rx-speed=100000000"

Acct-Session-Time = 81

Acct-Input-Octets = 37286

Acct-Output-Octets = 1146160

Acct-Input-Packets = 590

Acct-Output-Packets = 873

Acct-Terminate-Cause = User-Request

Cisco-AVPair = "disc-cause-ext=PPP Receive Term"

Acct-Status-Type = Stop

NAS-Port-Type = Virtual

NAS-Port = 16777216

NAS-Port-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0"

Cisco-AVPair = "client-mac-address=0010.4b2e.32d4"

Service-Type = Framed-User

NAS-IP-Address = 192.168.0.2

X-Ascend-Session-Svr-Key = "2EDD814E"

Event-Timestamp = "Jan 23 2008 09:47:12 EET"

Acct-Delay-Time = 0

Client-IP-Address = 192.168.0.2

Acct-Unique-Session-Id = "4fcc1f1a26d0443b"

Timestamp = 1201074431

 

 

в чём трабл?

 

p.s.

 

на этом рутере ната нет.

Share this post


Link to post
Share on other sites

Прогнал у себя в лабе.

 

было заведено 4 сервиса - на локалку и в мир с полосой 512к,128к и без соответственно.

 

Качалось 2 файла по 50 и 10 метров.

результаты аккаунтинга по сервисам получились такие:

 

без полисинга

 

53816179 10897098

 

С полисингом

 

65413839 14239299 байт соответственно.

 

 

Share this post


Link to post
Share on other sites
похоже на баг в иосе
Почему ? пакетики дропались, трафик переповторялся.

Давным давно я делал тесты с полисингом и шейпингом в isg - полисинг требует на 20-30% полосы больше.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this