Jump to content
Калькуляторы

ISG L4Rediredct на ASR1002

Добрый день.

 

Возникли проблемы при попытке сделать сабж.

Ситуация следующая:

 

bras-isg#show subscriber session username isr_esafe detailed 
Unique Session ID: 181
Identifier: isr_esafe
SIP subscriber access type(s): PPPoE/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 00:02:10, Last Changed: 00:02:09
Interface: Virtual-Access2.2

Policy information:
 Context 301A4278: Handle F600013B
 AAA_id 00000059: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   service-type         2 [Framed]
   Framed-Protocol      1 [PPP]
   addr                 10.31.255.66
   ssg-account-info     "AISG-SVC-ESAFE-ALL"
   ssg-account-info     "AISG-SVC-MEDIA:R_100000"
   ssg-account-info     "AISG-SVC-LOCAL:R_100000"
   ssg-account-info     "AISG-SVC-INET:R_100000"
 Downloaded User profile, including services:
   service-type         2 [Framed]
   Framed-Protocol      1 [PPP]
   addr                 10.31.255.66
   ssg-account-info     "AISG-SVC-ESAFE-ALL"
   ssg-account-info     "AISG-SVC-MEDIA:R_100000"
   ssg-account-info     "AISG-SVC-LOCAL:R_100000"
   ssg-account-info     "AISG-SVC-INET:R_100000"
   ssg-service-info     "IISG-SVC-LOCAL"
   ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
   l4redirect           "redirect to ip 172.31.255.2"
   traffic-class        "input access-group 199 priority 40"
   accounting-list      "AAA-MLIST"
 Config history for session (recent to oldest):
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-ESAFE-ALL, 4 references 
       l4redirect           "redirect to ip 172.31.255.2"    [b]собственно тут настройки есть[/b]
       traffic-class        "input access-group 199 priority 40"
       accounting-list      "AAA-MLIST"
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-MEDIA:R_100000, 4 references 
       traffic-class        "in access-group name TCL_MEDIA_IN priority 100"
       traffic-class        "out access-group name TCL_MEDIA_OUT priority 100"
       ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
       accounting-list      "AAA-MLIST"
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-LOCAL:R_100000, 4 references 
       traffic-class        "in access-group name TCL_LOCAL_IN priority 200"
       traffic-class        "out access-group name TCL_LOCAL_OUT priority 200"
       ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
       accounting-list      "AAA-MLIST"
       ssg-service-info     "IISG-SVC-LOCAL"
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-INET:R_100000, 4 references 
       traffic-class        "in access-group name TCL_INET_IN priority 300"
       traffic-class        "out access-group name TCL_INET_OUT priority 300"
       ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
       accounting-list      "AAA-MLIST"
   Access-type: PPP Client: SM
    Policy event: Process Config Connecting
     Profile name: apply-config-only, 2 references 
       service-type         2 [Framed]
       Framed-Protocol      1 [PPP]
       addr                 10.31.255.66
       ssg-account-info     "AISG-SVC-ESAFE-ALL"
       ssg-account-info     "AISG-SVC-MEDIA:R_100000"
       ssg-account-info     "AISG-SVC-LOCAL:R_100000"
       ssg-account-info     "AISG-SVC-INET:R_100000"
 Active services associated with session:
   name "ISG-SVC-ESAFE-ALL"
   name "ISG-SVC-MEDIA:R_100000"
   name "ISG-SVC-LOCAL:R_100000"
   name "ISG-SVC-INET:R_100000"

Session inbound features:
Traffic classes:
 Traffic class session ID: 182
  ACL Name: TCL_INET_IN, Packets = 2, Bytes = 656
 Traffic class session ID: 183
  ACL Name: TCL_LOCAL_IN, Packets = 0, Bytes = 0
 Traffic class session ID: 184
  ACL Name: TCL_MEDIA_IN, Packets = 0, Bytes = 0
 Traffic class session ID: 185
  ACL Name: 199, Packets = 69, Bytes = 6676         [b] тут вроде как пакеты мачатся.[/b]
Unmatched Packets = 0, Re-classified packets (redirected) = 2  [b]тут нет ничего….должно быть?[/b]

Feature: Layer 4 Redirect
 Rule table is empty
Session outbound features:
Traffic classes:
 Traffic class session ID: 182
  ACL Name: TCL_INET_OUT, Packets = 47, Bytes = 2512
 Traffic class session ID: 183
  ACL Name: TCL_LOCAL_OUT, Packets = 3, Bytes = 168
 Traffic class session ID: 184
  ACL Name: TCL_MEDIA_OUT, Packets = 0, Bytes = 0
Unmatched Packets = 0, Re-classified packets (redirected) = 0

Non-datapath features:
Feature: IP Config
 Peer IP Address: 10.31.255.66 (F/F)
 Address Pool: [None] (F)
 Unnumbered Intf: [None]
Configuration sources associated with this session:
Service: ISG-SVC-ESAFE-ALL, Active Time = 00:02:10
 AAA Service ID = 2097152111
Service: ISG-SVC-MEDIA:R_100000, Active Time = 00:02:10
 AAA Service ID = 671088750
Service: ISG-SVC-LOCAL:R_100000, Active Time = 00:02:10
 AAA Service ID = 2835349613
Service: ISG-SVC-INET:R_100000, Active Time = 00:02:10
 AAA Service ID = 3707764844
Interface: Virtual-Template1, Active Time = 00:02:10


[b]аксесс лист для редиректа[/b]
access-list 199 deny ip any host 172.31.255.2
access-list 199 permit ip any any

[b]версия иоса[/b]
show version 
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 10-Feb-11 23:51 by mcpre

 

 

по факту трафик по трейсроуту умирает прям на брасе. до айпишника на который идет редирект трафик не доходит...

 

Спасибо за внимание.

Share this post


Link to post
Share on other sites

Возможно при использовании PPPoE делать одним сервисы ISG, а другим обычные pppoe(route-map,rate-limit и т.д.)?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this