ISG L4Rediredct на ASR1002

bokl · May 18, 2011

Добрый день.

Возникли проблемы при попытке сделать сабж.

Ситуация следующая:

bras-isg#show subscriber session username isr_esafe detailed 
Unique Session ID: 181
Identifier: isr_esafe
SIP subscriber access type(s): PPPoE/PPP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 00:02:10, Last Changed: 00:02:09
Interface: Virtual-Access2.2

Policy information:
 Context 301A4278: Handle F600013B
 AAA_id 00000059: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   service-type         2 [Framed]
   Framed-Protocol      1 [PPP]
   addr                 10.31.255.66
   ssg-account-info     "AISG-SVC-ESAFE-ALL"
   ssg-account-info     "AISG-SVC-MEDIA:R_100000"
   ssg-account-info     "AISG-SVC-LOCAL:R_100000"
   ssg-account-info     "AISG-SVC-INET:R_100000"
 Downloaded User profile, including services:
   service-type         2 [Framed]
   Framed-Protocol      1 [PPP]
   addr                 10.31.255.66
   ssg-account-info     "AISG-SVC-ESAFE-ALL"
   ssg-account-info     "AISG-SVC-MEDIA:R_100000"
   ssg-account-info     "AISG-SVC-LOCAL:R_100000"
   ssg-account-info     "AISG-SVC-INET:R_100000"
   ssg-service-info     "IISG-SVC-LOCAL"
   ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
   l4redirect           "redirect to ip 172.31.255.2"
   traffic-class        "input access-group 199 priority 40"
   accounting-list      "AAA-MLIST"
 Config history for session (recent to oldest):
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-ESAFE-ALL, 4 references 
       l4redirect           "redirect to ip 172.31.255.2"    [b]собственно тут настройки есть[/b]
       traffic-class        "input access-group 199 priority 40"
       accounting-list      "AAA-MLIST"
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-MEDIA:R_100000, 4 references 
       traffic-class        "in access-group name TCL_MEDIA_IN priority 100"
       traffic-class        "out access-group name TCL_MEDIA_OUT priority 100"
       ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
       accounting-list      "AAA-MLIST"
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-LOCAL:R_100000, 4 references 
       traffic-class        "in access-group name TCL_LOCAL_IN priority 200"
       traffic-class        "out access-group name TCL_LOCAL_OUT priority 200"
       ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
       accounting-list      "AAA-MLIST"
       ssg-service-info     "IISG-SVC-LOCAL"
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Service)
     Profile name: ISG-SVC-INET:R_100000, 4 references 
       traffic-class        "in access-group name TCL_INET_IN priority 300"
       traffic-class        "out access-group name TCL_INET_OUT priority 300"
       ssg-service-info     "QU;100000000;18750000;37500000;D;100000000;18750000;37500000;"
       accounting-list      "AAA-MLIST"
   Access-type: PPP Client: SM
    Policy event: Process Config Connecting
     Profile name: apply-config-only, 2 references 
       service-type         2 [Framed]
       Framed-Protocol      1 [PPP]
       addr                 10.31.255.66
       ssg-account-info     "AISG-SVC-ESAFE-ALL"
       ssg-account-info     "AISG-SVC-MEDIA:R_100000"
       ssg-account-info     "AISG-SVC-LOCAL:R_100000"
       ssg-account-info     "AISG-SVC-INET:R_100000"
 Active services associated with session:
   name "ISG-SVC-ESAFE-ALL"
   name "ISG-SVC-MEDIA:R_100000"
   name "ISG-SVC-LOCAL:R_100000"
   name "ISG-SVC-INET:R_100000"

Session inbound features:
Traffic classes:
 Traffic class session ID: 182
  ACL Name: TCL_INET_IN, Packets = 2, Bytes = 656
 Traffic class session ID: 183
  ACL Name: TCL_LOCAL_IN, Packets = 0, Bytes = 0
 Traffic class session ID: 184
  ACL Name: TCL_MEDIA_IN, Packets = 0, Bytes = 0
 Traffic class session ID: 185
  ACL Name: 199, Packets = 69, Bytes = 6676         [b] тут вроде как пакеты мачатся.[/b]
Unmatched Packets = 0, Re-classified packets (redirected) = 2  [b]тут нет ничего….должно быть?[/b]

Feature: Layer 4 Redirect
 Rule table is empty
Session outbound features:
Traffic classes:
 Traffic class session ID: 182
  ACL Name: TCL_INET_OUT, Packets = 47, Bytes = 2512
 Traffic class session ID: 183
  ACL Name: TCL_LOCAL_OUT, Packets = 3, Bytes = 168
 Traffic class session ID: 184
  ACL Name: TCL_MEDIA_OUT, Packets = 0, Bytes = 0
Unmatched Packets = 0, Re-classified packets (redirected) = 0

Non-datapath features:
Feature: IP Config
 Peer IP Address: 10.31.255.66 (F/F)
 Address Pool: [None] (F)
 Unnumbered Intf: [None]
Configuration sources associated with this session:
Service: ISG-SVC-ESAFE-ALL, Active Time = 00:02:10
 AAA Service ID = 2097152111
Service: ISG-SVC-MEDIA:R_100000, Active Time = 00:02:10
 AAA Service ID = 671088750
Service: ISG-SVC-LOCAL:R_100000, Active Time = 00:02:10
 AAA Service ID = 2835349613
Service: ISG-SVC-INET:R_100000, Active Time = 00:02:10
 AAA Service ID = 3707764844
Interface: Virtual-Template1, Active Time = 00:02:10


[b]аксесс лист для редиректа[/b]
access-list 199 deny ip any host 172.31.255.2
access-list 199 permit ip any any

[b]версия иоса[/b]
show version 
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 10-Feb-11 23:51 by mcpre

по факту трафик по трейсроуту умирает прям на брасе. до айпишника на который идет редирект трафик не доходит...

Спасибо за внимание.

bokl · May 20, 2011

Возможно при использовании PPPoE делать одним сервисы ISG, а другим обычные pppoe(route-map,rate-limit и т.д.)?

Sign In

ISG L4Rediredct на ASR1002

Recommended Posts

bokl

bokl

Join the conversation