Jump to content
Калькуляторы

Radius Accounting & Cisco ESR 10K

Доброго времени суток!

Взяли мы тут на тест железку ESR 10K PRE-2

Стоит задача терминировать PPPoE сессии.

Всё бы ничего, сессия создаётся и живёт, однако данный девайс не шлёт радиус серверу Accounting сессий, и как следствие эти сесси не видны в биллинге, подскажите пожалуйста знающие люди, как заставить слать аккаунтинг по активным сессиям PPPoE.

IOS c10k2-p11-mz.122-33.SB8a.bin

Конфиг

version 12.2
parser config cache interface
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service internal
service sequence-numbers
!
hostname ESR-10K-C-B
!
boot-start-marker
boot-end-marker
!
aaa new-model
aaa session-mib disconnect
!
!
aaa group server radius PPPoE
server-private xx.xx.xx.xx auth-port 1912 acct-port 1913
!
aaa authentication login default local
aaa authentication ppp PPPoE group PPPoE
aaa authorization exec default local
aaa authorization network PPPoE group PPPoE
aaa accounting delay-start all
aaa accounting delay-start
aaa accounting update newinfo periodic 1
aaa accounting connection PPPoE start-stop group PPPoE
!
aaa nas port extended
!
!
!
!
aaa session-id unique
clock timezone UTC 6
clock calendar-valid
facility-alarm core-temperature major 58
facility-alarm core-temperature minor 50
facility-alarm core-temperature critical 85
facility-alarm intake-temperature major 54
facility-alarm intake-temperature minor 45
facility-alarm intake-temperature critical 72
!
!
card 1/0 1gigethernet-1
card 2/0 1gigethernet-1
ip subnet-zero
no ip source-route
ip arp gratuitous none
no ip gratuitous-arps
ip icmp rate-limit unreachable 100
ip icmp rate-limit unreachable DF 100
ip tcp selective-ack
ip tcp timestamp
ip tcp path-mtu-discovery
ip vrf VOICE
!
ip flow-cache entries 524288
ip flow-cache timeout inactive 30
ip flow-cache timeout active 1
no ip bootp server
no ip dhcp use vrf connected
!
ip dhcp pool VOIP
  network 10.9.1.0 255.255.255.224
  dns-server 10.9.1.1
  default-router 10.9.1.1
  option 66 ascii "10.9.1.1"
  lease 20
!
!
login block-for 1 attempts 5 within 1
login on-failure log
!
!
multilink bundle-name authenticated
lacp system-priority 1
!
redundancy
mode sso
!
!
policy-map 2M-out
 class class-default
   shape 2048
policy-map 11M-in
 class class-default
   police 11264000 14080 14080 conform-action transmit exceed-action drop viola
te-action drop
policy-map 1M-in
 class class-default
   police 1024000 1280 1280 conform-action transmit exceed-action drop violate-
action drop
policy-map 4M-in
 class class-default
   police 4096000 5120 5120 conform-action transmit exceed-action drop violate-
action drop
policy-map 2M-in
 class class-default
   police 2048000 2560 2560 conform-action transmit exceed-action drop violate-
action drop
policy-map 12M-in
 class class-default
   police 12288000 15360 15360 conform-action transmit exceed-action drop viola
te-action drop
policy-map 8M-out
 class class-default
   shape 8192
policy-map 9M-in
 class class-default
   police 9216000 11520 11520 conform-action transmit exceed-action drop violat
e-action drop
policy-map 9M-out
 class class-default
   shape 9216
policy-map 7M-out
 class class-default
   shape 7168
policy-map 15M-in
 class class-default
   police 15360000 19200 19200 conform-action transmit exceed-action drop viola
te-action drop
policy-map 20M-out
 class class-default
   shape 20480
policy-map 8M-in
 class class-default
   police 8192000 10240 10240 conform-action transmit exceed-action drop violat
e-action drop
policy-map 10M-out
 class class-default
   shape 10240
policy-map 10M-in
 class class-default
   police 10240000 12800 12800 conform-action transmit exceed-action drop viola
te-action drop
policy-map 6M-in
 class class-default
   police 6144000 7680 7680 conform-action transmit exceed-action drop violate-
action drop
policy-map 11M-out
 class class-default
   shape 11264
policy-map 5M-in
 class class-default
   police 5120000 6400 6400 conform-action transmit exceed-action drop violate-
action drop
policy-map 15M-out
 class class-default
   shape 15360
policy-map 1M-out
 class class-default
   shape 1024
policy-map 12M-out
 class class-default
   shape 12288
policy-map 3M-out
 class class-default
   shape 3072
policy-map 3M-in
 class class-default
   police 3072000 3840 3840 conform-action transmit exceed-action drop violate-
action drop
policy-map 5M-out
 class class-default
   shape 5120
policy-map 7M-in
 class class-default
   police 7168000 8960 8960 conform-action transmit exceed-action drop violate-
action drop
policy-map 20M-in
 class class-default
   police 20480000 25600 25600 conform-action transmit exceed-action drop viola
te-action drop
policy-map 6M-out
 class class-default
   shape 6144
policy-map 4M-out
 class class-default
   shape 4096
!
buffers small permanent 15000
buffers middle permanent 12000
buffers big permanent 8000
!
!
bba-group pppoe global
ac name ESR-10K-CORE
!
bba-group pppoe PPPoE
virtual-template 1
sessions per-mac limit 1
sessions per-vlan limit 800
sessions per-mac throttle 6 60 240
sessions auto cleanup
!
!
interface Loopback0
description VOICE-PPPoE-UNNUMBER
ip vrf forwarding VOICE
ip address 10.9.254.254 255.255.255.0
!
interface FastEthernet0/0/0
no ip address
speed 100
full-duplex
hold-queue 4096 in
hold-queue 4096 out
!
interface GigabitEthernet1/0/0
description C6509-C-A-GIG9/7
no ip address
negotiation auto
hold-queue 4096 in
hold-queue 4096 out
!
interface GigabitEthernet1/0/0.1
description MANAGE
encapsulation dot1Q 1 native
ip address 10.10.0.40 255.255.0.0
!
interface GigabitEthernet1/0/0.6
description NGN
encapsulation dot1Q 6
ip vrf forwarding VOICE
ip address 10.9.1.4 255.255.255.240
!
interface GigabitEthernet2/0/0
description C6509-C-A-GIG9/8
no ip address
negotiation auto
hold-queue 4096 in
hold-queue 4096 out
!
interface GigabitEthernet2/0/0.10
description OFFICE-MANAGE-GATE
encapsulation dot1Q 10
ip vrf forwarding VOICE
ip address 10.9.2.1 255.255.255.248
pppoe enable group PPPoE
!
interface Virtual-Template1
mtu 1492
ip vrf forwarding VOICE
ip unnumbered Loopback0
ip flow ingress
no logging event link-status
peer default ip address pool PPPoE
keepalive 30
ppp max-bad-auth 3
ppp authentication pap PPPoE
ppp authorization PPPoE
ppp accounting PPPoE
ppp ipcp dns 10.9.1.1
ppp timeout retry 3
ppp timeout authentication 45
ppp timeout idle 36000
!
ip classless
ip flow-export source GigabitEthernet2/0/0.1
ip flow-export version 5
!
no ip http server
!
!
ip radius source-interface GigabitEthernet1/0/0.3
access-list 100 deny   udp any host 255.255.255.255
access-list 100 permit ip any any
radius-server attribute 44 include-in-access-req
radius-server attribute 44 extend-with-addr
radius-server attribute 188 format non-standard
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 25 access-request include
radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV type 33
radius-server attribute 61 extended
radius-server configure-nas
radius-server timeout 30
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
line con 0
history size 256
transport preferred none
escape-character 3
line aux 0
line vty 0 4
access-class ACCESS-VTY in
privilege level 15
transport input telnet
transport output telnet

Вот лог общения радиус сервера с цыской

04-13/22:23:27  INFO [radiusListener-p-2-t-5] RadiusListenerWorker - REQUEST:
Packet type: Access-Request

Attributes:
 User-Name=хххх
 NAS-Identifier=ESR-10K-C-B
 NAS-Port-Id=2/0/0/10
 User-Password=уууууууу
 NAS-IP-Address=10.10.0.40
 NAS-Port=536870922
 Service-Type=2
 Framed-Protocol=1
 Connect-Info=VOICE
 Acct-Session-Id=0000000000000A35
 NAS-Port-Type=33
 cisco-avpair=client-mac-address=001e.5842.7958

04-13/22:23:27  INFO [radiusListener-p-2-t-5] RadiusListenerWorker - RESPONSE:
Packet type: Access-Accept
Attributes:
 Acct-Interim-Interval=60
 Service-Type=2
 Framed-Protocol=1
 Framed-IP-Address=10.9.3.47

Process time auth: 44

Всё после этого ничего от цыски не приходит на радиус.

 

ЗЫ: Вроде как на цысках (IOS 12.4) отсыл аккаунтинга включается коммандой gw-accounting aaa, однако на ESR (12.2) я такой комманды не нашёл.

Заранее спасибо.

Edited by catalist

Share this post


Link to post
Share on other sites

Тему можно закрывать дело было в комманде aaa accounting network PPPoE start-stop group PPPoE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this