catalist Опубликовано 13 апреля, 2012 (изменено) · Жалоба Доброго времени суток! Взяли мы тут на тест железку ESR 10K PRE-2 Стоит задача терминировать PPPoE сессии. Всё бы ничего, сессия создаётся и живёт, однако данный девайс не шлёт радиус серверу Accounting сессий, и как следствие эти сесси не видны в биллинге, подскажите пожалуйста знающие люди, как заставить слать аккаунтинг по активным сессиям PPPoE. IOS c10k2-p11-mz.122-33.SB8a.bin Конфиг version 12.2 parser config cache interface no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service internal service sequence-numbers ! hostname ESR-10K-C-B ! boot-start-marker boot-end-marker ! aaa new-model aaa session-mib disconnect ! ! aaa group server radius PPPoE server-private xx.xx.xx.xx auth-port 1912 acct-port 1913 ! aaa authentication login default local aaa authentication ppp PPPoE group PPPoE aaa authorization exec default local aaa authorization network PPPoE group PPPoE aaa accounting delay-start all aaa accounting delay-start aaa accounting update newinfo periodic 1 aaa accounting connection PPPoE start-stop group PPPoE ! aaa nas port extended ! ! ! ! aaa session-id unique clock timezone UTC 6 clock calendar-valid facility-alarm core-temperature major 58 facility-alarm core-temperature minor 50 facility-alarm core-temperature critical 85 facility-alarm intake-temperature major 54 facility-alarm intake-temperature minor 45 facility-alarm intake-temperature critical 72 ! ! card 1/0 1gigethernet-1 card 2/0 1gigethernet-1 ip subnet-zero no ip source-route ip arp gratuitous none no ip gratuitous-arps ip icmp rate-limit unreachable 100 ip icmp rate-limit unreachable DF 100 ip tcp selective-ack ip tcp timestamp ip tcp path-mtu-discovery ip vrf VOICE ! ip flow-cache entries 524288 ip flow-cache timeout inactive 30 ip flow-cache timeout active 1 no ip bootp server no ip dhcp use vrf connected ! ip dhcp pool VOIP network 10.9.1.0 255.255.255.224 dns-server 10.9.1.1 default-router 10.9.1.1 option 66 ascii "10.9.1.1" lease 20 ! ! login block-for 1 attempts 5 within 1 login on-failure log ! ! multilink bundle-name authenticated lacp system-priority 1 ! redundancy mode sso ! ! policy-map 2M-out class class-default shape 2048 policy-map 11M-in class class-default police 11264000 14080 14080 conform-action transmit exceed-action drop viola te-action drop policy-map 1M-in class class-default police 1024000 1280 1280 conform-action transmit exceed-action drop violate- action drop policy-map 4M-in class class-default police 4096000 5120 5120 conform-action transmit exceed-action drop violate- action drop policy-map 2M-in class class-default police 2048000 2560 2560 conform-action transmit exceed-action drop violate- action drop policy-map 12M-in class class-default police 12288000 15360 15360 conform-action transmit exceed-action drop viola te-action drop policy-map 8M-out class class-default shape 8192 policy-map 9M-in class class-default police 9216000 11520 11520 conform-action transmit exceed-action drop violat e-action drop policy-map 9M-out class class-default shape 9216 policy-map 7M-out class class-default shape 7168 policy-map 15M-in class class-default police 15360000 19200 19200 conform-action transmit exceed-action drop viola te-action drop policy-map 20M-out class class-default shape 20480 policy-map 8M-in class class-default police 8192000 10240 10240 conform-action transmit exceed-action drop violat e-action drop policy-map 10M-out class class-default shape 10240 policy-map 10M-in class class-default police 10240000 12800 12800 conform-action transmit exceed-action drop viola te-action drop policy-map 6M-in class class-default police 6144000 7680 7680 conform-action transmit exceed-action drop violate- action drop policy-map 11M-out class class-default shape 11264 policy-map 5M-in class class-default police 5120000 6400 6400 conform-action transmit exceed-action drop violate- action drop policy-map 15M-out class class-default shape 15360 policy-map 1M-out class class-default shape 1024 policy-map 12M-out class class-default shape 12288 policy-map 3M-out class class-default shape 3072 policy-map 3M-in class class-default police 3072000 3840 3840 conform-action transmit exceed-action drop violate- action drop policy-map 5M-out class class-default shape 5120 policy-map 7M-in class class-default police 7168000 8960 8960 conform-action transmit exceed-action drop violate- action drop policy-map 20M-in class class-default police 20480000 25600 25600 conform-action transmit exceed-action drop viola te-action drop policy-map 6M-out class class-default shape 6144 policy-map 4M-out class class-default shape 4096 ! buffers small permanent 15000 buffers middle permanent 12000 buffers big permanent 8000 ! ! bba-group pppoe global ac name ESR-10K-CORE ! bba-group pppoe PPPoE virtual-template 1 sessions per-mac limit 1 sessions per-vlan limit 800 sessions per-mac throttle 6 60 240 sessions auto cleanup ! ! interface Loopback0 description VOICE-PPPoE-UNNUMBER ip vrf forwarding VOICE ip address 10.9.254.254 255.255.255.0 ! interface FastEthernet0/0/0 no ip address speed 100 full-duplex hold-queue 4096 in hold-queue 4096 out ! interface GigabitEthernet1/0/0 description C6509-C-A-GIG9/7 no ip address negotiation auto hold-queue 4096 in hold-queue 4096 out ! interface GigabitEthernet1/0/0.1 description MANAGE encapsulation dot1Q 1 native ip address 10.10.0.40 255.255.0.0 ! interface GigabitEthernet1/0/0.6 description NGN encapsulation dot1Q 6 ip vrf forwarding VOICE ip address 10.9.1.4 255.255.255.240 ! interface GigabitEthernet2/0/0 description C6509-C-A-GIG9/8 no ip address negotiation auto hold-queue 4096 in hold-queue 4096 out ! interface GigabitEthernet2/0/0.10 description OFFICE-MANAGE-GATE encapsulation dot1Q 10 ip vrf forwarding VOICE ip address 10.9.2.1 255.255.255.248 pppoe enable group PPPoE ! interface Virtual-Template1 mtu 1492 ip vrf forwarding VOICE ip unnumbered Loopback0 ip flow ingress no logging event link-status peer default ip address pool PPPoE keepalive 30 ppp max-bad-auth 3 ppp authentication pap PPPoE ppp authorization PPPoE ppp accounting PPPoE ppp ipcp dns 10.9.1.1 ppp timeout retry 3 ppp timeout authentication 45 ppp timeout idle 36000 ! ip classless ip flow-export source GigabitEthernet2/0/0.1 ip flow-export version 5 ! no ip http server ! ! ip radius source-interface GigabitEthernet1/0/0.3 access-list 100 deny udp any host 255.255.255.255 access-list 100 permit ip any any radius-server attribute 44 include-in-access-req radius-server attribute 44 extend-with-addr radius-server attribute 188 format non-standard radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 25 access-request include radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV type 33 radius-server attribute 61 extended radius-server configure-nas radius-server timeout 30 radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! line con 0 history size 256 transport preferred none escape-character 3 line aux 0 line vty 0 4 access-class ACCESS-VTY in privilege level 15 transport input telnet transport output telnet Вот лог общения радиус сервера с цыской 04-13/22:23:27 INFO [radiusListener-p-2-t-5] RadiusListenerWorker - REQUEST: Packet type: Access-Request Attributes: User-Name=хххх NAS-Identifier=ESR-10K-C-B NAS-Port-Id=2/0/0/10 User-Password=уууууууу NAS-IP-Address=10.10.0.40 NAS-Port=536870922 Service-Type=2 Framed-Protocol=1 Connect-Info=VOICE Acct-Session-Id=0000000000000A35 NAS-Port-Type=33 cisco-avpair=client-mac-address=001e.5842.7958 04-13/22:23:27 INFO [radiusListener-p-2-t-5] RadiusListenerWorker - RESPONSE: Packet type: Access-Accept Attributes: Acct-Interim-Interval=60 Service-Type=2 Framed-Protocol=1 Framed-IP-Address=10.9.3.47 Process time auth: 44 Всё после этого ничего от цыски не приходит на радиус. ЗЫ: Вроде как на цысках (IOS 12.4) отсыл аккаунтинга включается коммандой gw-accounting aaa, однако на ESR (12.2) я такой комманды не нашёл. Заранее спасибо. Изменено 7 июля, 2012 пользователем catalist Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
catalist Опубликовано 13 апреля, 2012 · Жалоба Тему можно закрывать дело было в комманде aaa accounting network PPPoE start-stop group PPPoE Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...