Jump to content
Калькуляторы

Cisco ASR1K ISG+radius проблемы в размещении профиль клиента радиуса

Прежде всего я хочу извиниться за плохой русский.

Железа ASR1006

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)

IOS XE Version: 03.06.00.S

NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40"

 

Идея состоит в том , чтобы знать в зависимости от клиента( based on circuit-id) и работать в Интернет с определенными параметрами или отправить портал

 

 

Проблема в том, что при размещении вручную поставить policy-map type service L4REDIRECT_SERVICE+OPENGARDEN все ваши классы и другие трафик и перенаправлять работ. Но когда я утверждаю, радиус ЭВМ не работает.

 

Здесь конфигурации маршрутизатора

version 15.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
!
hostname ASR1006-VT1
!
boot-start-marker
boot system flash bootflash:/asr1000rp2-advipservicesk9.03.06.00.S.152-2.S.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging userinfo
logging buffered 400000
enable secret 4 MwiIOyhbTdyB8ClOX4xeYduphxrQGmVjVXFM2w9JXZc
enable password 7 070C285F4D065700011D450E03
!
aaa new-model
!
!
aaa group server radius RADIUS_GR
server 85.*.*.135 auth-port 1812 acct-port 1813
ip radius source-interface Loopback0
!
aaa authentication login TAL_AUTHEN_LIST group RADIUS_GR
aaa authorization network TAL_AUTHEN_LIST group RADIUS_GR
aaa authorization network SERVICE group RADIUS_GR
aaa authorization subscriber-service default local group RADIUS_GR
aaa authorization subscriber-service RADIUS_GR group RADIUS_GR
aaa accounting delay-start all
aaa accounting update periodic 3
aaa accounting include auth-profile framed-ip-address
aaa accounting network default start-stop group RADIUS_GR
aaa accounting network CISCO_ISG_SESSION_ACCNT_LIST start-stop group RADIUS_GR
aaa accounting network TAL_AUTHEN_LIST start-stop group RADIUS_GR
!
!
!
!
aaa server radius dynamic-author
client 85.*.*.135 server-key 7 130E120B4509122565262F
client 85.*.*.114 server-key 7 050003166F495806570710
port 8899
auth-type any
ignore session-key
ignore server-key
!
aaa session-id unique
!
transport-map type persistent ssh sshhandler
authentication-retries 5
rsa keypair-name evo.bg
connection wait allow interruptible
!
clock timezone EET 2 0
clock summer-time EET recurring last Sun Mar 2:00 last Sun Oct 4:00
clock save interval 16
!
!
!
no ip domain lookup
ip name-server 87.*.*9
ip name-server 85.*.*.241
ip dhcp relay information option
ip dhcp relay information policy keep
no ip dhcp relay information check
ip dhcp relay information trust-all
!
ip dhcp pool DHCP_POOL_DEFAULT
relay source 87.*.*.0 255.255.255.0
relay destination 85.*.*.102
!
!
!
!
!
subscriber service password 7 141C171242013C246A2A34
subscriber service multiple-accept
subscriber service session-accounting
subscriber service accounting interim-interval 15
subscriber redundancy dynamic periodic-update interval 10
subscriber authorization enable
!
redirect server-group ISG_GROUP
server ip 87.*.*.114 port 4040
!
redirect session-limit 128
mpls label protocol ldp
multilink bundle-name authenticated

!
!
class-map type traffic match-any CLASS-10_20
match access-group input 10
match access-group output 20
!
class-map type traffic match-any ISG_OPENGARDEN
match access-group output name ACL_OUT_OPENGARDEN
match access-group input name ACL_IN_OPENGARDEN
!
class-map type traffic match-any L4REDIRECT
match access-group input name ACL_IN_L4REDIRECT
!
!
class-map match-any CLASS_TRAFFIC_BG
match qos-group 11
match access-group name LOCAL_PREFIXES
class-map match-all CLASS_TRAFFIC_INTERNATIONAL
match qos-group 10
policy-map type service OPENGARDEN_SERVICE
20 class type traffic ISG_OPENGARDEN
!
!
policy-map type service L4REDIRECT_SERVICE
10 class type traffic L4REDIRECT
 accounting aaa list CISCO_ISG_SESSION_ACCNT_LIST
 redirect to group ISG_GROUP
!
class type traffic default input
 drop
!
!
policy-map type control ISG_IPOE_SESSION_RULE1
class type control always event session-start
 10 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #
!
class type control always event account-logon
 10 authenticate aaa list TAL_AUTHEN_LIST
!

!
interface Loopback0
ip address 87.*.*.80 255.255.255.255
!
interface Loopback6
no ip address
!
interface Loopback555
ip address 87.*.*.1 255.255.255.0
!
interface TenGigabitEthernet0/0/0
no ip address
logging event link-status
logging event subif-link-status
!
interface TenGigabitEthernet0/0/0.31
!
interface TenGigabitEthernet0/0/0.359
encapsulation dot1Q 359
ip address 85.*.*.66 255.255.255.252
!
interface TenGigabitEthernet0/0/0.360
description up2se600-int
encapsulation dot1Q 360
ip address 85.*.*.70 255.255.255.252
bgp-policy destination ip-qos-map
!
interface TenGigabitEthernet0/0/0.361
description up2huawei-ont
encapsulation dot1Q 361
ip unnumbered Loopback555
service-policy type control ISG_IPOE_SESSION_RULE1
ip subscriber l2-connected
 initiator dhcp class-aware
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
router ospf 200
router-id 87.*.*.80
redistribute connected subnets
network 85.*.*.64 0.0.0.3 area 359
!
router bgp 24964
table-map SET_TRAFFIC_GROUP
bgp router-id 87.*.*80
bgp log-neighbor-changes
redistribute connected
neighbor 8.8.8.65 remote-as 24964
neighbor 8.8.8.65 soft-reconfiguration inbound
neighbor 8.8.8.65 route-map BGP_BG_IN in
neighbor 8.8.8.69 remote-as 24964
neighbor 8.8.8.69 soft-reconfiguration inbound
neighbor 8.8.8.69 prefix-list EVO-OUT-BG out
neighbor 8.8.8.69 route-map BGP_INT_IN in
!
ip forward-protocol nd
!
ip bgp-community new-format

no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 8.8.8.69
!
ip access-list extended ACL_IN_L4REDIRECT
deny   tcp any host 87.*.*114 eq 4040
deny   tcp any host 87.*.*114
deny   udp any any eq domain
permit icmp any any
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended ACL_IN_OPENGARDEN
permit ip any host 87.*.*114
permit udp any any eq domain
permit udp any eq domain any
permit icmp any any
ip access-list extended ACL_OUT_OPENGARDEN
permit ip host 87.*.*114 any
permit udp any any eq domain
permit udp any eq domain any
permit icmp any any
ip access-list extended LOCAL_PREFIXES
permit ip any 8.8.8.0 0.0.63.255
deny   ip any any
!
ip radius source-interface Loopback0
logging 8.8.8.102
access-list 10 permit any
access-list 20 permit any
!

!
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 218 mandatory
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute 4 87.*.*80
radius-server host 85.*.*.135 auth-port 1812 acct-port 1813 key 7 1436332A2F2D19080B
radius-server key 7 132436332825370904
radius-server vsa send accounting
radius-server vsa send authentication
!
!
control-plane
!
!
!
!
alias exec sbsa show subscriber session all
!
line con 0
stopbits 1
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
ntp server 8.8.8.102
!
end

Вот то, что в задней части радиус сервер.

"Cisco-AVPair", "subscriber:service-name=L4REDIRECT_SERVICE
"Cisco-AVPair", "subscriber:command=activate-service"
"Cisco-AVPair", "subscriber:service-name=OPENGARDEN_SERVICE"
"Cisco-AVPair", "subscriber:command=activate-service"


"Cisco-AVPair", "ip:traffic-class=in default drop"
"Cisco-AVPair", "ip:traffic-class=in access-group name ACL_IN_L4REDIRECT priority 30"
"Cisco-AVPair", "ip:traffic-class=out default drop"
"Cisco-Account-Info","QU;512000;256000;D;512000;256000"
"Cisco-AVPair","subscriber:accounting-list=CISCO_ISG_SESSION_ACCNT_LIST"

 

Вот самое интересное.

 

policy-map type control ISG_IPOE_SESSION_RULE1

class type control always event session-start

2 service-policy type service name L4REDIRECT_SERVICE

3 service-policy type service name OPENGARDEN_SERVICE

10 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #

 

Здесь все работает и L4REDIRECT и OPENGARDEN_SERVICE

ну если рул 2 и 3 становиться 20 и 30 не работает.

 

Здес сессий когда не работает

Type: IP, UID: 975, State: authen, Identity: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2
IPv4 Address: 87.*.*.10
Session Up-time: 00:00:07, Last Changed: 00:00:06
Switch-ID: 6137

Policy information:
 Context 7F0F3D0BA270: Handle 3400052C
 AAA_id 0000042E: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "OPENGARDEN_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in access-group name ACL_IN_OPENGARDEN priority 30"
   traffic-class        0   "in default drop"
   traffic-class        0   "out access-group name ACL_OUT_OPENGARDEN priority 30"
   traffic-class        0   "out default drop"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*.10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.250.83.2 xpon 0/5/5:8.361.1"
 Downloaded User profile, including services:
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "OPENGARDEN_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in access-group name ACL_IN_OPENGARDEN priority 30"
   traffic-class        0   "in default drop"
   traffic-class        0   "out access-group name ACL_OUT_OPENGARDEN priority 30"
   traffic-class        0   "out default drop"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*.10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
 Config history for session (recent to oldest):
   Access-type: IP Client: DHCP
    Policy event: Session-Update
     Profile name: apply-config-only, 2 references
       clid-mac-addr        0   D4 CA 6D 45 4E D2
       addr                 0   87.*.*.10
       netmask              0   255.255.255.255
       config-source-dpm    0   True
       circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
   Access-type: IP Client: SM
    Policy event: Service Selection Request
     Profile name: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2, 2 references
       service-type         0   2 [Framed]
       accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
       service-name         0   "OPENGARDEN_SERVICE"
       command              0   "activate-service"
       traffic-class        0   "in access-group name ACL_IN_OPENGARDEN priority 30"
       traffic-class        0   "in default drop"
       traffic-class        0   "out access-group name ACL_OUT_OPENGARDEN priority 30"
       traffic-class        0   "out default drop"
 Rules, actions and conditions executed:
   subscriber rule-map ISG_IPOE_SESSION_RULE1
     condition always event session-start
       10 authorize aaa list TAL_AUTHEN_LIST identifier circuit-id#mac-address

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    2          252                    0    Match Any
1           Out   0          0                      0    Match Any

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   2          234                   Peruser
1          Out  0          0                     Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
USR   00:00:07     -               Peruser
INT   00:00:07     -               TenGigabitEthernet0/0/0.361

 

 

А здес сесий когда редирект работает.

Type: IP, UID: 977, State: authen, Identity: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2
IPv4 Address: 87.*.*10
Session Up-time: 00:00:23, Last Changed: 00:00:23
Switch-ID: 6148

Policy information:
 Context 7F0F3D0BA270: Handle AA00052E
 AAA_id 00000430: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "L4REDIRECT_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in default drop"
   traffic-class        0   "in access-group name ACL_IN_L4REDIRECT priority 30"
   traffic-class        0   "out access-group name ACL_OUT_L4REDIRECT priority 30"
   traffic-class        0   "out default drop"
   ssg-account-info     0   "QU;512000;256000;D;512000;256000"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
 Downloaded User profile, including services:
   l4redirect           0   "redirect to group ISG_GROUP"
   username             0   "OPENGARDEN_SERVICE"
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "L4REDIRECT_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in default drop"
   traffic-class        0   "in access-group name ACL_IN_L4REDIRECT priority 30"
   traffic-class        0   "out access-group name ACL_OUT_L4REDIRECT priority 30"
   traffic-class        0   "out default drop"
   ssg-account-info     0   "QU;512000;256000;D;512000;256000"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
 Config history for session (recent to oldest):
   Access-type: IP Client: DHCP
    Policy event: Session-Update
     Profile name: apply-config-only, 2 references
       clid-mac-addr        0   D4 CA 6D 45 4E D2
       addr                 0   87.*.*10
       netmask              0   255.255.255.255
       config-source-dpm    0   True
       circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
   Access-type: IP Client: SM
    Policy event: Service Selection Request
     Profile name: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2, 2 references
       service-type         0   2 [Framed]
       accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
       service-name         0   "L4REDIRECT_SERVICE"
       command              0   "activate-service"
       traffic-class        0   "in default drop"
       traffic-class        0   "in access-group name ACL_IN_L4REDIRECT priority 30"
       traffic-class        0   "out access-group name ACL_OUT_L4REDIRECT priority 30"
       traffic-class        0   "out default drop"
       ssg-account-info     0   "QU;512000;256000;D;512000;256000"
   Access-type: IP Client: SM
    Policy event: Service Selection Request (Service)
     Profile name: OPENGARDEN_SERVICE, 3 references
       password             0   <hidden>
       username             0   "OPENGARDEN_SERVICE"
       traffic-class        0   "output access-group name ACL_OUT_OPENGARDEN priority 20"
       traffic-class        0   "input access-group name ACL_IN_OPENGARDEN priority 20"
   Access-type: IP Client: SM
    Policy event: Service Selection Request (Service)
     Profile name: L4REDIRECT_SERVICE, 3 references
       password             0   <hidden>
       username             0   "L4REDIRECT_SERVICE"
       traffic-class        0   "input access-group name ACL_IN_L4REDIRECT priority 10"
       l4redirect           0   "redirect to group ISG_GROUP"
       accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
       traffic-class        0   "input default drop"
       traffic-class        0   "output default drop"
 Active services associated with session:
   name "OPENGARDEN_SERVICE", applied before account logon
   name "L4REDIRECT_SERVICE", applied before account logon
 Rules, actions and conditions executed:
   subscriber rule-map ISG_IPOE_SESSION_RULE1
     condition always event session-start
       2 service-policy type service name L4REDIRECT_SERVICE
       3 service-policy type service name OPENGARDEN_SERVICE
       10 authorize aaa list TAL_AUTHEN_LIST identifier circuit-id#mac-address

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    1          117                    0    Match Any
1           Out   0          0                      0    Match Any
334         In    0          0                      10   Match ACL ACL_IN_L4REDIRECT
336         In    0          0                      20   Match ACL ACL_IN_OPENGARDEN
337         Out   0          0                      20   Match ACL ACL_OUT_OPENGARDEN
4294967294  In    1          117                    -    Drop

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   0          0                     Peruser
1          Out  0          0                     Peruser
334        In   0          0                     L4REDIRECT_SERVICE

L4 Redirect:
Class-id   Rule cfg  Definition                               Source
334        #1   SVC  to group ISG_GROUP                       L4REDIRECT_SERVICE

Policing:
Class-id   Dir  Avg. Rate   Normal Burst  Excess Burst Source
0          In   512000      256000        0            Peruser
1          Out  512000      256000        0            Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
SVC   00:00:23     3372220429      L4REDIRECT_SERVICE
SVC   00:00:23     -               OPENGARDEN_SERVICE
USR   00:00:23     -               Peruser
INT   00:00:23     -               TenGigabitEthernet0/0/0.361

 

 

То есть именно там, где я вижу разницы

 

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    1          117                    0    Match Any
1           Out   0          0                      0    Match Any
334         In    0          0                      10   Match ACL ACL_IN_L4REDIRECT
336         In    0          0                      20   Match ACL ACL_IN_OPENGARDEN
337         Out   0          0                      20   Match ACL ACL_OUT_OPENGARDEN
4294967294  In    1          117                    -    Drop

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   0          0                     Peruser
1          Out  0          0                     Peruser
334        In   0          0                     L4REDIRECT_SERVICE

L4 Redirect:
Class-id   Rule cfg  Definition                               Source
334        #1   SVC  to group ISG_GROUP                       L4REDIRECT_SERVICE

Policing:
Class-id   Dir  Avg. Rate   Normal Burst  Excess Burst Source
0          In   512000      256000        0            Peruser
1          Out  512000      256000        0            Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
SVC   00:00:23     3372220429      L4REDIRECT_SERVICE
SVC   00:00:23     -               OPENGARDEN_SERVICE
USR   00:00:23     -               Peruser
INT   00:00:23     -               TenGigabitEthernet0/0/0.361

Edited by LinuxLoader

Share this post


Link to post
Share on other sites

Хороший пользователь выдавать сервис INTERNET с задней части радиус сервер.

Плохой пользователь выдавать сервис L4REDIRECT и OPENGARDEN c задней части радиу сервер.

Делать так:

policy-map type control ISG_IPOE_SESSION_RULE1
class type control always event session-start
 1 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #

Share this post


Link to post
Share on other sites

Хороший пользователь выдавать сервис INTERNET с задней части радиус сервер.

Плохой пользователь выдавать сервис L4REDIRECT и OPENGARDEN c задней части радиу сервер.

Делать так:

policy-map type control ISG_IPOE_SESSION_RULE1
class type control always event session-start
 1 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #

 

Я также хотел бы пройти все услуги только в радиусе, но, когда они проходят, следовательно, не применяются Classifiers: Class-id. Обратите внимание на разницу в две сессии для конфигурации, это именно проблема для меня

Share this post


Link to post
Share on other sites

Я не понял :( может по-английски?

Share this post


Link to post
Share on other sites

Basic idea is auth depending on the circuit-id , and service-profile from the radius based on the subscriber circuit-id ( with one circuit there can be multiple subscribers with different mac addresses ) .All that thing i was doing with redback SE600 with different context depends of the type of the circuit-id ( huawei , nsn, zyxel pon have a diffent circuit-id format ) . Now i must implement ASR1K .

Whit this config , when service is applying from the radius there are no classification in the Classifiers: Class-id . ACL are applied and the policy-map is applied , but in subscriber session there is no classification ...... , but if i apply both policy map without auth all is fine ! ... acl are same policy-map are same and there is classification . Just see the difference in the sessions and you will see the difference.

Share this post


Link to post
Share on other sites

Для получения информации о тех, кто будет играть в будущем, положив счет может быть сделано только в CoA, а не access-request .Если вы поместите правил в оригинальном разрешении они не применяются правильно (не сделал необходимые classification class-id) и, таким образом перенаправить портал и не работают.

Share this post


Link to post
Share on other sites

Чтобы классифицировать пользователя на портале нужно использовать PBHK =) Покажите конфигурацию, которая работает на SE600

Share this post


Link to post
Share on other sites

Here is the config for the SE600

 

radius service profile redirect
 parameter value redirect-url
 parameter value portal-ip
 parameter value portal-port 80
 parameter list tcp-port
 accounting in fwd captive-portal-redirect
 seq 10 attribute Forward-Policy in captive-portal-redirect
 seq 20 attribute HTTP-Redirect-url $redirect-url
 seq 30 attribute Service-Timeout 2147483647
 seq 50 attribute Dynamic-Policy-Filter "ip in forward dstip $portal-ip tcp dstport = $portal-port class portal fwd"
 seq 60 foreach tcp-port
   seq 70 attribute Dynamic-Policy-Filter "ip in forward tcp dstport = $tcp-port class redirect fwd"
 exit
 seq 80 attribute Filter-Id in captive-redirect
 seq 90 attribute Service-Interim-Accounting 900

forward policy captive-portal-redirect radius-guided
access-group captive-policy copper
 class captive-portal-redirect
  redirect destination local
 class captive-portal

 

from the radius server we send and the redirect-url address .

 

Here and the subscriber look like

 

0:21:27:f5:5d:ad
       Session state Up
       Circuit   2/2 vlan-id 1275 clips 405893
       Internal Circuit   2/2:1023:63/7/2/300770
       Interface bound  vlan-multibind
       Current port-limit unlimited
       Protocol Stack IPV4
       dns primary x (applied from sub_default)
       dns secondary x (applied from sub_default)
       dhcp max-addrs 1 (applied)
       dhcp vendor class id MSFT 98 (applied)
       dhcp option client id 0x3d0701002127f55dad (applied)
       dhcp option hostname 0x0c094e6174526f75746572 (applied)
       qos-metering-policy outbound-radius (applied)
       qos-policing-policy inbound-radius (applied)
       qos rate inbound rate 5120 burst 1000000 (applied)
       qos rate outbound rate 5120 burst 1000000 (applied)
       forward policy in captive-portal-redirect [svc mask: 0x0001] (applied)
       http-redirect-url http://x:4040 [svc mask: 0x0001] (applied)
       ip access-group in captive-redirect [svc mask: 0x0001] (applied)
       service  (applied)
          [svc id: 0] copper-redirect (acct enabled)
       service-parameter  (applied)
          [svc id: 0] redirect-url=http://xxxx114:4040
          [svc id: 0] portal-ip=xxxx.114/32
          [svc id: 0] portal-port=4040
          [svc id: 0] tcp-port=www,443,4040,8080
       dynamic policy acl  [svc mask: 0x0001] (applied in: fwd)
          [svc id: 0] ip in forward dstip x/32 tcp dstport = 4040 class portal fwd
          [svc id: 0] ip in forward tcp dstport = www class redirect fwd
          [svc id: 0] ip in forward tcp dstport = 443 class redirect fwd
          [svc id: 0] ip in forward tcp dstport = 4040 class redirect fwd
          [svc id: 0] ip in forward tcp dstport = 8080 class redirect fwd
       service-acct (in)  [svc mask: 0x0001] (applied)
          [svc id: 0] fwd class-mask 0x01
       service-abs-timeout  [svc mask: 0x0001] (applied)
          [svc id: 0] 2147483647
       service-interim-acct-interval  [svc mask: 0x0001] (applied)
          [svc id: 0] 900
         IP host entries installed by DHCP: (max_addr 1 cur_entries 1)
               xxxx.82    00:21:27:f5:5d:ad

Edited by LinuxLoader

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this