LinuxLoader Posted July 19, 2012 (edited) Прежде всего я хочу извиниться за плохой русский. Железа ASR1006 Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1) IOS XE Version: 03.06.00.S NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40" Идея состоит в том , чтобы знать в зависимости от клиента( based on circuit-id) и работать в Интернет с определенными параметрами или отправить портал Проблема в том, что при размещении вручную поставить policy-map type service L4REDIRECT_SERVICE+OPENGARDEN все ваши классы и другие трафик и перенаправлять работ. Но когда я утверждаю, радиус ЭВМ не работает. Здесь конфигурации маршрутизатора version 15.2 service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service unsupported-transceiver no platform punt-keepalive disable-kernel-core ! hostname ASR1006-VT1 ! boot-start-marker boot system flash bootflash:/asr1000rp2-advipservicesk9.03.06.00.S.152-2.S.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging userinfo logging buffered 400000 enable secret 4 MwiIOyhbTdyB8ClOX4xeYduphxrQGmVjVXFM2w9JXZc enable password 7 070C285F4D065700011D450E03 ! aaa new-model ! ! aaa group server radius RADIUS_GR server 85.*.*.135 auth-port 1812 acct-port 1813 ip radius source-interface Loopback0 ! aaa authentication login TAL_AUTHEN_LIST group RADIUS_GR aaa authorization network TAL_AUTHEN_LIST group RADIUS_GR aaa authorization network SERVICE group RADIUS_GR aaa authorization subscriber-service default local group RADIUS_GR aaa authorization subscriber-service RADIUS_GR group RADIUS_GR aaa accounting delay-start all aaa accounting update periodic 3 aaa accounting include auth-profile framed-ip-address aaa accounting network default start-stop group RADIUS_GR aaa accounting network CISCO_ISG_SESSION_ACCNT_LIST start-stop group RADIUS_GR aaa accounting network TAL_AUTHEN_LIST start-stop group RADIUS_GR ! ! ! ! aaa server radius dynamic-author client 85.*.*.135 server-key 7 130E120B4509122565262F client 85.*.*.114 server-key 7 050003166F495806570710 port 8899 auth-type any ignore session-key ignore server-key ! aaa session-id unique ! transport-map type persistent ssh sshhandler authentication-retries 5 rsa keypair-name evo.bg connection wait allow interruptible ! clock timezone EET 2 0 clock summer-time EET recurring last Sun Mar 2:00 last Sun Oct 4:00 clock save interval 16 ! ! ! no ip domain lookup ip name-server 87.*.*9 ip name-server 85.*.*.241 ip dhcp relay information option ip dhcp relay information policy keep no ip dhcp relay information check ip dhcp relay information trust-all ! ip dhcp pool DHCP_POOL_DEFAULT relay source 87.*.*.0 255.255.255.0 relay destination 85.*.*.102 ! ! ! ! ! subscriber service password 7 141C171242013C246A2A34 subscriber service multiple-accept subscriber service session-accounting subscriber service accounting interim-interval 15 subscriber redundancy dynamic periodic-update interval 10 subscriber authorization enable ! redirect server-group ISG_GROUP server ip 87.*.*.114 port 4040 ! redirect session-limit 128 mpls label protocol ldp multilink bundle-name authenticated ! ! class-map type traffic match-any CLASS-10_20 match access-group input 10 match access-group output 20 ! class-map type traffic match-any ISG_OPENGARDEN match access-group output name ACL_OUT_OPENGARDEN match access-group input name ACL_IN_OPENGARDEN ! class-map type traffic match-any L4REDIRECT match access-group input name ACL_IN_L4REDIRECT ! ! class-map match-any CLASS_TRAFFIC_BG match qos-group 11 match access-group name LOCAL_PREFIXES class-map match-all CLASS_TRAFFIC_INTERNATIONAL match qos-group 10 policy-map type service OPENGARDEN_SERVICE 20 class type traffic ISG_OPENGARDEN ! ! policy-map type service L4REDIRECT_SERVICE 10 class type traffic L4REDIRECT accounting aaa list CISCO_ISG_SESSION_ACCNT_LIST redirect to group ISG_GROUP ! class type traffic default input drop ! ! policy-map type control ISG_IPOE_SESSION_RULE1 class type control always event session-start 10 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator # ! class type control always event account-logon 10 authenticate aaa list TAL_AUTHEN_LIST ! ! interface Loopback0 ip address 87.*.*.80 255.255.255.255 ! interface Loopback6 no ip address ! interface Loopback555 ip address 87.*.*.1 255.255.255.0 ! interface TenGigabitEthernet0/0/0 no ip address logging event link-status logging event subif-link-status ! interface TenGigabitEthernet0/0/0.31 ! interface TenGigabitEthernet0/0/0.359 encapsulation dot1Q 359 ip address 85.*.*.66 255.255.255.252 ! interface TenGigabitEthernet0/0/0.360 description up2se600-int encapsulation dot1Q 360 ip address 85.*.*.70 255.255.255.252 bgp-policy destination ip-qos-map ! interface TenGigabitEthernet0/0/0.361 description up2huawei-ont encapsulation dot1Q 361 ip unnumbered Loopback555 service-policy type control ISG_IPOE_SESSION_RULE1 ip subscriber l2-connected initiator dhcp class-aware ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address negotiation auto ! router ospf 200 router-id 87.*.*.80 redistribute connected subnets network 85.*.*.64 0.0.0.3 area 359 ! router bgp 24964 table-map SET_TRAFFIC_GROUP bgp router-id 87.*.*80 bgp log-neighbor-changes redistribute connected neighbor 8.8.8.65 remote-as 24964 neighbor 8.8.8.65 soft-reconfiguration inbound neighbor 8.8.8.65 route-map BGP_BG_IN in neighbor 8.8.8.69 remote-as 24964 neighbor 8.8.8.69 soft-reconfiguration inbound neighbor 8.8.8.69 prefix-list EVO-OUT-BG out neighbor 8.8.8.69 route-map BGP_INT_IN in ! ip forward-protocol nd ! ip bgp-community new-format no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 8.8.8.69 ! ip access-list extended ACL_IN_L4REDIRECT deny tcp any host 87.*.*114 eq 4040 deny tcp any host 87.*.*114 deny udp any any eq domain permit icmp any any permit tcp any any eq www permit tcp any any eq 443 ip access-list extended ACL_IN_OPENGARDEN permit ip any host 87.*.*114 permit udp any any eq domain permit udp any eq domain any permit icmp any any ip access-list extended ACL_OUT_OPENGARDEN permit ip host 87.*.*114 any permit udp any any eq domain permit udp any eq domain any permit icmp any any ip access-list extended LOCAL_PREFIXES permit ip any 8.8.8.0 0.0.63.255 deny ip any any ! ip radius source-interface Loopback0 logging 8.8.8.102 access-list 10 permit any access-list 20 permit any ! ! radius-server attribute 44 include-in-access-req default-vrf radius-server attribute 218 mandatory radius-server attribute 6 on-for-login-auth radius-server attribute 6 support-multiple radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server attribute 25 access-request include radius-server attribute 4 87.*.*80 radius-server host 85.*.*.135 auth-port 1812 acct-port 1813 key 7 1436332A2F2D19080B radius-server key 7 132436332825370904 radius-server vsa send accounting radius-server vsa send authentication ! ! control-plane ! ! ! ! alias exec sbsa show subscriber session all ! line con 0 stopbits 1 line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! ntp server 8.8.8.102 ! end Вот то, что в задней части радиус сервер. "Cisco-AVPair", "subscriber:service-name=L4REDIRECT_SERVICE "Cisco-AVPair", "subscriber:command=activate-service" "Cisco-AVPair", "subscriber:service-name=OPENGARDEN_SERVICE" "Cisco-AVPair", "subscriber:command=activate-service" "Cisco-AVPair", "ip:traffic-class=in default drop" "Cisco-AVPair", "ip:traffic-class=in access-group name ACL_IN_L4REDIRECT priority 30" "Cisco-AVPair", "ip:traffic-class=out default drop" "Cisco-Account-Info","QU;512000;256000;D;512000;256000" "Cisco-AVPair","subscriber:accounting-list=CISCO_ISG_SESSION_ACCNT_LIST" Вот самое интересное. policy-map type control ISG_IPOE_SESSION_RULE1 class type control always event session-start 2 service-policy type service name L4REDIRECT_SERVICE 3 service-policy type service name OPENGARDEN_SERVICE 10 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator # Здесь все работает и L4REDIRECT и OPENGARDEN_SERVICE ну если рул 2 и 3 становиться 20 и 30 не работает. Здес сессий когда не работает Type: IP, UID: 975, State: authen, Identity: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2 IPv4 Address: 87.*.*.10 Session Up-time: 00:00:07, Last Changed: 00:00:06 Switch-ID: 6137 Policy information: Context 7F0F3D0BA270: Handle 3400052C AAA_id 0000042E: Flow_handle 0 Authentication status: authen Downloaded User profile, excluding services: service-type 0 2 [Framed] accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" service-name 0 "OPENGARDEN_SERVICE" command 0 "activate-service" traffic-class 0 "in access-group name ACL_IN_OPENGARDEN priority 30" traffic-class 0 "in default drop" traffic-class 0 "out access-group name ACL_OUT_OPENGARDEN priority 30" traffic-class 0 "out default drop" clid-mac-addr 0 D4 CA 6D 45 4E D2 addr 0 87.*.*.10 netmask 0 255.255.255.255 config-source-dpm 0 True circuit-id-tag 0 "10.250.83.2 xpon 0/5/5:8.361.1" Downloaded User profile, including services: service-type 0 2 [Framed] accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" service-name 0 "OPENGARDEN_SERVICE" command 0 "activate-service" traffic-class 0 "in access-group name ACL_IN_OPENGARDEN priority 30" traffic-class 0 "in default drop" traffic-class 0 "out access-group name ACL_OUT_OPENGARDEN priority 30" traffic-class 0 "out default drop" clid-mac-addr 0 D4 CA 6D 45 4E D2 addr 0 87.*.*.10 netmask 0 255.255.255.255 config-source-dpm 0 True circuit-id-tag 0 "10.*.*.2 xpon 0/5/5:8.361.1" Config history for session (recent to oldest): Access-type: IP Client: DHCP Policy event: Session-Update Profile name: apply-config-only, 2 references clid-mac-addr 0 D4 CA 6D 45 4E D2 addr 0 87.*.*.10 netmask 0 255.255.255.255 config-source-dpm 0 True circuit-id-tag 0 "10.*.*.2 xpon 0/5/5:8.361.1" Access-type: IP Client: SM Policy event: Service Selection Request Profile name: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2, 2 references service-type 0 2 [Framed] accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" service-name 0 "OPENGARDEN_SERVICE" command 0 "activate-service" traffic-class 0 "in access-group name ACL_IN_OPENGARDEN priority 30" traffic-class 0 "in default drop" traffic-class 0 "out access-group name ACL_OUT_OPENGARDEN priority 30" traffic-class 0 "out default drop" Rules, actions and conditions executed: subscriber rule-map ISG_IPOE_SESSION_RULE1 condition always event session-start 10 authorize aaa list TAL_AUTHEN_LIST identifier circuit-id#mac-address Classifiers: Class-id Dir Packets Bytes Pri. Definition 0 In 2 252 0 Match Any 1 Out 0 0 0 Match Any Features: Accounting: Class-id Dir Packets Bytes Source 0 In 2 234 Peruser 1 Out 0 0 Peruser Configuration Sources: Type Active Time AAA Service ID Name USR 00:00:07 - Peruser INT 00:00:07 - TenGigabitEthernet0/0/0.361 А здес сесий когда редирект работает. Type: IP, UID: 977, State: authen, Identity: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2 IPv4 Address: 87.*.*10 Session Up-time: 00:00:23, Last Changed: 00:00:23 Switch-ID: 6148 Policy information: Context 7F0F3D0BA270: Handle AA00052E AAA_id 00000430: Flow_handle 0 Authentication status: authen Downloaded User profile, excluding services: service-type 0 2 [Framed] accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" service-name 0 "L4REDIRECT_SERVICE" command 0 "activate-service" traffic-class 0 "in default drop" traffic-class 0 "in access-group name ACL_IN_L4REDIRECT priority 30" traffic-class 0 "out access-group name ACL_OUT_L4REDIRECT priority 30" traffic-class 0 "out default drop" ssg-account-info 0 "QU;512000;256000;D;512000;256000" clid-mac-addr 0 D4 CA 6D 45 4E D2 addr 0 87.*.*10 netmask 0 255.255.255.255 config-source-dpm 0 True circuit-id-tag 0 "10.*.*.2 xpon 0/5/5:8.361.1" Downloaded User profile, including services: l4redirect 0 "redirect to group ISG_GROUP" username 0 "OPENGARDEN_SERVICE" service-type 0 2 [Framed] accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" service-name 0 "L4REDIRECT_SERVICE" command 0 "activate-service" traffic-class 0 "in default drop" traffic-class 0 "in access-group name ACL_IN_L4REDIRECT priority 30" traffic-class 0 "out access-group name ACL_OUT_L4REDIRECT priority 30" traffic-class 0 "out default drop" ssg-account-info 0 "QU;512000;256000;D;512000;256000" clid-mac-addr 0 D4 CA 6D 45 4E D2 addr 0 87.*.*10 netmask 0 255.255.255.255 config-source-dpm 0 True circuit-id-tag 0 "10.*.*.2 xpon 0/5/5:8.361.1" Config history for session (recent to oldest): Access-type: IP Client: DHCP Policy event: Session-Update Profile name: apply-config-only, 2 references clid-mac-addr 0 D4 CA 6D 45 4E D2 addr 0 87.*.*10 netmask 0 255.255.255.255 config-source-dpm 0 True circuit-id-tag 0 "10.*.*.2 xpon 0/5/5:8.361.1" Access-type: IP Client: SM Policy event: Service Selection Request Profile name: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2, 2 references service-type 0 2 [Framed] accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" service-name 0 "L4REDIRECT_SERVICE" command 0 "activate-service" traffic-class 0 "in default drop" traffic-class 0 "in access-group name ACL_IN_L4REDIRECT priority 30" traffic-class 0 "out access-group name ACL_OUT_L4REDIRECT priority 30" traffic-class 0 "out default drop" ssg-account-info 0 "QU;512000;256000;D;512000;256000" Access-type: IP Client: SM Policy event: Service Selection Request (Service) Profile name: OPENGARDEN_SERVICE, 3 references password 0 <hidden> username 0 "OPENGARDEN_SERVICE" traffic-class 0 "output access-group name ACL_OUT_OPENGARDEN priority 20" traffic-class 0 "input access-group name ACL_IN_OPENGARDEN priority 20" Access-type: IP Client: SM Policy event: Service Selection Request (Service) Profile name: L4REDIRECT_SERVICE, 3 references password 0 <hidden> username 0 "L4REDIRECT_SERVICE" traffic-class 0 "input access-group name ACL_IN_L4REDIRECT priority 10" l4redirect 0 "redirect to group ISG_GROUP" accounting-list 0 "CISCO_ISG_SESSION_ACCNT_LIST" traffic-class 0 "input default drop" traffic-class 0 "output default drop" Active services associated with session: name "OPENGARDEN_SERVICE", applied before account logon name "L4REDIRECT_SERVICE", applied before account logon Rules, actions and conditions executed: subscriber rule-map ISG_IPOE_SESSION_RULE1 condition always event session-start 2 service-policy type service name L4REDIRECT_SERVICE 3 service-policy type service name OPENGARDEN_SERVICE 10 authorize aaa list TAL_AUTHEN_LIST identifier circuit-id#mac-address Classifiers: Class-id Dir Packets Bytes Pri. Definition 0 In 1 117 0 Match Any 1 Out 0 0 0 Match Any 334 In 0 0 10 Match ACL ACL_IN_L4REDIRECT 336 In 0 0 20 Match ACL ACL_IN_OPENGARDEN 337 Out 0 0 20 Match ACL ACL_OUT_OPENGARDEN 4294967294 In 1 117 - Drop Features: Accounting: Class-id Dir Packets Bytes Source 0 In 0 0 Peruser 1 Out 0 0 Peruser 334 In 0 0 L4REDIRECT_SERVICE L4 Redirect: Class-id Rule cfg Definition Source 334 #1 SVC to group ISG_GROUP L4REDIRECT_SERVICE Policing: Class-id Dir Avg. Rate Normal Burst Excess Burst Source 0 In 512000 256000 0 Peruser 1 Out 512000 256000 0 Peruser Configuration Sources: Type Active Time AAA Service ID Name SVC 00:00:23 3372220429 L4REDIRECT_SERVICE SVC 00:00:23 - OPENGARDEN_SERVICE USR 00:00:23 - Peruser INT 00:00:23 - TenGigabitEthernet0/0/0.361 То есть именно там, где я вижу разницы Classifiers: Class-id Dir Packets Bytes Pri. Definition 0 In 1 117 0 Match Any 1 Out 0 0 0 Match Any 334 In 0 0 10 Match ACL ACL_IN_L4REDIRECT 336 In 0 0 20 Match ACL ACL_IN_OPENGARDEN 337 Out 0 0 20 Match ACL ACL_OUT_OPENGARDEN 4294967294 In 1 117 - Drop Features: Accounting: Class-id Dir Packets Bytes Source 0 In 0 0 Peruser 1 Out 0 0 Peruser 334 In 0 0 L4REDIRECT_SERVICE L4 Redirect: Class-id Rule cfg Definition Source 334 #1 SVC to group ISG_GROUP L4REDIRECT_SERVICE Policing: Class-id Dir Avg. Rate Normal Burst Excess Burst Source 0 In 512000 256000 0 Peruser 1 Out 512000 256000 0 Peruser Configuration Sources: Type Active Time AAA Service ID Name SVC 00:00:23 3372220429 L4REDIRECT_SERVICE SVC 00:00:23 - OPENGARDEN_SERVICE USR 00:00:23 - Peruser INT 00:00:23 - TenGigabitEthernet0/0/0.361 Edited July 19, 2012 by LinuxLoader Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
triam Posted July 19, 2012 Хороший пользователь выдавать сервис INTERNET с задней части радиус сервер. Плохой пользователь выдавать сервис L4REDIRECT и OPENGARDEN c задней части радиу сервер. Делать так: policy-map type control ISG_IPOE_SESSION_RULE1 class type control always event session-start 1 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator # Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
LinuxLoader Posted July 19, 2012 Хороший пользователь выдавать сервис INTERNET с задней части радиус сервер. Плохой пользователь выдавать сервис L4REDIRECT и OPENGARDEN c задней части радиу сервер. Делать так: policy-map type control ISG_IPOE_SESSION_RULE1 class type control always event session-start 1 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator # Я также хотел бы пройти все услуги только в радиусе, но, когда они проходят, следовательно, не применяются Classifiers: Class-id. Обратите внимание на разницу в две сессии для конфигурации, это именно проблема для меня Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
triam Posted July 19, 2012 Я не понял :( может по-английски? Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
LinuxLoader Posted July 19, 2012 Basic idea is auth depending on the circuit-id , and service-profile from the radius based on the subscriber circuit-id ( with one circuit there can be multiple subscribers with different mac addresses ) .All that thing i was doing with redback SE600 with different context depends of the type of the circuit-id ( huawei , nsn, zyxel pon have a diffent circuit-id format ) . Now i must implement ASR1K . Whit this config , when service is applying from the radius there are no classification in the Classifiers: Class-id . ACL are applied and the policy-map is applied , but in subscriber session there is no classification ...... , but if i apply both policy map without auth all is fine ! ... acl are same policy-map are same and there is classification . Just see the difference in the sessions and you will see the difference. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
LinuxLoader Posted July 20, 2012 Для получения информации о тех, кто будет играть в будущем, положив счет может быть сделано только в CoA, а не access-request .Если вы поместите правил в оригинальном разрешении они не применяются правильно (не сделал необходимые classification class-id) и, таким образом перенаправить портал и не работают. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
triam Posted July 20, 2012 Чтобы классифицировать пользователя на портале нужно использовать PBHK =) Покажите конфигурацию, которая работает на SE600 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
LinuxLoader Posted July 20, 2012 (edited) Here is the config for the SE600 radius service profile redirect parameter value redirect-url parameter value portal-ip parameter value portal-port 80 parameter list tcp-port accounting in fwd captive-portal-redirect seq 10 attribute Forward-Policy in captive-portal-redirect seq 20 attribute HTTP-Redirect-url $redirect-url seq 30 attribute Service-Timeout 2147483647 seq 50 attribute Dynamic-Policy-Filter "ip in forward dstip $portal-ip tcp dstport = $portal-port class portal fwd" seq 60 foreach tcp-port seq 70 attribute Dynamic-Policy-Filter "ip in forward tcp dstport = $tcp-port class redirect fwd" exit seq 80 attribute Filter-Id in captive-redirect seq 90 attribute Service-Interim-Accounting 900 forward policy captive-portal-redirect radius-guided access-group captive-policy copper class captive-portal-redirect redirect destination local class captive-portal from the radius server we send and the redirect-url address . Here and the subscriber look like 0:21:27:f5:5d:ad Session state Up Circuit 2/2 vlan-id 1275 clips 405893 Internal Circuit 2/2:1023:63/7/2/300770 Interface bound vlan-multibind Current port-limit unlimited Protocol Stack IPV4 dns primary x (applied from sub_default) dns secondary x (applied from sub_default) dhcp max-addrs 1 (applied) dhcp vendor class id MSFT 98 (applied) dhcp option client id 0x3d0701002127f55dad (applied) dhcp option hostname 0x0c094e6174526f75746572 (applied) qos-metering-policy outbound-radius (applied) qos-policing-policy inbound-radius (applied) qos rate inbound rate 5120 burst 1000000 (applied) qos rate outbound rate 5120 burst 1000000 (applied) forward policy in captive-portal-redirect [svc mask: 0x0001] (applied) http-redirect-url http://x:4040 [svc mask: 0x0001] (applied) ip access-group in captive-redirect [svc mask: 0x0001] (applied) service (applied) [svc id: 0] copper-redirect (acct enabled) service-parameter (applied) [svc id: 0] redirect-url=http://xxxx114:4040 [svc id: 0] portal-ip=xxxx.114/32 [svc id: 0] portal-port=4040 [svc id: 0] tcp-port=www,443,4040,8080 dynamic policy acl [svc mask: 0x0001] (applied in: fwd) [svc id: 0] ip in forward dstip x/32 tcp dstport = 4040 class portal fwd [svc id: 0] ip in forward tcp dstport = www class redirect fwd [svc id: 0] ip in forward tcp dstport = 443 class redirect fwd [svc id: 0] ip in forward tcp dstport = 4040 class redirect fwd [svc id: 0] ip in forward tcp dstport = 8080 class redirect fwd service-acct (in) [svc mask: 0x0001] (applied) [svc id: 0] fwd class-mask 0x01 service-abs-timeout [svc mask: 0x0001] (applied) [svc id: 0] 2147483647 service-interim-acct-interval [svc mask: 0x0001] (applied) [svc id: 0] 900 IP host entries installed by DHCP: (max_addr 1 cur_entries 1) xxxx.82 00:21:27:f5:5d:ad Edited July 20, 2012 by LinuxLoader Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
