Перейти к содержимому
Калькуляторы

Cisco ASR1K ISG+radius проблемы в размещении профиль клиента радиуса

Прежде всего я хочу извиниться за плохой русский.

Железа ASR1006

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)

IOS XE Version: 03.06.00.S

NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40"

 

Идея состоит в том , чтобы знать в зависимости от клиента( based on circuit-id) и работать в Интернет с определенными параметрами или отправить портал

 

 

Проблема в том, что при размещении вручную поставить policy-map type service L4REDIRECT_SERVICE+OPENGARDEN все ваши классы и другие трафик и перенаправлять работ. Но когда я утверждаю, радиус ЭВМ не работает.

 

Здесь конфигурации маршрутизатора

version 15.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
!
hostname ASR1006-VT1
!
boot-start-marker
boot system flash bootflash:/asr1000rp2-advipservicesk9.03.06.00.S.152-2.S.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging userinfo
logging buffered 400000
enable secret 4 MwiIOyhbTdyB8ClOX4xeYduphxrQGmVjVXFM2w9JXZc
enable password 7 070C285F4D065700011D450E03
!
aaa new-model
!
!
aaa group server radius RADIUS_GR
server 85.*.*.135 auth-port 1812 acct-port 1813
ip radius source-interface Loopback0
!
aaa authentication login TAL_AUTHEN_LIST group RADIUS_GR
aaa authorization network TAL_AUTHEN_LIST group RADIUS_GR
aaa authorization network SERVICE group RADIUS_GR
aaa authorization subscriber-service default local group RADIUS_GR
aaa authorization subscriber-service RADIUS_GR group RADIUS_GR
aaa accounting delay-start all
aaa accounting update periodic 3
aaa accounting include auth-profile framed-ip-address
aaa accounting network default start-stop group RADIUS_GR
aaa accounting network CISCO_ISG_SESSION_ACCNT_LIST start-stop group RADIUS_GR
aaa accounting network TAL_AUTHEN_LIST start-stop group RADIUS_GR
!
!
!
!
aaa server radius dynamic-author
client 85.*.*.135 server-key 7 130E120B4509122565262F
client 85.*.*.114 server-key 7 050003166F495806570710
port 8899
auth-type any
ignore session-key
ignore server-key
!
aaa session-id unique
!
transport-map type persistent ssh sshhandler
authentication-retries 5
rsa keypair-name evo.bg
connection wait allow interruptible
!
clock timezone EET 2 0
clock summer-time EET recurring last Sun Mar 2:00 last Sun Oct 4:00
clock save interval 16
!
!
!
no ip domain lookup
ip name-server 87.*.*9
ip name-server 85.*.*.241
ip dhcp relay information option
ip dhcp relay information policy keep
no ip dhcp relay information check
ip dhcp relay information trust-all
!
ip dhcp pool DHCP_POOL_DEFAULT
relay source 87.*.*.0 255.255.255.0
relay destination 85.*.*.102
!
!
!
!
!
subscriber service password 7 141C171242013C246A2A34
subscriber service multiple-accept
subscriber service session-accounting
subscriber service accounting interim-interval 15
subscriber redundancy dynamic periodic-update interval 10
subscriber authorization enable
!
redirect server-group ISG_GROUP
server ip 87.*.*.114 port 4040
!
redirect session-limit 128
mpls label protocol ldp
multilink bundle-name authenticated

!
!
class-map type traffic match-any CLASS-10_20
match access-group input 10
match access-group output 20
!
class-map type traffic match-any ISG_OPENGARDEN
match access-group output name ACL_OUT_OPENGARDEN
match access-group input name ACL_IN_OPENGARDEN
!
class-map type traffic match-any L4REDIRECT
match access-group input name ACL_IN_L4REDIRECT
!
!
class-map match-any CLASS_TRAFFIC_BG
match qos-group 11
match access-group name LOCAL_PREFIXES
class-map match-all CLASS_TRAFFIC_INTERNATIONAL
match qos-group 10
policy-map type service OPENGARDEN_SERVICE
20 class type traffic ISG_OPENGARDEN
!
!
policy-map type service L4REDIRECT_SERVICE
10 class type traffic L4REDIRECT
 accounting aaa list CISCO_ISG_SESSION_ACCNT_LIST
 redirect to group ISG_GROUP
!
class type traffic default input
 drop
!
!
policy-map type control ISG_IPOE_SESSION_RULE1
class type control always event session-start
 10 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #
!
class type control always event account-logon
 10 authenticate aaa list TAL_AUTHEN_LIST
!

!
interface Loopback0
ip address 87.*.*.80 255.255.255.255
!
interface Loopback6
no ip address
!
interface Loopback555
ip address 87.*.*.1 255.255.255.0
!
interface TenGigabitEthernet0/0/0
no ip address
logging event link-status
logging event subif-link-status
!
interface TenGigabitEthernet0/0/0.31
!
interface TenGigabitEthernet0/0/0.359
encapsulation dot1Q 359
ip address 85.*.*.66 255.255.255.252
!
interface TenGigabitEthernet0/0/0.360
description up2se600-int
encapsulation dot1Q 360
ip address 85.*.*.70 255.255.255.252
bgp-policy destination ip-qos-map
!
interface TenGigabitEthernet0/0/0.361
description up2huawei-ont
encapsulation dot1Q 361
ip unnumbered Loopback555
service-policy type control ISG_IPOE_SESSION_RULE1
ip subscriber l2-connected
 initiator dhcp class-aware
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
router ospf 200
router-id 87.*.*.80
redistribute connected subnets
network 85.*.*.64 0.0.0.3 area 359
!
router bgp 24964
table-map SET_TRAFFIC_GROUP
bgp router-id 87.*.*80
bgp log-neighbor-changes
redistribute connected
neighbor 8.8.8.65 remote-as 24964
neighbor 8.8.8.65 soft-reconfiguration inbound
neighbor 8.8.8.65 route-map BGP_BG_IN in
neighbor 8.8.8.69 remote-as 24964
neighbor 8.8.8.69 soft-reconfiguration inbound
neighbor 8.8.8.69 prefix-list EVO-OUT-BG out
neighbor 8.8.8.69 route-map BGP_INT_IN in
!
ip forward-protocol nd
!
ip bgp-community new-format

no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 8.8.8.69
!
ip access-list extended ACL_IN_L4REDIRECT
deny   tcp any host 87.*.*114 eq 4040
deny   tcp any host 87.*.*114
deny   udp any any eq domain
permit icmp any any
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended ACL_IN_OPENGARDEN
permit ip any host 87.*.*114
permit udp any any eq domain
permit udp any eq domain any
permit icmp any any
ip access-list extended ACL_OUT_OPENGARDEN
permit ip host 87.*.*114 any
permit udp any any eq domain
permit udp any eq domain any
permit icmp any any
ip access-list extended LOCAL_PREFIXES
permit ip any 8.8.8.0 0.0.63.255
deny   ip any any
!
ip radius source-interface Loopback0
logging 8.8.8.102
access-list 10 permit any
access-list 20 permit any
!

!
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 218 mandatory
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
radius-server attribute 4 87.*.*80
radius-server host 85.*.*.135 auth-port 1812 acct-port 1813 key 7 1436332A2F2D19080B
radius-server key 7 132436332825370904
radius-server vsa send accounting
radius-server vsa send authentication
!
!
control-plane
!
!
!
!
alias exec sbsa show subscriber session all
!
line con 0
stopbits 1
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
ntp server 8.8.8.102
!
end

Вот то, что в задней части радиус сервер.

"Cisco-AVPair", "subscriber:service-name=L4REDIRECT_SERVICE
"Cisco-AVPair", "subscriber:command=activate-service"
"Cisco-AVPair", "subscriber:service-name=OPENGARDEN_SERVICE"
"Cisco-AVPair", "subscriber:command=activate-service"


"Cisco-AVPair", "ip:traffic-class=in default drop"
"Cisco-AVPair", "ip:traffic-class=in access-group name ACL_IN_L4REDIRECT priority 30"
"Cisco-AVPair", "ip:traffic-class=out default drop"
"Cisco-Account-Info","QU;512000;256000;D;512000;256000"
"Cisco-AVPair","subscriber:accounting-list=CISCO_ISG_SESSION_ACCNT_LIST"

 

Вот самое интересное.

 

policy-map type control ISG_IPOE_SESSION_RULE1

class type control always event session-start

2 service-policy type service name L4REDIRECT_SERVICE

3 service-policy type service name OPENGARDEN_SERVICE

10 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #

 

Здесь все работает и L4REDIRECT и OPENGARDEN_SERVICE

ну если рул 2 и 3 становиться 20 и 30 не работает.

 

Здес сессий когда не работает

Type: IP, UID: 975, State: authen, Identity: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2
IPv4 Address: 87.*.*.10
Session Up-time: 00:00:07, Last Changed: 00:00:06
Switch-ID: 6137

Policy information:
 Context 7F0F3D0BA270: Handle 3400052C
 AAA_id 0000042E: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "OPENGARDEN_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in access-group name ACL_IN_OPENGARDEN priority 30"
   traffic-class        0   "in default drop"
   traffic-class        0   "out access-group name ACL_OUT_OPENGARDEN priority 30"
   traffic-class        0   "out default drop"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*.10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.250.83.2 xpon 0/5/5:8.361.1"
 Downloaded User profile, including services:
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "OPENGARDEN_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in access-group name ACL_IN_OPENGARDEN priority 30"
   traffic-class        0   "in default drop"
   traffic-class        0   "out access-group name ACL_OUT_OPENGARDEN priority 30"
   traffic-class        0   "out default drop"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*.10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
 Config history for session (recent to oldest):
   Access-type: IP Client: DHCP
    Policy event: Session-Update
     Profile name: apply-config-only, 2 references
       clid-mac-addr        0   D4 CA 6D 45 4E D2
       addr                 0   87.*.*.10
       netmask              0   255.255.255.255
       config-source-dpm    0   True
       circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
   Access-type: IP Client: SM
    Policy event: Service Selection Request
     Profile name: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2, 2 references
       service-type         0   2 [Framed]
       accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
       service-name         0   "OPENGARDEN_SERVICE"
       command              0   "activate-service"
       traffic-class        0   "in access-group name ACL_IN_OPENGARDEN priority 30"
       traffic-class        0   "in default drop"
       traffic-class        0   "out access-group name ACL_OUT_OPENGARDEN priority 30"
       traffic-class        0   "out default drop"
 Rules, actions and conditions executed:
   subscriber rule-map ISG_IPOE_SESSION_RULE1
     condition always event session-start
       10 authorize aaa list TAL_AUTHEN_LIST identifier circuit-id#mac-address

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    2          252                    0    Match Any
1           Out   0          0                      0    Match Any

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   2          234                   Peruser
1          Out  0          0                     Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
USR   00:00:07     -               Peruser
INT   00:00:07     -               TenGigabitEthernet0/0/0.361

 

 

А здес сесий когда редирект работает.

Type: IP, UID: 977, State: authen, Identity: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2
IPv4 Address: 87.*.*10
Session Up-time: 00:00:23, Last Changed: 00:00:23
Switch-ID: 6148

Policy information:
 Context 7F0F3D0BA270: Handle AA00052E
 AAA_id 00000430: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "L4REDIRECT_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in default drop"
   traffic-class        0   "in access-group name ACL_IN_L4REDIRECT priority 30"
   traffic-class        0   "out access-group name ACL_OUT_L4REDIRECT priority 30"
   traffic-class        0   "out default drop"
   ssg-account-info     0   "QU;512000;256000;D;512000;256000"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
 Downloaded User profile, including services:
   l4redirect           0   "redirect to group ISG_GROUP"
   username             0   "OPENGARDEN_SERVICE"
   service-type         0   2 [Framed]
   accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
   service-name         0   "L4REDIRECT_SERVICE"
   command              0   "activate-service"
   traffic-class        0   "in default drop"
   traffic-class        0   "in access-group name ACL_IN_L4REDIRECT priority 30"
   traffic-class        0   "out access-group name ACL_OUT_L4REDIRECT priority 30"
   traffic-class        0   "out default drop"
   ssg-account-info     0   "QU;512000;256000;D;512000;256000"
   clid-mac-addr        0   D4 CA 6D 45 4E D2
   addr                 0   87.*.*10
   netmask              0   255.255.255.255
   config-source-dpm    0   True
   circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
 Config history for session (recent to oldest):
   Access-type: IP Client: DHCP
    Policy event: Session-Update
     Profile name: apply-config-only, 2 references
       clid-mac-addr        0   D4 CA 6D 45 4E D2
       addr                 0   87.*.*10
       netmask              0   255.255.255.255
       config-source-dpm    0   True
       circuit-id-tag       0   "10.*.*.2 xpon 0/5/5:8.361.1"
   Access-type: IP Client: SM
    Policy event: Service Selection Request
     Profile name: 10.*.*.2 xpon 0/5/5:8.361.1#d4ca.6d45.4ed2, 2 references
       service-type         0   2 [Framed]
       accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
       service-name         0   "L4REDIRECT_SERVICE"
       command              0   "activate-service"
       traffic-class        0   "in default drop"
       traffic-class        0   "in access-group name ACL_IN_L4REDIRECT priority 30"
       traffic-class        0   "out access-group name ACL_OUT_L4REDIRECT priority 30"
       traffic-class        0   "out default drop"
       ssg-account-info     0   "QU;512000;256000;D;512000;256000"
   Access-type: IP Client: SM
    Policy event: Service Selection Request (Service)
     Profile name: OPENGARDEN_SERVICE, 3 references
       password             0   <hidden>
       username             0   "OPENGARDEN_SERVICE"
       traffic-class        0   "output access-group name ACL_OUT_OPENGARDEN priority 20"
       traffic-class        0   "input access-group name ACL_IN_OPENGARDEN priority 20"
   Access-type: IP Client: SM
    Policy event: Service Selection Request (Service)
     Profile name: L4REDIRECT_SERVICE, 3 references
       password             0   <hidden>
       username             0   "L4REDIRECT_SERVICE"
       traffic-class        0   "input access-group name ACL_IN_L4REDIRECT priority 10"
       l4redirect           0   "redirect to group ISG_GROUP"
       accounting-list      0   "CISCO_ISG_SESSION_ACCNT_LIST"
       traffic-class        0   "input default drop"
       traffic-class        0   "output default drop"
 Active services associated with session:
   name "OPENGARDEN_SERVICE", applied before account logon
   name "L4REDIRECT_SERVICE", applied before account logon
 Rules, actions and conditions executed:
   subscriber rule-map ISG_IPOE_SESSION_RULE1
     condition always event session-start
       2 service-policy type service name L4REDIRECT_SERVICE
       3 service-policy type service name OPENGARDEN_SERVICE
       10 authorize aaa list TAL_AUTHEN_LIST identifier circuit-id#mac-address

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    1          117                    0    Match Any
1           Out   0          0                      0    Match Any
334         In    0          0                      10   Match ACL ACL_IN_L4REDIRECT
336         In    0          0                      20   Match ACL ACL_IN_OPENGARDEN
337         Out   0          0                      20   Match ACL ACL_OUT_OPENGARDEN
4294967294  In    1          117                    -    Drop

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   0          0                     Peruser
1          Out  0          0                     Peruser
334        In   0          0                     L4REDIRECT_SERVICE

L4 Redirect:
Class-id   Rule cfg  Definition                               Source
334        #1   SVC  to group ISG_GROUP                       L4REDIRECT_SERVICE

Policing:
Class-id   Dir  Avg. Rate   Normal Burst  Excess Burst Source
0          In   512000      256000        0            Peruser
1          Out  512000      256000        0            Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
SVC   00:00:23     3372220429      L4REDIRECT_SERVICE
SVC   00:00:23     -               OPENGARDEN_SERVICE
USR   00:00:23     -               Peruser
INT   00:00:23     -               TenGigabitEthernet0/0/0.361

 

 

То есть именно там, где я вижу разницы

 

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    1          117                    0    Match Any
1           Out   0          0                      0    Match Any
334         In    0          0                      10   Match ACL ACL_IN_L4REDIRECT
336         In    0          0                      20   Match ACL ACL_IN_OPENGARDEN
337         Out   0          0                      20   Match ACL ACL_OUT_OPENGARDEN
4294967294  In    1          117                    -    Drop

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   0          0                     Peruser
1          Out  0          0                     Peruser
334        In   0          0                     L4REDIRECT_SERVICE

L4 Redirect:
Class-id   Rule cfg  Definition                               Source
334        #1   SVC  to group ISG_GROUP                       L4REDIRECT_SERVICE

Policing:
Class-id   Dir  Avg. Rate   Normal Burst  Excess Burst Source
0          In   512000      256000        0            Peruser
1          Out  512000      256000        0            Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
SVC   00:00:23     3372220429      L4REDIRECT_SERVICE
SVC   00:00:23     -               OPENGARDEN_SERVICE
USR   00:00:23     -               Peruser
INT   00:00:23     -               TenGigabitEthernet0/0/0.361

Изменено пользователем LinuxLoader

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Хороший пользователь выдавать сервис INTERNET с задней части радиус сервер.

Плохой пользователь выдавать сервис L4REDIRECT и OPENGARDEN c задней части радиу сервер.

Делать так:

policy-map type control ISG_IPOE_SESSION_RULE1
class type control always event session-start
 1 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Хороший пользователь выдавать сервис INTERNET с задней части радиус сервер.

Плохой пользователь выдавать сервис L4REDIRECT и OPENGARDEN c задней части радиу сервер.

Делать так:

policy-map type control ISG_IPOE_SESSION_RULE1
class type control always event session-start
 1 authorize aaa list TAL_AUTHEN_LIST password AAACISCO identifier circuit-id plus mac-address separator #

 

Я также хотел бы пройти все услуги только в радиусе, но, когда они проходят, следовательно, не применяются Classifiers: Class-id. Обратите внимание на разницу в две сессии для конфигурации, это именно проблема для меня

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Я не понял :( может по-английски?

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Basic idea is auth depending on the circuit-id , and service-profile from the radius based on the subscriber circuit-id ( with one circuit there can be multiple subscribers with different mac addresses ) .All that thing i was doing with redback SE600 with different context depends of the type of the circuit-id ( huawei , nsn, zyxel pon have a diffent circuit-id format ) . Now i must implement ASR1K .

Whit this config , when service is applying from the radius there are no classification in the Classifiers: Class-id . ACL are applied and the policy-map is applied , but in subscriber session there is no classification ...... , but if i apply both policy map without auth all is fine ! ... acl are same policy-map are same and there is classification . Just see the difference in the sessions and you will see the difference.

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Для получения информации о тех, кто будет играть в будущем, положив счет может быть сделано только в CoA, а не access-request .Если вы поместите правил в оригинальном разрешении они не применяются правильно (не сделал необходимые classification class-id) и, таким образом перенаправить портал и не работают.

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Чтобы классифицировать пользователя на портале нужно использовать PBHK =) Покажите конфигурацию, которая работает на SE600

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Here is the config for the SE600

 

radius service profile redirect
 parameter value redirect-url
 parameter value portal-ip
 parameter value portal-port 80
 parameter list tcp-port
 accounting in fwd captive-portal-redirect
 seq 10 attribute Forward-Policy in captive-portal-redirect
 seq 20 attribute HTTP-Redirect-url $redirect-url
 seq 30 attribute Service-Timeout 2147483647
 seq 50 attribute Dynamic-Policy-Filter "ip in forward dstip $portal-ip tcp dstport = $portal-port class portal fwd"
 seq 60 foreach tcp-port
   seq 70 attribute Dynamic-Policy-Filter "ip in forward tcp dstport = $tcp-port class redirect fwd"
 exit
 seq 80 attribute Filter-Id in captive-redirect
 seq 90 attribute Service-Interim-Accounting 900

forward policy captive-portal-redirect radius-guided
access-group captive-policy copper
 class captive-portal-redirect
  redirect destination local
 class captive-portal

 

from the radius server we send and the redirect-url address .

 

Here and the subscriber look like

 

0:21:27:f5:5d:ad
       Session state Up
       Circuit   2/2 vlan-id 1275 clips 405893
       Internal Circuit   2/2:1023:63/7/2/300770
       Interface bound  vlan-multibind
       Current port-limit unlimited
       Protocol Stack IPV4
       dns primary x (applied from sub_default)
       dns secondary x (applied from sub_default)
       dhcp max-addrs 1 (applied)
       dhcp vendor class id MSFT 98 (applied)
       dhcp option client id 0x3d0701002127f55dad (applied)
       dhcp option hostname 0x0c094e6174526f75746572 (applied)
       qos-metering-policy outbound-radius (applied)
       qos-policing-policy inbound-radius (applied)
       qos rate inbound rate 5120 burst 1000000 (applied)
       qos rate outbound rate 5120 burst 1000000 (applied)
       forward policy in captive-portal-redirect [svc mask: 0x0001] (applied)
       http-redirect-url http://x:4040 [svc mask: 0x0001] (applied)
       ip access-group in captive-redirect [svc mask: 0x0001] (applied)
       service  (applied)
          [svc id: 0] copper-redirect (acct enabled)
       service-parameter  (applied)
          [svc id: 0] redirect-url=http://xxxx114:4040
          [svc id: 0] portal-ip=xxxx.114/32
          [svc id: 0] portal-port=4040
          [svc id: 0] tcp-port=www,443,4040,8080
       dynamic policy acl  [svc mask: 0x0001] (applied in: fwd)
          [svc id: 0] ip in forward dstip x/32 tcp dstport = 4040 class portal fwd
          [svc id: 0] ip in forward tcp dstport = www class redirect fwd
          [svc id: 0] ip in forward tcp dstport = 443 class redirect fwd
          [svc id: 0] ip in forward tcp dstport = 4040 class redirect fwd
          [svc id: 0] ip in forward tcp dstport = 8080 class redirect fwd
       service-acct (in)  [svc mask: 0x0001] (applied)
          [svc id: 0] fwd class-mask 0x01
       service-abs-timeout  [svc mask: 0x0001] (applied)
          [svc id: 0] 2147483647
       service-interim-acct-interval  [svc mask: 0x0001] (applied)
          [svc id: 0] 900
         IP host entries installed by DHCP: (max_addr 1 cur_entries 1)
               xxxx.82    00:21:27:f5:5d:ad

Изменено пользователем LinuxLoader

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гость
Ответить в тему...

×   Вставлено в виде отформатированного текста.   Вставить в виде обычного текста

  Разрешено не более 75 смайлов.

×   Ваша ссылка была автоматически встроена.   Отобразить как ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставить изображения напрямую. Загрузите или вставьте изображения по ссылке.