irihorn95 Опубликовано 25 февраля, 2014 (изменено) · Жалоба Здравствуйте. Подскажите в чем может быть проблема Сессия висит на bras(cisco 7201) даже после того, как вынули кабель. На биллинг шлется acct-update, из-за чего сессия постоянно считается работающей. Помогите, может кто сталкивался с такой проблемой. Конфиг браса Building configuration... Current configuration : 15383 bytes ! ! Last configuration change at 16:20:35 MSK Tue Feb 25 2014 by irihorn ! NVRAM config last updated at 12:10:01 MSK Fri Feb 21 2014 by rizvan ! version 12.2 service nagle service timestamps debug uptime service timestamps log datetime msec service password-encryption ! hostname bras ! boot-start-marker boot system flash c7200p-adventerprisek9-mz.122-33.SRE2.bin boot system flash disk0:c7200p-adventerprisek9-mz.122-33.SRE2.bin boot-end-marker ! security passwords min-length 1 logging snmp-authfail logging buffered 128000 logging console informational enable secret 5 $1$NdnT$tl9jkSpfpIefS/MyhDsev. enable password 7 1421173948102F33 ! aaa new-model ! ! ! aaa group server radius OPT82 server 10.95.11.5 auth-port 1816 acct-port 1817 ip radius source-interface GigabitEthernet0.1/11 ! ! aaa authentication login default group tacacs+ local aaa authentication login console enable none aaa authentication login CONS none aaa authentication login OPT82 group OPT82 aaa authentication enable default none aaa authorization exec default group tacacs+ local aaa authorization commands 1 default group tacacs+ local aaa authorization commands 15 default group tacacs+ local aaa authorization network OPT82 group OPT82 aaa accounting delay-start all aaa accounting jitter maximum 0 aaa accounting update periodic 10 aaa accounting commands 1 tac_acc action-type start-stop group tacacs+ ! aaa accounting commands 15 tac_acc action-type start-stop group tacacs+ ! aaa accounting network PPPoE_ISG action-type start-stop group PPPoE_ISG ! aaa accounting network REDIR-AUTH action-type start-stop group REDIR ! aaa accounting network ISG-AUTH-1 action-type start-stop group ISG-RADIUS ! aaa accounting network OPT82 action-type start-stop group OPT82 ! aaa accounting network ISG-RADIUS action-type start-stop group ISG-RADIUS ! aaa accounting network REDIR action-type start-stop group REDIR ! aaa accounting connection tac_acc action-type start-stop group tacacs+ ! aaa accounting resource tac_acc action-type start-stop-failure group tacacs+ ! ! ! ! ! aaa server radius dynamic-author client 10.95.11.5 server-key 7 XXXXXXX auth-type any ! aaa session-id common clock timezone MSK 4 rlogin trusted-remoteuser-source local rlogin trusted-localuser-source local ip source-route ip address-pool dhcp-pool ip cef ! ! ip dhcp relay information option ip dhcp relay information policy keep no ip dhcp relay information check ip dhcp relay information trust-all ip dhcp excluded-address 10.101.0.1 ip dhcp excluded-address 10.201.0.1 ip dhcp excluded-address 10.202.0.1 ! ip dhcp pool PPPoE network 10.101.0.0 255.255.0.0 default-router 10.101.0.1 dns-server domain-name vertex-com.ru lease 3 ! ip dhcp pool OPT82 update arp relay source 10.205.0.0 255.255.0.0 relay destination 10.95.11.5 ! ! no ip domain lookup ip domain name vetex-com.ru ip name-server no ipv6 cef ! subscriber feature prepaid REDIR threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author REDIR-AUTH method-list accounting REDIR-AUTH password cisco subscriber feature prepaid TEST threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author ISG-AUTH-1 method-list accounting ISG-AUTH-1 password cisco subscriber feature prepaid PREPAID threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author PPPoE_ISG method-list accounting PPPoE_ISG password cisco subscriber feature prepaid OPT82 threshold time 0 seconds threshold volume 950 Kbytes interim-interval 30 minutes method-list author OPT82 method-list accounting OPT82 password cisco ! multilink bundle-name authenticated ! ! ! ! ip ssh authentication-retries 2 ip ssh source-interface Loopback100 ip ssh version 2 class-map type traffic match-any CLASS-TRUSTED match access-group output 198 match access-group input 198 ! class-map type control match-all ISG-IP-UNAUTH match authen-status unauthenticated match timer UNAUTH-TIMER ! policy-map type service SERVICE-TRUSTED 1 class type traffic CLASS-TRUSTED police input 64000 8000 16000 police output 64000 8000 16000 ! ! policy-map type control DOMAIN_BASED_ACCESS class type control always event session-start 10 authenticate aaa list PPPoE_ISG 20 service local ! ! policy-map type control OPT82_subs_control class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list OPT82 password OPT82 identifier auto-detect 20 set-timer UNAUTH-TIMER 1 30 service-policy type service name DENY-ALL ! class type control always event quota-depleted 1 set-param drop-traffic FALSE ! class type control always event account-logon 10 authenticate aaa list OPT82 ! class type control always event session-restart 10 authorize aaa list OPT82 identifier auto-detect ! ! policy-map type control IPOE_subs_control class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list ISG-AUTH-1 password ISG identifier source-ip-address 20 set-timer UNAUTH-TIMER 1 30 service-policy type service name DENY-ALL ! class type control always event quota-depleted 2 set-param drop-traffic FALSE ! class type control always event account-logon 10 authenticate aaa list ISG-RADIUS ! ! policy-map type control REDIR class type control ISG-IP-UNAUTH event timed-policy-expiry 1 service disconnect ! class type control always event session-start 10 authorize aaa list REDIR-AUTH password ISG identifier source-ip-address 20 set-timer UNAUTH-TIMER 1 30 service-policy type service name DENY-ALL ! class type control always event quota-depleted 2 set-param drop-traffic FALSE ! class type control always event account-logon 10 authenticate aaa list REDIR-AUTH ! ! ! ! ! ! ! bba-group pppoe global virtual-template 2 sessions max limit 8000 ac name PPPoE sessions per-mac limit 2 sessions per-vlan limit 1000 ! ! interface Loopback0 description For | PPPoe ip address 10.101.0.1 255.255.0.0 ! interface Loopback3 description For | LAN ip address 10.201.0.1 255.255.0.0 ! ! ! interface GigabitEthernet0/0 description --- -X- | border@ge-1/0/9 ip address 10.95.0.2 255.255.255.252 no ip proxy-arp media-type sfp speed 1000 duplex auto negotiation auto ! interface GigabitEthernet0/1 description --- -X- | sw01@gi1/0/1 no ip address media-type rj45 speed auto duplex auto negotiation auto ! interface GigabitEthernet0/1.11 description --- -M- | MGMT encapsulation dot1Q 11 ip address 10.95.11.2 255.255.255.224 no ip unreachables no ip proxy-arp ip nat inside ! interface GigabitEthernet0/1.16 description BRAS-IPTV encapsulation dot1Q 16 ip address 10.95.0.22 255.255.255.252 ip access-group 199 in no ip unreachables no ip proxy-arp service-policy type control IPOE_subs_control ip subscriber routed initiator unclassified ip-address ! interface GigabitEthernet0/1.97 description MGMT | Secondary encapsulation dot1Q 97 ip address 172.31.4.6 255.255.252.0 ip access-group 197 in no ip unreachables no ip proxy-arp ip nat inside ! ! interface GigabitEthernet0/1.205 description IPoE-opt82 encapsulation dot1Q 205 ip dhcp relay information trusted ip address 10.205.0.1 255.255.0.0 ip access-group 199 in ip helper-address 10.95.11.5 no ip unreachables no ip proxy-arp service-policy type control OPT82_subs_control ip subscriber routed initiator dhcp ! ! interface GigabitEthernet0/2 no ip address no ip proxy-arp speed 1000 duplex auto negotiation auto ! interface GigabitEthernet0/2.12 encapsulation dot1Q 12 ip address 10.95.0.6 255.255.255.252 no ip unreachables no ip proxy-arp ! interface GigabitEthernet0/3 no ip address speed auto duplex auto negotiation auto ! interface Virtual-Template2 description ==For_PPPoE== ip unnumbered Loopback0 ip access-group 199 in no ip proxy-arp peer default ip address dhcp-pool PPPoE ppp authentication chap pap ms-chap callin PPPoE_ISG ppp authorization PPPoE_ISG ppp accounting PPPoE_ISG ppp ipcp dns XXXXXXXXXX ppp ipcp mask 255.255.255.255 service-policy type control DOMAIN_BASED_ACCESS ! ! ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 10.95.0.5 ! ip radius source-interface GigabitEthernet0/1.11 logging history debugging logging alarm informational logging trap debugging logging facility local5 logging 10.95.11.4 access-list 101 deny ip XXXXXXXXX 0.0.0.31 access-list 101 deny ip 10.0.0.0 0.0.0.255 10.95.0.0 0.0.0.31 access-list 197 permit ip any any access-list 198 permit ip any any access-list 198 permit tcp any any access-list 199 deny ip 192.168.0.0 0.0.255.255 any access-list 199 deny tcp any host XXXXXXX eq 22 access-list 199 deny tcp any host XXXXXXXX eq telnet access-list 199 deny tcp any host XXXXXXXXXX eq ftp access-list 199 deny icmp any host XXXXXXXXX echo access-list 199 deny tcp any XXXXXXX 0.0.0.127 eq 22 access-list 199 deny tcp any XXXXXXXXXX 0.0.0.127 eq telnet access-list 199 deny tcp any XXXXXXXXX 0.0.0.127 eq ftp access-list 199 deny icmp any XXXXXXXXX 0.0.0.127 echo access-list 199 deny icmp any 10.0.0.0 0.255.255.255 echo access-list 199 deny tcp any 10.0.0.0 0.255.255.255 eq 22 access-list 199 deny tcp any 10.0.0.0 0.255.255.255 eq telnet access-list 199 deny tcp any 10.0.0.0 0.255.255.255 eq ftp access-list 199 permit ip any any ! ! tacacs-server host 10.95.11.4 key 7 113D11041427190821207D tacacs-server directed-request radius-server attribute 44 include-in-access-req radius-server attribute 44 extend-with-addr radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server attribute 25 access-request include radius-server attribute 31 mac format unformatted radius-server attribute 31 send nas-port-detail mac-only radius-server host 10.95.11.5 auth-port 1812 acct-port 1813 key 7 XXXXX radius-server host 10.95.11.5 auth-port 1814 acct-port 1815 key 7 XXXXX radius-server host 10.95.11.5 auth-port 1816 acct-port 1817 key 7 XXXXX radius-server host 10.95.11.5 auth-port 1818 acct-port 1819 key 7 XXXXX radius-server key 7 XXXXX radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! privilege exec level 15 access-template privilege exec level 15 clear access-template privilege exec level 1 clear ! line con 0 logging synchronous login authentication console terminal-type mon history size 256 stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 timeout login response 10 privilege level 15 logging synchronous history size 256 transport input telnet ssh transport output telnet ssh line vty 5 15 exec-timeout 120 0 timeout login response 10 privilege level 15 logging synchronous history size 256 transport input telnet ssh transport output telnet ssh ! end Изменено 25 февраля, 2014 пользователем irihorn95 Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
VasiliyP Опубликовано 25 февраля, 2014 · Жалоба быть может поможет в виртуал темплейт добавьте keepalive 15 в пппое групп sessions auto cleanup Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
irihorn95 Опубликовано 25 февраля, 2014 · Жалоба быть может поможет в виртуал темплейт добавьте keepalive 15 в пппое групп sessions auto cleanup Проблема в том, что virtual-template у нас для PPPoE. А проблемы с IPoE. Интерфейс в сторону клиентов - gi0/1.205 Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...