Jump to content
Калькуляторы

Приветствую.

Осваиваю ISG (ASR 1002X, 3.10.03S).

 

Меня интересуют в общем-то тривиальные вещи.

Клиенты PPPoE (пока)

 

радиус:

 

user1   Cleartext-Password := "user1"
       Cisco-Account-Info += "AANY",
       Cisco-Control-Info += "QV1000000",

ANY     Cleartext-Password := "cisco", Service-Type == Outbound-User
       Cisco-AVPair += "ip:traffic-class=in access-group name CM_T_ANY",
       Cisco-AVPair += "ip:traffic-class=in default drop",
       Cisco-AVPair += "ip:traffic-class=out access-group name CM_T_ANY",
       Cisco-AVPair += "ip:traffic-class=out default drop",
       Cisco-AVPair += "prepaid-config=PREPAID",

 

на циске:

 

aaa authentication ppp FREERADIUS group freeradius
aaa authorization network FREERADIUS group freeradius
aaa authorization subscriber-service FREERADIUS local group freeradius
aaa accounting network FREERADIUS start-stop group freeradius
!
aaa group server radius freeradius
server-private 10.0.6.10 auth-port 1812 acct-port 1813 key 7 142417081E013E
!
subscriber feature prepaid PREPAID
threshold time 0 seconds
threshold volume 1 Kbytes
interim-interval 1 minutes
method-list author FREERADIUS
method-list accounting FREERADIUS
password cisco
!

 

Юзверь авторизуется, сервис циска запрашивает, траффик ходит, но за обновлением квоты киса на радиус не ходит и ничего не отклчает, траффик клиентом потребляется без ограничения.

Что я делаю не так?

 

asr-1002x-01#show subscriber session  username user1 detailed
Type: PPPoE, UID: 200, State: authen, Identity: user1
IPv4 Address: 192.168.128.127
IPv6 Address: 2A01:8960:4::
Session Up-time: 00:22:11, Last Changed: 00:22:11
Interface: Virtual-Access2.1
Switch-ID: 4677

Policy information:
 Context 7FBB6473CB60: Handle A80009BE
 AAA_id 00001B1F: Flow_handle 0
 Authentication status: authen
 Downloaded User profile, excluding services:
   Framed-Protocol      0   1 [PPP]
   service-type         0   2 [Framed]
   ssg-account-info     0   "AANY"
   ssg-control-info     0   "QV1000000"
   ssg-account-info     0   "QU;10240000;D;10240000"
   prefix               0   00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
   Interface-Id         0   00 00 00 00 00 00 00 01
   route                0   "2a01:8960:5::/56"
   delegated-prefix     0   00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
 Downloaded User profile, including services:
   Framed-Protocol      0   1 [PPP]
   service-type         0   2 [Framed]
   ssg-account-info     0   "AANY"
   ssg-control-info     0   "QV1000000"
   ssg-account-info     0   "QU;10240000;D;10240000"
   prefix               0   00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
   Interface-Id         0   00 00 00 00 00 00 00 01
   route                0   "2a01:8960:5::/56"
   delegated-prefix     0   00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
 Config history for session (recent to oldest):
   Access-type: Web-service-logon Client: SM
    Policy event: Apply Config Success (Unapplied) (Service)
     Profile name: ANY, 3 references
       traffic-class        0   "in access-group name CM_T_ANY"
       traffic-class        0   "in default drop"
       traffic-class        0   "out access-group name CM_T_ANY"
       traffic-class        0   "out default drop"
   Access-type: Web-service-logon Client: SM
    Policy event: Process Config Connecting (Service)
     Profile name: ANY, 3 references
       traffic-class        0   "in access-group name CM_T_ANY"
       traffic-class        0   "in default drop"
       traffic-class        0   "out access-group name CM_T_ANY"
       traffic-class        0   "out default drop"
   Access-type: PPP Client: SM
    Policy event: Process Config Connecting
     Profile name: apply-config-only, 2 references
       Framed-Protocol      0   1 [PPP]
       service-type         0   2 [Framed]
       ssg-account-info     0   "AANY"
       ssg-control-info     0   "QV1000000"
       ssg-account-info     0   "QU;10240000;D;10240000"
       prefix               0   00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
       Interface-Id         0   00 00 00 00 00 00 00 01
       route                0   "2a01:8960:5::/56"
       delegated-prefix     0   00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
 Rules, actions and conditions executed:
   subscriber rule-map default-internal-rule
     condition always event service-start
       1 service-policy type service identifier service-name
   subscriber rule-map default-internal-rule
     condition always event service-stop
       1 service-policy type service unapply identifier service-name

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    229275     13175066               0    Match Any
1           Out   714381     1038574772             0    Match Any

Features:

Static Routes:
Class-id  Configuration Status           Source
0          This feature is enabled       Peruser

Policing:
Class-id   Dir  Avg. Rate   Normal Burst  Excess Burst Source
0          In   10240000    1920000       3840000      Peruser
1          Out  10240000    1920000       3840000      Peruser

DHCPv6 PD from AAA:
Class-id  Configuration Status           Source
0          This feature is enabled       Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
USR   00:22:11     -               Peruser
INT   00:22:11     -               Virtual-Template2

Share this post


Link to post
Share on other sites

В ходе дебага и экспериментов выяснилось, что если добавить в профиль пользователя Framed-IP-Address, препейд начинает работать, запрашивать квоты с радиуса.

Правда теперь столкнулся с тем, что если квота кончилась, то:

1. подключеный сервис пропадает из сессии и киса перестает запрашивать квоту. Соответственно чтобы его возобновить нужно предпринять какое-то действие.

2. несмотря на то, что перейд сервис отваливается, пользователь продолжает получать доступ, словно никаких сервисов навешано не было.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.