forum.opennet.ru

Составление сообщения

Исходное сообщение

"ASR 1002 проблемы с PPPoE"
Отправлено eking, 29-Май-09 14:37

Итак, что передает радиус:
сервер:~ # radtest ххххх йййййй localhost 1812 ннннннн
Sending Access-Request of id 73 to 127.0.0.1:1812
        User-Name = "ххххх"
        User-Password = "йййййй"
        NAS-IP-Address = stat1
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=73, length=173
        Framed-IP-Address = а.б.ц.д
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Cisco-AVPair = "ip:dns-servers="ч.ч.ч.ч й.й.й.й ы.ы.ы.ы""
        Cisco-AVPair = "ip:sub-policy-Out=asr5m-out"
        Cisco-AVPair = "ip:sub-policy-Out=asr5m-in"
сервер:~ #
Конфиг перенесен с 72ХХ. Но работает сейчас на ASR1002
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BRAS
!
boot-start-marker
boot system bootflash:asr1000rp1-adventerprisek9.02.03.01.122-33.XNC1.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 2048000
enable password
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa authorization subscriber-service default group radius
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
!
!
!
!
aaa server radius dynamic-author
server-key
auth-type any
!
aaa session-id common
aaa policy interface-config allow-subinterface
!
transport-map type persistent telnet telnethandler
banner wait ^C
--You waiting enter to the vty line--
^C
connection wait none
!
clock timezone UKR 2
clock summer-time UKRDT recurring last Sun Mar 3:00 last Sun Oct 2:00
ip subnet-zero
ip source-route
ip domain name xxx.yyy.ua
ip name-server a.a.a.a
ip name-server b.b.b.b
ip name-server c.c.c.c
ip name-server d.d.d.d
no ip dhcp use vrf connected
ip dhcp excluded-address 10.131.0.1 10.131.0.2
....
!
ip dhcp pool 0
   network 10.131.0.0 255.255.255.0
   dns-server a.b.c.90 a.a.a.65
....
!
!
!
!
virtual-profile virtual-template 1
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
  protocol any
!
!
!
username dsfdsaf password
!
redundancy
mode sso
!
!
!
!
!
!
class-map match-all name1
  match access-group 120
class-map match-all name2
  match access-group 121
!
policy-map statonly-out
description download policy for users allowed only local resources and stat server
class name2
   police 64000 8000 8000
class class-default
   police 8000
policy-map asr64k-out
description download policy for 64k users
class name1
   police 1024000 128000 128000
class name2
   police 2048000 256000 256000
class class-default
   police 64000 8000 8000
policy-map asr512k-in
description upload policy for 512k users
class name1
   police 819000 102375 102375
class name2
   police 1638000 204750 204750
class class-default
   police 410000 51250 51250
policy-map asr512k-out
description download policy for 512k users
class name1
   police 1024000 128000 128000
class name2
   police 2048000 256000 256000
class class-default
   police 512000 64000 64000
policy-map asr5m-in
description upload policy for 5m users
class name1
   police 819000 102375 102375
class name2
   police 6553000 819000 819000
class class-default
   police 4096000 512000 512000
policy-map asr128k-out
description download policy for 128k users
class name1
   police 1024000 128000 128000
class name2
   police 2048000 256000 256000
class class-default
   police 128000 16000 16000
policy-map asr64k-in
description upload policy for 64k users
class name1
   police 819000 102375 102375
class name2
   police 1638000 204750 204750
class class-default
   police 52000 6500 6500
policy-map asr2m-in
description upload policy for 2m users
class name1
   police 819000 102375 102375
class name2
   police 3276500 409562 409562
class class-default
   police 1638000 204750 204750
policy-map asr1m-in
description upload policy for 1m users
class name1
   police 819000 102375 102375
class name2
   police 1638000 204750 204750
class class-default
   police 819000 102375 102375
policy-map name2prio
class name1
    priority 40
class name2
    priority 30
class class-default
    priority 10
policy-map asr1m-out
description download policy for 1m users
class name1
   police 1024000 128000 128000
class name2
   police 2048000 256000 256000
class class-default
   police 1024000 128000 128000
policy-map asr2m-out
description download policy for 2m users
class name1
   police 1024000 128000 128000
class name2
   police 4096000 512000 512000
class class-default
   police 2048000 256000 256000
policy-map asr5m-out
description download policy for 5m users
class name1
   police 1024000 128000 128000
class name2
   police 8192000 1024000 1024000
class class-default
   police 5120000 640000 640000
policy-map asr256k-in
description upload policy for 256k users
class name1
   police 819000 102375 102375
class name2
   police 1638000 204750 204750
class class-default
   police 204000 25500 25500
policy-map asr128k-in
description upload policy for 128k users
class name1
   police 819000 102375 102375
class name2
   police 1638000 204750 204750
class class-default
   police 103000 12875 12875
policy-map statonly-in
class name2
   police 64000 8000 8000
class class-default
   police 8000
policy-map asr256k-out
description download policy for 256k users
class name1
   police 1024000 128000 128000
class name2
   police 2048000 256000 256000
class class-default
   police 256000 32000 32000
!
!
!
!
bba-group pppoe global
virtual-template 1
sessions max limit 32000
sessions per-mac limit 5
sessions per-vlan limit 4000
!
!
interface GigabitEthernet0/0/0
no ip address
load-interval 30
no negotiation auto
!
interface GigabitEthernet0/0/0.1
description
encapsulation dot1Q 1 native
ip address 10.1.1.5 255.255.255.0
ip access-group 97 in
ip access-group 97 out
!
interface GigabitEthernet0/0/1
no ip address
load-interval 30
no negotiation auto
!
interface GigabitEthernet0/0/1.4
encapsulation dot1Q 4
ip address g.g.g.g 255.255.255.252
!
interface GigabitEthernet0/0/2
no ip address
load-interval 30
no negotiation auto
!
....
interface GigabitEthernet0/0/2.99
description
encapsulation dot1Q 99
ip address 10.130.0.3 255.255.0.0 secondary
ip address 10.128.0.1 255.255.0.0
ip access-group 151 in
ip access-group 150 out
pppoe enable group global
pppoe max-sessions 4000
!
interface GigabitEthernet0/0/3
no ip address
load-interval 30
no negotiation auto
!
....
interface GigabitEthernet0/0/3.101
description
encapsulation dot1Q 101
ip address 10.140.0.3 255.255.0.0 secondary
ip address 10.131.0.1 255.255.255.0
ip access-group 151 in
ip access-group 150 out
pppoe enable group global
pppoe max-sessions 4000
!
....
!
interface GigabitEthernet0
description
vrf forwarding Mgmt-intf
ip address 10.10.10.44 255.255.255.0
negotiation auto
!
interface Virtual-Template1
mtu 1492
ip unnumbered GigabitEthernet0/0/3.101
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1452
no peer default ip address
ppp max-bad-auth 3
ppp authentication pap
ppp timeout authentication 15
!
ip classless
ip route 0.0.0.0 0.0.0.0 g.g.g.g
ip route 10.0.0.0 255.0.0.0 Null0 250
!
ip flow-export version 5 origin-as bgp-nexthop
ip flow-export destination 10.1.1.15 9999
ip flow-export destination 10.1.1.251 9999
ip flow-aggregation cache destination-prefix
cache entries 131072
cache timeout inactive 30
cache timeout active 10
mask destination minimum 32
enabled
!
ip http server
no ip http secure-server
!
!
ip prefix-list cutdefault seq 5 permit 0.0.0.0/0
ip radius source-interface GigabitEthernet0/0/0.1 vrf default
access-list 50 deny   10.0.0.0 0.255.255.255
access-list 50 deny   172.16.0.0 0.15.255.255
access-list 50 deny   192.168.0.0 0.0.255.255
access-list 50 permit any
....
access-list 120 permit ip q.q.q.q 0.0.0.7 any
access-list 120 permit ip any q.q.q.q 0.0.0.7
access-list 121 permit ip any a.b.c.z 0.0.0.15
access-list 121 permit ip a.b.c.z 0.0.0.15 any
....
access-list compiled
!
snmp-server community  RW 99
!
radius-server configure-nas
radius-server host 10.1.q.q auth-port 1812 acct-port 1813
radius-server timeout 30
radius-server key 7
radius-server vsa send accounting
radius-server vsa send authentication
!
!
control-plane
!
!
line con 0
length 15
international
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
transport type persistent telnet input telnethandler
!
ntp logging
ntp clock-period 17256204
ntp access-group peer 94
ntp access-group serve 95
ntp peer 198.72.72.10
ntp peer 80.53.57.158
ntp peer 216.218.192.202
ntp peer 18.26.4.105
ntp peer 213.239.201.102
ntp peer 194.67.106.186
ntp peer 216.218.254.202 prefer
end

четыре строчки в одной отдельной строке означают, что вырезана часть конфига, подобная предыдущим нескольким строкам.

Исходное сообщение
"ASR 1002 проблемы с PPPoE" Отправлено eking, 29-Май-09 14:37
Итак, что передает радиус: сервер:~ # radtest ххххх йййййй localhost 1812 ннннннн Sending Access-Request of id 73 to 127.0.0.1:1812 User-Name = "ххххх" User-Password = "йййййй" NAS-IP-Address = stat1 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=73, length=173 Framed-IP-Address = а.б.ц.д Service-Type = Framed-User Framed-Protocol = PPP Cisco-AVPair = "ip:dns-servers="ч.ч.ч.ч й.й.й.й ы.ы.ы.ы"" Cisco-AVPair = "ip:sub-policy-Out=asr5m-out" Cisco-AVPair = "ip:sub-policy-Out=asr5m-in" сервер:~ # Конфиг перенесен с 72ХХ. Но работает сейчас на ASR1002 version 12.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname BRAS ! boot-start-marker boot system bootflash:asr1000rp1-adventerprisek9.02.03.01.122-33.XNC1.bin boot-end-marker ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 2048000 enable password ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa authorization subscriber-service default group radius aaa accounting update periodic 1 aaa accounting network default start-stop group radius ! ! ! ! aaa server radius dynamic-author server-key auth-type any ! aaa session-id common aaa policy interface-config allow-subinterface ! transport-map type persistent telnet telnethandler banner wait ^C --You waiting enter to the vty line-- ^C connection wait none ! clock timezone UKR 2 clock summer-time UKRDT recurring last Sun Mar 3:00 last Sun Oct 2:00 ip subnet-zero ip source-route ip domain name xxx.yyy.ua ip name-server a.a.a.a ip name-server b.b.b.b ip name-server c.c.c.c ip name-server d.d.d.d no ip dhcp use vrf connected ip dhcp excluded-address 10.131.0.1 10.131.0.2 .... ! ip dhcp pool 0 network 10.131.0.0 255.255.255.0 dns-server a.b.c.90 a.a.a.65 .... ! ! ! ! virtual-profile virtual-template 1 ! multilink bundle-name authenticated vpdn enable ! vpdn-group 1 ! Default L2TP VPDN group ! Default PPTP VPDN group accept-dialin protocol any ! ! ! username dsfdsaf password ! redundancy mode sso ! ! ! ! ! ! class-map match-all name1 match access-group 120 class-map match-all name2 match access-group 121 ! policy-map statonly-out description download policy for users allowed only local resources and stat server class name2 police 64000 8000 8000 class class-default police 8000 policy-map asr64k-out description download policy for 64k users class name1 police 1024000 128000 128000 class name2 police 2048000 256000 256000 class class-default police 64000 8000 8000 policy-map asr512k-in description upload policy for 512k users class name1 police 819000 102375 102375 class name2 police 1638000 204750 204750 class class-default police 410000 51250 51250 policy-map asr512k-out description download policy for 512k users class name1 police 1024000 128000 128000 class name2 police 2048000 256000 256000 class class-default police 512000 64000 64000 policy-map asr5m-in description upload policy for 5m users class name1 police 819000 102375 102375 class name2 police 6553000 819000 819000 class class-default police 4096000 512000 512000 policy-map asr128k-out description download policy for 128k users class name1 police 1024000 128000 128000 class name2 police 2048000 256000 256000 class class-default police 128000 16000 16000 policy-map asr64k-in description upload policy for 64k users class name1 police 819000 102375 102375 class name2 police 1638000 204750 204750 class class-default police 52000 6500 6500 policy-map asr2m-in description upload policy for 2m users class name1 police 819000 102375 102375 class name2 police 3276500 409562 409562 class class-default police 1638000 204750 204750 policy-map asr1m-in description upload policy for 1m users class name1 police 819000 102375 102375 class name2 police 1638000 204750 204750 class class-default police 819000 102375 102375 policy-map name2prio class name1 priority 40 class name2 priority 30 class class-default priority 10 policy-map asr1m-out description download policy for 1m users class name1 police 1024000 128000 128000 class name2 police 2048000 256000 256000 class class-default police 1024000 128000 128000 policy-map asr2m-out description download policy for 2m users class name1 police 1024000 128000 128000 class name2 police 4096000 512000 512000 class class-default police 2048000 256000 256000 policy-map asr5m-out description download policy for 5m users class name1 police 1024000 128000 128000 class name2 police 8192000 1024000 1024000 class class-default police 5120000 640000 640000 policy-map asr256k-in description upload policy for 256k users class name1 police 819000 102375 102375 class name2 police 1638000 204750 204750 class class-default police 204000 25500 25500 policy-map asr128k-in description upload policy for 128k users class name1 police 819000 102375 102375 class name2 police 1638000 204750 204750 class class-default police 103000 12875 12875 policy-map statonly-in class name2 police 64000 8000 8000 class class-default police 8000 policy-map asr256k-out description download policy for 256k users class name1 police 1024000 128000 128000 class name2 police 2048000 256000 256000 class class-default police 256000 32000 32000 ! ! ! ! bba-group pppoe global virtual-template 1 sessions max limit 32000 sessions per-mac limit 5 sessions per-vlan limit 4000 ! ! interface GigabitEthernet0/0/0 no ip address load-interval 30 no negotiation auto ! interface GigabitEthernet0/0/0.1 description encapsulation dot1Q 1 native ip address 10.1.1.5 255.255.255.0 ip access-group 97 in ip access-group 97 out ! interface GigabitEthernet0/0/1 no ip address load-interval 30 no negotiation auto ! interface GigabitEthernet0/0/1.4 encapsulation dot1Q 4 ip address g.g.g.g 255.255.255.252 ! interface GigabitEthernet0/0/2 no ip address load-interval 30 no negotiation auto ! .... interface GigabitEthernet0/0/2.99 description encapsulation dot1Q 99 ip address 10.130.0.3 255.255.0.0 secondary ip address 10.128.0.1 255.255.0.0 ip access-group 151 in ip access-group 150 out pppoe enable group global pppoe max-sessions 4000 ! interface GigabitEthernet0/0/3 no ip address load-interval 30 no negotiation auto ! .... interface GigabitEthernet0/0/3.101 description encapsulation dot1Q 101 ip address 10.140.0.3 255.255.0.0 secondary ip address 10.131.0.1 255.255.255.0 ip access-group 151 in ip access-group 150 out pppoe enable group global pppoe max-sessions 4000 ! .... ! interface GigabitEthernet0 description vrf forwarding Mgmt-intf ip address 10.10.10.44 255.255.255.0 negotiation auto ! interface Virtual-Template1 mtu 1492 ip unnumbered GigabitEthernet0/0/3.101 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip tcp adjust-mss 1452 no peer default ip address ppp max-bad-auth 3 ppp authentication pap ppp timeout authentication 15 ! ip classless ip route 0.0.0.0 0.0.0.0 g.g.g.g ip route 10.0.0.0 255.0.0.0 Null0 250 ! ip flow-export version 5 origin-as bgp-nexthop ip flow-export destination 10.1.1.15 9999 ip flow-export destination 10.1.1.251 9999 ip flow-aggregation cache destination-prefix cache entries 131072 cache timeout inactive 30 cache timeout active 10 mask destination minimum 32 enabled ! ip http server no ip http secure-server ! ! ip prefix-list cutdefault seq 5 permit 0.0.0.0/0 ip radius source-interface GigabitEthernet0/0/0.1 vrf default access-list 50 deny 10.0.0.0 0.255.255.255 access-list 50 deny 172.16.0.0 0.15.255.255 access-list 50 deny 192.168.0.0 0.0.255.255 access-list 50 permit any .... access-list 120 permit ip q.q.q.q 0.0.0.7 any access-list 120 permit ip any q.q.q.q 0.0.0.7 access-list 121 permit ip any a.b.c.z 0.0.0.15 access-list 121 permit ip a.b.c.z 0.0.0.15 any .... access-list compiled ! snmp-server community RW 99 ! radius-server configure-nas radius-server host 10.1.q.q auth-port 1812 acct-port 1813 radius-server timeout 30 radius-server key 7 radius-server vsa send accounting radius-server vsa send authentication ! ! control-plane ! ! line con 0 length 15 international stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! transport type persistent telnet input telnethandler ! ntp logging ntp clock-period 17256204 ntp access-group peer 94 ntp access-group serve 95 ntp peer 198.72.72.10 ntp peer 80.53.57.158 ntp peer 216.218.192.202 ntp peer 18.26.4.105 ntp peer 213.239.201.102 ntp peer 194.67.106.186 ntp peer 216.218.254.202 prefer end четыре строчки в одной отдельной строке означают, что вырезана часть конфига, подобная предыдущим нескольким строкам.

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру