>[оверквотинг удален]
>>дропает по
>>class type traffic default in-out
>> drop
>>!
>>попробую, а class type traffic default in-out тогда удалить, или как?
>
>ну попробуй с ним ,потом без него , я по другому чуток
>делал , поищи ветку мою в декабре , там где то
>полный был конфиг ... я через радиус сервисы качал , и
>в них дропал ... по всякому пробывал и локально профили заводил и в радиусе - всегда по сервисам больше считает
выдержка из конфига
boot-start-marker
boot system flash disk2:/c7200p-js-mz.122-31.SB10.bin
boot-end-marker
!
!
interface Virtual-Template1
mtu 1492
bandwidth 64
ip unnumbered GigabitEthernet0/2
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip flow egress
ip tcp adjust-mss 1452
load-interval 30
peer default ip address pool ADSL_POOL
ppp authentication pap callin
ppp eap refuse
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp ipcp dns 10.0.0.2 10.0.1.2
конфиг радиус сервера:
# клиент
xxx-user Password == "123", Service-Type == Framed-User, Huntgroup-Name == "isg"
Cisco-Account-Info = "Ainternal",
Cisco-Account-Info += "Ainternet",
Cisco-AVPair = "ip:inacl=150",
Framed-Protocol = PPP,
Framed-MTU = 1492,
Framed-Compression = None
# сервисы
internal Password == "cisco", Service-Type == Outbound-User, Huntgroup-Name == "isg"
Cisco-AVPair = "subscriber:accounting-list=ATLANT_AAA_LIST",
Cisco-AVPair += "ip:traffic-class=in default drop",
Cisco-AVPair += "ip:traffic-class=out default drop",
Cisco-AVPair += "ip:traffic-class=in access-group 110 priority 20",
Cisco-AVPair += "ip:traffic-class=out access-group 111 priority 20",
Cisco-Service-Info = "Iinternal",
Cisco-Service-Info += "QU;512000;64000;128000;D;512000;64000;128000"
internet Password == "cisco", Service-Type == Outbound-User, Huntgroup-Name == "isg"
Cisco-AVPair = "subscriber:accounting-list=ATLANT_AAA_LIST",
Cisco-AVPair += "ip:traffic-class=in access-group 1 priority 30",
Cisco-AVPair += "ip:traffic-class=out access-group 1 priority 30",
Cisco-AVPair += "ip:traffic-class=in default drop",
Cisco-AVPair += "ip:traffic-class=out default drop",
Cisco-Service-Info = "Iinternet",
Cisco-Service-Info += "QU;256000;32000;64000;D;256000;32000;64000",
Cisco-Service-Info += "R0.0.0.0;0.0.0.0",
Cisco-Service-Info += "MC",
Cisco-Service-Info += "TP"
Сервисы активируются, но в аккаунтинге по сервисам идёт трафик с дропанными пакетами, а вот для родительской сессии ("классический" радиус) траф считается правильно, т.е. аккаунтинг по сервисам значительно отличается от того что получил клиент. Если qos-policy снять то, сумма трафика по внутренним сетям и в инет совпадает с "обычным" радиусом
Wed Jan 23 09:47:11 2008
Acct-Session-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0_00000034"
Framed-Protocol = PPP
Cisco-Service-Info = "Ninternal"
Cisco-AVPair = "parent-session-id=ether 0/0/1:4096.0 0/0/0/0/0/0_00000025"
Framed-IP-Address = 192.168.0.6
User-Name = "xxx-atlant"
Acct-Terminate-Cause = User-Request
Cisco-AVPair = "disc-cause-ext=PPP Receive Term"
Acct-Input-Packets = 439
Acct-Output-Packets = 874
Acct-Input-Octets = 19941
Acct-Output-Octets = 1271040
Acct-Session-Time = 81
Acct-Status-Type = Stop
NAS-Port-Type = Virtual
NAS-Port = 16777216
NAS-Port-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0"
Cisco-AVPair = "client-mac-address=0010.4b2e.32d4"
Service-Type = Framed-User
NAS-IP-Address = 192.168.0.2
X-Ascend-Session-Svr-Key = "2EDD814E"
Event-Timestamp = "Jan 23 2008 09:47:12 EET"
Acct-Delay-Time = 0
Client-IP-Address = 192.168.0.2
Acct-Unique-Session-Id = "cf575a984bb7d9ad"
Timestamp = 1201074431
Wed Jan 23 09:47:11 2008
Acct-Session-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0_00000035"
Framed-Protocol = PPP
Cisco-Service-Info = "Ninternet"
Cisco-AVPair = "parent-session-id=ether 0/0/1:4096.0 0/0/0/0/0/0_00000025"
Framed-IP-Address = 192.168.0.6
User-Name = "xxx-atlant"
Acct-Terminate-Cause = User-Request
Cisco-AVPair = "disc-cause-ext=PPP Receive Term"
Acct-Input-Packets = 135
Acct-Output-Packets = 126
Acct-Input-Octets = 15299
Acct-Output-Octets = 81868
Acct-Session-Time = 81
Acct-Status-Type = Stop
NAS-Port-Type = Virtual
NAS-Port = 16777216
NAS-Port-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0"
Cisco-AVPair = "client-mac-address=0010.4b2e.32d4"
Service-Type = Framed-User
NAS-IP-Address = 192.168.0.2
X-Ascend-Session-Svr-Key = "2EDD814E"
Event-Timestamp = "Jan 23 2008 09:47:12 EET"
Acct-Delay-Time = 0
Client-IP-Address = 192.168.0.2
Acct-Unique-Session-Id = "52dfa7943ea8ecb0"
Timestamp = 1201074431
Wed Jan 23 09:47:11 2008
Acct-Session-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0_00000027"
Framed-Protocol = PPP
Framed-IP-Address = 192.168.0.6
Cisco-AVPair = "ppp-disconnect-cause=Received LCP TERMREQ from peer"
User-Name = "xxx-atlant"
Acct-Authentic = RADIUS
Cisco-AVPair = "connect-progress=LAN Ses Up"
Cisco-AVPair = "nas-tx-speed=100000000"
Cisco-AVPair = "nas-rx-speed=100000000"
Acct-Session-Time = 81
Acct-Input-Octets = 37286
Acct-Output-Octets = 1146160
Acct-Input-Packets = 590
Acct-Output-Packets = 873
Acct-Terminate-Cause = User-Request
Cisco-AVPair = "disc-cause-ext=PPP Receive Term"
Acct-Status-Type = Stop
NAS-Port-Type = Virtual
NAS-Port = 16777216
NAS-Port-Id = "ether 0/0/1:4096.0 0/0/0/0/0/0"
Cisco-AVPair = "client-mac-address=0010.4b2e.32d4"
Service-Type = Framed-User
NAS-IP-Address = 192.168.0.2
X-Ascend-Session-Svr-Key = "2EDD814E"
Event-Timestamp = "Jan 23 2008 09:47:12 EET"
Acct-Delay-Time = 0
Client-IP-Address = 192.168.0.2
Acct-Unique-Session-Id = "4fcc1f1a26d0443b"
Timestamp = 1201074431