Announcement

Collapse
No announcement yet.

cisco NAS Radius AAA police-map

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • cisco NAS Radius AAA police-map

    Hello Guys,
    Can you suggest me something
    I have router 7507 ( Its old model, but IOS is new 12.4(21). )
    I'm trying configure pppoe NAS, everything is good except traffic shaping.
    We'd like to do this using radius av-pairs
    For test configuration I used freeradius
    Here is record from user:
    Code:
    steve1  Cleartext-Password := "test"
            Service-Type = Framed-User,
            Framed-Protocol = PPP,
            Framed-IP-Address = 10.0.15.25,
            Framed-IP-Netmask = 255.255.255.255,
            cisco-avpair="ip:sub-policy-Out=pppoemap"
    Virtual Interface brings up but police map doesn't apply.

    Debuging this process I got:

    Code:
    5w3d: AAA/BIND(00000166): Bind i/f Virtual-Template1
    5w3d: AAA/AUTHOR (0x166): Pick method list 'default'
    5w3d: ppp293 PPP/AAA: Check Attr: service-type
    5w3d: ppp293 PPP/AAA: Check Attr: Framed-Protocol
    5w3d: ppp293 PPP/AAA: Check Attr: addr
    5w3d: ppp293 PPP/AAA: Check Attr: netmask
    5w3d: ppp293 PPP/AAA: Check Attr: sub-policy-Out: Peruser
    5w3d: AAA/BIND(00000166): Bind i/f Virtual-Access3
    5w3d: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
    5w3d: Vi3 AAA/AUTHOR/LCP: Process Author
    5w3d: Vi3 AAA/AUTHOR/LCP: Process Attr: service-type
    5w3d: Vi3 AAA/AUTHOR/IPCP: FSM authorization not needed
    5w3d: Vi3 AAA/AUTHOR/FSM: We can start IPCP
    5w3d: Vi3 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
    5w3d: Vi3 AAA/AUTHOR/IPCP: Processing AV addr
    5w3d: Vi3 AAA/AUTHOR/IPCP: Processing AV netmask
    5w3d: Vi3 AAA/AUTHOR/IPCP: Processing AV sub-policy-Out
    5w3d: Vi3 AAA/AUTHOR/IPCP: Authorization succeeded
    5w3d: Vi3 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 10.0.15.25
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for primary dns
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for primary wins
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for seconday dns
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for seconday wins
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for primary dns
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for seconday dns
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for primary dns
    5w3d: Vi3 AAA/AUTHOR/IPCP: no author-info for seconday dns
    5w3d: AAA/AUTHOR: Processing PerUser AV sub-policy-Out
    5w3d: Vi3 AAA/PER-USER: Could not set output QoS policy to pppoemap
    5w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
    here is config of police map

    Code:
    policy-map pppoemap
      description PPPoE testing policy
     class class-default
       police cir 8000
         conform-action transmit
         exceed-action drop
    If you need more information, please write.
    Thanks in advance.
Working...
X