Никак не могу победить след. проблему, помогите кто чем может:
cisco uBR7246, IOS (tm) 7200 Software (UBR7200-IS-M), Version 12.2(15)BC2h
пользователи подключаются по pptp
возникла необходимость ограничивать полосу пропускания для групп пользователей. Через radius отдаю
Cisco-Avpair = lcp:interface-config#1=rate-limit output 6400 3200 6400 conform-action transmit exceed-action drop
После подключения делаю sh int rate-limit - пусто, ограничения не работают, хотя видно, что они приходят. В дебаге не нравятся строчки
Nov 14 11:45:36: RADIUS: AAA Unsupported [150] 14
и
Nov 14 11:45:38: AAA/AUTHOR (0xF): Pick method list 'Radius_PPTP' - PASS - PASSВот дебаг:
----------------------------------------------------------------------
Nov 14 11:45:36: AAA/BIND(0000000F): Bind i/f Virtual-Template1
Nov 14 11:45:36: RADIUS: AAA Unsupported [150] 14
Nov 14 11:45:36: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 [Uniq-Sess-ID]
Nov 14 11:45:36: RADIUS(0000000F): Storing nasport 10 in rad_db
Nov 14 11:45:36: RADIUS(0000000F): Config NAS IP: 10.15.1.1
Nov 14 11:45:36: RADIUS/ENCODE(0000000F): acct_session_id: 20
Nov 14 11:45:36: RADIUS(0000000F): sending
Nov 14 11:45:36: RADIUS(0000000F): Send Access-Request to 10.15.1.250:1812 id 21645/37, len 87
Nov 14 11:45:36: RADIUS: authenticator F0 F5 3A A6 21 21 AC 1A - 29 E6 07 D1 9A 77 D2 3B
Nov 14 11:45:36: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 14 11:45:36: RADIUS: User-Name [1] 8 "admin"
Nov 14 11:45:36: RADIUS: CHAP-Password [3] 19 *
Nov 14 11:45:36: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Nov 14 11:45:36: RADIUS: NAS-Port [5] 6 10
Nov 14 11:45:36: RADIUS: Service-Type [6] 6 Framed [2]
Nov 14 11:45:36: RADIUS: NAS-IP-Address [4] 6 10.15.1.1
Nov 14 11:45:36: RADIUS: Acct-Session-Id [44] 10 "00000014"
Nov 14 11:45:38: RADIUS: Received from id 21645/37 10.15.1.250:1812, Access-Accept, len 144
Nov 14 11:45:38: RADIUS: authenticator A7 AA 29 3F E5 0D D5 5E - 18 C2 FE 94 11 53 BF BF
Nov 14 11:45:38: RADIUS: Service-Type [6] 6 Framed [2]
Nov 14 11:45:38: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 14 11:45:38: RADIUS: Vendor, Cisco [26] 106
Nov 14 11:45:38: RADIUS: Cisco AVpair [1] 100 "lcp:interface-config#1=rate-limit output 6400 3200 6400 conform-action transmit exceed-action drop"
Nov 14 11:45:38: RADIUS: Session-Timeout [27] 6 26160
Nov 14 11:45:38: RADIUS(0000000F): Received from id 21645/37
Nov 14 11:45:38: AAA/BIND(0000000F): Bind i/f Virtual-Access3.1
Nov 14 11:45:38: %SNMP-5-LINK_UP: LinkUp:Interface Virtual-Access3.1 changed state to up
Nov 14 11:45:38: AAA/AUTHOR (0xF): Pick method list 'Radius_PPTP' - PASS - PASS
Nov 14 11:45:38: Vi3.1 PPP/AAA: Check Attr: Framed-Protocol
Nov 14 11:45:38: Vi3.1 PPP/AAA: Check Attr: username
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/FSM: We can start LCP
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/LCP: Process Author
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: FSM authorization not needed
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/FSM: We can start IPCP
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: Authorization succeeded
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for primary dns
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for primary wins
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for seconday dns
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for seconday wins
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for primary dns
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for seconday dns
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for primary dns
Nov 14 11:45:38: Vi3.1 AAA/AUTHOR/IPCP: no author-info for seconday dns
Nov 14 11:45:38: RADIUS(0000000F): Using existing nas_port 10
Nov 14 11:45:38: RADIUS(0000000F): Config NAS IP: 10.15.1.1
Nov 14 11:45:38: RADIUS(0000000F): sending
Nov 14 11:45:38: RADIUS(0000000F): Send Accounting-Request to 10.15.1.250:1813 id 21645/38, len 126
Nov 14 11:45:38: RADIUS: authenticator A9 08 F1 A2 19 E1 1E A9 - 77 23 D8 5D EA B1 25 22
Nov 14 11:45:38: RADIUS: Acct-Session-Id [44] 10 "00000014"
Nov 14 11:45:38: RADIUS: Tunnel-Server-Endpoi[67] 12 "10.15.1.1"
Nov 14 11:45:38: RADIUS: Tunnel-Client-Endpoi[66] 11 "10.15.1.29"
Nov 14 11:45:38: RADIUS: Tunnel-Assignment-Id[82] 11 "PPTP_MAIN"
Nov 14 11:45:38: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 14 11:45:38: RADIUS: Framed-IP-Address [8] 6 172.16.0.2
Nov 14 11:45:38: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
Nov 14 11:45:38: RADIUS: User-Name [1] 8 "admin"
Nov 14 11:45:38: RADIUS: Acct-Status-Type [40] 6 Start [1]
Nov 14 11:45:38: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Nov 14 11:45:38: RADIUS: NAS-Port [5] 6 10
Nov 14 11:45:38: RADIUS: Service-Type [6] 6 Framed [2]
Nov 14 11:45:38: RADIUS: NAS-IP-Address [4] 6 10.15.1.1
Nov 14 11:45:38: RADIUS: Acct-Delay-Time [41] 6 0
Nov 14 11:45:38: RADIUS: Received from id 21645/38 10.15.1.250:1813, Accounting-response, len 20
Nov 14 11:45:38: RADIUS: authenticator 74 EE 28 6C A7 2D 2D A8 - 88 54 48 20 67 9C 04 4D
_________________________________________________________________________вот часть конфига
aaa new-model
!
!
aaa group server radius Radius_PPTP
server 10.15.1.250 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authentication ppp Radius_PPTP group Radius_PPTP
aaa authorization exec default local if-authenticated
aaa authorization network default local if-authenticated
aaa authorization network Radius_PPTP if-authenticated group Radius_PPTP
aaa accounting delay-start
aaa accounting update newinfo periodic 5
aaa accounting network default start-stop group Radius_PPTP
aaa accounting network Radius_PPTP start-stop group Radius_PPTP
aaa session-id common
.........
vpdn enable
!
vpdn-group PPTP_MAIN
! Default PPTP VPDN group
description <Default PPTP group>
accept-dialin
protocol pptp
virtual-template 1
!
...........
interface Virtual-Template1
description <PPTP Template for default group>
mtu 1492
ip unnumbered FastEthernet0/0.1
ip access-group 101 in
ip access-group 101 out
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no logging event link-status
no snmp trap link-status
peer default ip address pool PPTP_pool1
ppp authentication chap Radius_PPTP
ppp authorization Radius_PPTP
!
ip local pool PPTP_pool1 172.16.0.2 172.16.0.254
............
radius-server attribute 44 include-in-access-req
radius-server host 10.15.1.250 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
radius-server authorization permit missing Service-Type
IOS меня не пробовали? насколько я помню 12.2 это крайне древняя версия...
>IOS меня не пробовали? насколько я помню 12.2 это крайне древняя версия...А конфиг верный? Что означают строки
RADIUS: AAA Unsupported [150] 14
и
AAA/AUTHOR (0xF): Pick method list 'Radius_PPTP' - PASS - PASS?
Со сменой IOS проблемы - новые не влазят на флешку, другую флешку принимать не хочет. Можно конечно попробовать грузиться по tftp, но говорят там тоже были проблемы - не стали связываться, взяли другую железку.
И еще, насколько безопасно заливать скаченные из нета IOS и есть ли место их централизованного хранения для свободного скачивания?