[cisco-bba] PPPoE & Cisco

Dib Elie elie_dib at yahoo.com
Thu Mar 31 15:03:40 EST 2005 

Hi Dennis,

two things show that the rate-limit isn't applied: 
1- I did the show wun int virtual-access 1 and it was
not there
2- i tried the bandwdith and i was able to get 512K
while the rate-limit should only give me 16K

Elie

--- Dennis Peng <dpeng at cisco.com> wrote:

> How do you know the rate-limit isn't being applied?
> Can you do a "show
> run int virtual-acces X" after the session comes up?
> It is normal to
> see the "not applied" debug message during IPCP. The
> attribute is
> applied during LCP only. OtherOther helpful debugs
> will be "debug aaa
> per-user" and "debug vtemplate cloning/error".
> 
> Dennis
> 
> Dib Elie [elie_dib at yahoo.com] wrote:
> > Hi,
> > 
> > this is my first listing here. I am trying to
> setup a
> > PPPoE scenario using 4500 Router and Cisco Secure
> ACS.
> > I am able to authenticate the user and give him
> > access. I al also trying to limit the bandwidth of
> > each user using cisco avpair but i am not able to
> do
> > so.
> > 
> > this is the configuration done on the router:
> > 
> > version 12.2
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > !
> > hostname R8
> > !
> > aaa new-model
> > aaa group server radius elie
> >  server 10.10.10.2 auth-port 1645 acct-port 1646
> > !
> > aaa authentication login default local
> > aaa authentication ppp default group elie
> > aaa authorization network default group elie 
> > aaa nas port extended
> > !
> > username cisco password 0 cisco
> > ip subnet-zero
> > no ip domain-lookup
> > !
> > vpdn enable
> > !
> > vpdn-group 1
> >  accept-dialin
> >   protocol pppoe
> >   virtual-template 1
> > !
> > !
> > !
> > !
> > interface Ethernet0
> >  no ip address
> >  load-interval 30
> >  media-type 10BaseT
> >  pppoe enable
> > !
> > interface Ethernet1
> >  ip address 10.10.10.1 255.255.255.0
> >  load-interval 30
> >  media-type 10BaseT
> > !
> > interface Virtual-Template1
> >  ip unnumbered Ethernet1
> >  ip mtu 1492
> >  load-interval 30
> >  no peer default ip address
> >  ppp authentication chap
> > !
> > ip classless
> > ip flow-export version 5
> > no ip http server
> > !
> > radius-server host 10.10.10.2 auth-port 1645
> acct-port
> > 1646 key cisco
> > radius-server attribute nas-port format d
> > radius-server vsa send accounting
> > radius-server vsa send authentication
> > !
> > line con 0
> > line aux 0
> > line vty 0 4
> > !
> > end
> >  
> > 
> > and this is the output of the "debug radius" done
> on
> > the router:
> > 
> > 00:34:02: %LINK-3-UPDOWN: Interface
> Virtual-Access1,
> > changed state to up
> > 00:34:02: RADIUS: ustruct sharecount=2
> > 00:34:02: Radius: radius_port_info() success=1
> > radius_nas_port=17
> > 00:34:02: RADIUS: added cisco VSA 2 len 16
> > "Virtual-Access1*"
> > 00:34:02: RADIUS: Initial Transmit
> Virtual-Access1* id
> > 18 10.10.10.2:1645, Access-Request, len 100
> > 00:34:02:         Attribute 4 6 0A0A0A01
> > 00:34:02:         Attribute 5 6 1F000000
> > 00:34:02:         Attribute 26 24 0000000902125669
> > 00:34:02:         Attribute 61 6 00000005
> > 00:34:02:         Attribute 1 7 63697363
> > 00:34:02:         Attribute 3 19 1314D9B2
> > 00:34:02:         Attribute 6 6 00000002
> > 00:34:02:         Attribute 7 6 00000001
> > 00:34:02: RADIUS: Received from id 18
> 10.10.10.2:1645,
> > Access-Accept, len 209
> > 00:34:02:         Attribute 26 121
> 0000000901736C63
> > 00:34:02:         Attribute 6 6 00000002
> > 00:34:02:         Attribute 7 6 00000001
> > 00:34:02:         Attribute 10 6 00000003
> > 00:34:02:         Attribute 12 6 00000578
> > 00:34:02:         Attribute 8 6 FFFFFFFF
> > 00:34:02:         Attribute 25 38 43495343
> > 00:34:02: RADIUS: cisco AVPair
> > "lcp:interface-config=rate-limit input
> access-group
> > 101 16000 2000 2000 conform-action transmit
> > exceed-action drop"
> > 00:34:02: RADIUS: cisco AVPair
> > "lcp:interface-config=rate-limit input
> access-group
> > 101 16000 2000 2000 conform-action transmit
> > exceed-action drop" not applied for ip
> > 00:34:02: RADIUS: allowing negotiated framed
> address 
> > 00:34:02: RADIUS: cisco AVPair
> > "lcp:interface-config=rate-limit input
> access-group
> > 101 16000 2000 2000 conform-action transmit
> > exceed-action drop" not applied for ip
> > 00:34:02: RADIUS: allowing negotiated framed
> address
> > 20.20.20.1
> > 00:34:03: %LINEPROTO-5-UPDOWN: Line protocol on
> > Interface Virtual-Access1, changed state to up
> > 
> > any suggestions,
> > 
> > Regards
> > Elie
> > 
> > 
> > 		
> > __________________________________ 
> > Do you Yahoo!? 
> > Yahoo! Small Business - Try our new resources
> site!
> > http://smallbusiness.yahoo.com/resources/ 
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> 



		
__________________________________ 
Yahoo! Messenger 
Show us what our next emoticon should look like. Join the fun. 
http://www.advision.webevents.yahoo.com/emoticontest

More information about the cisco-bba mailing list