[c-nsp] Cisco 7301, Radius and AV-Pairs

Pshem Kowalczyk pshem.k at gmail.com
Sun Nov 4 23:43:43 EST 2007


Hi,

We had similar issue with 7301. The way we got it sorted is by using
different AV-Pair:

Cisco-AVPair = "lcp:interface-config=service-policy output policy-256"

and policy on the router:

policy-map policy-256
 description Default shaping policy
  class class-default
   police 256000 48000 96000 conform-action transmit  exceed-action
drop  violate-action drop

We used to have a lot of 7301 terminating UBS from TCNZ, if you need
any more help - contact me please off the list.

kind regards
Pshem

On 05/11/2007, Mike Cooper <m.cooper at actrix.co.nz> wrote:
> Hi all,
>
> I have a Cisco 7301 router (12.3(4r)T2) in use terminating ADSL sessions.
>
> I'm attempting to use AV-Pairs to rate limit the virtual-access
> interfaces, however am running into an issue with the virtual-access
> interface dropping out on applying the rate limiting.
>
> My configuration seems correct as the AVpair is being received and
> processed.
>
> This functionality was previously working on a 7206vxr.
>
> The database field size storing the AVpair is somewhat short, so am
> using the bare minimum of characters to complete the command (this could
> be changed to facilitate typing the full command, but not sure it'd
> change things):
> lcp:interface-config=rat out 256000 48000 96000 con tra exc dro
>
> Any suggestions gratefully received:
>
> Nov  5 12:56:38 wn-cisco-r5 5760382: Nov  5 12:56:38: RADIUS:
> authenticator 6B BA C7 93 9B F5 C8 90 - DB FB 30 A0 65 A8 7C FE
> Nov  5 12:56:38 wn-cisco-r5 5760383: Nov  5 12:56:38: RADIUS:
> Framed-Protocol     [7]   6   PPP                       [1]
> Nov  5 12:56:38 wn-cisco-r5 5760384: Nov  5 12:56:38: RADIUS:
> User-Name           [1]   31  "testuser at cyberjet.actrix.co.nz"
> Nov  5 12:56:38 wn-cisco-r5 5760385: Nov  5 12:56:38: RADIUS:
> User-Password       [2]   18  *
> Nov  5 12:56:38 wn-cisco-r5 5760386: Nov  5 12:56:38: RADIUS:
> NAS-Port-Type       [61]  6   Virtual                   [5]
> Nov  5 12:56:38 wn-cisco-r5 5760387: Nov  5 12:56:38: RADIUS:
> NAS-Port            [5]   6
> Nov  5 12:56:38 wn-cisco-r5 5760388: 1953
> Nov  5 12:56:38 wn-cisco-r5 5760389: Nov  5 12:56:38: RADIUS:
> Calling-Station-Id  [31]  8   "atm 11"
> Nov  5 12:56:38 wn-cisco-r5 5760390: Nov  5 12:56:38: RADIUS:
> Called-Station-Id   [30]  41  "0.5800673:58.673#184590850##speed:UBR#/"
> Nov  5 12:56:38 wn-cisco-r5 5760391: Nov  5 12:56:38: RADIUS:
> Service-Type        [6]   6   Framed                    [2]
> Nov  5 12:56:38 wn-cisco-r5 5760392: Nov  5 12:56:38: RADIUS:
> NAS-IP-Address      [4]   6   202.49.152.166
> Nov  5 12:56:38 wn-cisco-r5 5760393: Nov  5 12:56:38: RADIUS: Received
> from id 1645/219 203.96.16.102:1645, Access-Accept, len 103
> Nov  5 12:56:38 wn-cisco-r5 5760394: Nov  5 12:56:38: RADIUS:
> authenticator 90 2B E9 B1 44 57 1E 26 - F0 99 27 78 53 9A 89 97
> Nov  5 12:56:38 wn-cisco-r5 5760395: Nov  5 12:56:38: RADIUS:
> Framed-IP-Address   [8]   6   202.154.158.4
> Nov  5 12:56:38 wn-cisco-r5 5760396: Nov  5 12:56:38: RADIUS:  Vendor,
> Cisco       [26]  71
> Nov  5 12:56:38 wn-cisco-r5 5760397: Nov  5 12:56:38: RADIUS:   Cisco
> AVpair       [1]   65  "lcp:interface-config=rat out 256000 48000 96000 con
> tra exc dro"
> Nov  5 12:56:38 wn-cisco-r5 5760398: Nov  5 12:56:38: RADIUS:
> Acct-Interim-Interva[85]  6   300
> Nov  5 12:56:38 wn-cisco-r5 5760399: Nov  5 12:56:38: RADIUS(004F2BAE):
> Received from id 1645/219
> Nov  5 12:56:38 wn-cisco-r5 5760400: Nov  5 12:56:38: ppp1953 PPP/AAA:
> Check Attr: addr
> Nov  5 12:56:38 wn-cisco-r5 5760401: Nov  5 12:56:38: ppp1953 PPP/AAA:
> Check Attr: interface-config: Peruser I/F
> Nov  5 12:56:38 wn-cisco-r5 5760402: Nov  5 12:56:38: ppp1953 PPP/AAA:
> Check Attr: acct-interval
> Nov  5 12:56:38 wn-cisco-r5 5760403: Nov  5 12:56:38:
> AAA/BIND(004F2BAE): Bind i/f Virtual-Access1677
> Nov  5 12:56:38 wn-cisco-r5 5760404: Nov  5 12:56:38: %LINK-3-UPDOWN:
> Interface Virtual-Access1677, changed state to up
> Nov  5 12:56:38 wn-cisco-r5 5760405: Nov  5 12:56:38: Vi1677
> AAA/AUTHOR/LCP: Process Author
> Nov  5 12:56:38 wn-cisco-r5 5760406: Nov  5 12:56:38: Vi1677
> AAA/AUTHOR/LCP: Process Attr: interface-config
> Nov  5 12:56:38 wn-cisco-r5 5760407: Nov  5 12:56:38: AAA/AUTHOR:
> Processing PerUser AV interface-config
> Nov  5 12:56:38 wn-cisco-r5 5760408: Nov  5 12:56:38: Vi1677
> AAA/AUTHOR/LCP: Process Attr: interface-config
> Nov  5 12:56:38 wn-cisco-r5 5760409: Nov  5 12:56:38: Vi1677
> AAA/AUTHOR/LCP: Process Attr: acct-interval
> Nov  5 12:56:38 wn-cisco-r5 5760410: Nov  5 12:56:38: Vi1677
> AAA/AUTHOR/LCP: IF_config:
> Nov  5 12:56:38 wn-cisco-r5 5760411: rat out 256000 48000 96000 con tra
> exc dro
> Nov  5 12:56:38 wn-cisco-r5 5760412:
> Nov  5 12:56:39 wn-cisco-r5 5760413: Nov  5 12:56:38: %LINK-3-UPDOWN:
> Interface Virtual-Access1677, changed state to down
>
>
>
> --
> Mike Cooper
> Systems Engineer
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list