[c-nsp] Apply service policy via Radius?

Cassidy Larson alandaluz at gmail.com
Thu Mar 29 01:31:27 EDT 2012


Ah, that explains things.   But for some reason all of my sessions do
not have an Inbound Policy map applied, only Outbound.

Snippit of debug:

RADIUS:  Vendor, Cisco       [26]  59
RADIUS:   Cisco AVpair       [1]   53
"ip:sub-qos-policy-in=512K_CIR-1536K_MIR-U"
RADIUS:  Vendor, Cisco       [26]  60
RADIUS:   Cisco AVpair       [1]   54
"ip:sub-qos-policy-out=768K_CIR-1536K_MIR-D"

sub-qos-policy-in    "512K_CIR-1536K_MIR-U"
sub-qos-policy-out   "768K_CIR-1536K_MIR-D"
SSS PM: No VPDN attributes or policy found
SSS AAA AUTHOR [uid:262]: SIP PPP[22F9E0E4] parsed as Success
SSS AAA AUTHOR [uid:262]: SIP PPP[2379C4A0] parsed as Ignore
SSS AAA AUTHOR [uid:262]: SIP PPPoE[2304E288] parsed as Success
SSS AAA AUTHOR [uid:262]: SIP Root parser not installed

Any magic trick to getting the Inbound rules to get applied?

Thanks,

-c

On Wed, Mar 28, 2012 at 6:59 PM, Reuben Farrelly
<reuben-cisco-nsp at reub.net> wrote:
> It works on 15.1M - at least on the 2800s and 7200s (I've got 15.1(4)M3 in
> production and planning 15.1(4)M4 which just came out a couple of days ago).
>
> The secret combo probably relates to how you are checking out the feature:
>
> rt1.nsw#show subscriber session username xxx at yyy
> Unique Session ID: 259
> Identifier: xxx at yyy
> SIP subscriber access type(s): VPDN/PPP
> Current SIP options: Req Fwding/Req Fwded
> Session Up-time: 2w6d    , Last Changed: 2w6d
> Interface: Virtual-Access17
>
> Policy information:
>  Authentication status: authen
>
> Session inbound features:
>  Feature: QoS Policy Map
>  Input Policy Map: police-0.512M
>
> Session outbound features:
>  Feature: QoS Policy Map
>  Output Policy Map: police-0.512M
>
> Non-datapath features:
>  Feature: Interface-Config
>
> Configuration sources associated with this session:
> Interface: Virtual-Template10, Active Time = 2w6d
>
> rt1.nsw#
>
> Note: nothing shows up if you do a 'show policy-map interface virtual-access
> 10', you need to use the 'show subscriber' command instead.
>
> I did ask the TAC engineer at the time of resolving the bug if the command
> syntax could be fixed as well so that it is consistent across interface
> types, but apparently this needed to go through as an 'enhancement' via our
> AM and needed a business case before it would be considered etc etc
>
> Reuben
>
>
>
> On 29/03/2012 11:26 AM, Cassidy Larson wrote:
>>
>> Just resurrecting an old thread.
>>
>> Anybody have any new information on "Per-user QoS policies via RADIUS" on
>> 15.1?
>> I have a 1941 running 15.1(4)M1 that I'd like to accept the above, but
>> am unable to figure out the secret combo.
>>
>> Thanks,
>>
>> -c
>>
>>
>> On Mon, Mar 8, 2010 at 3:00 AM, Reuben Farrelly
>> <reuben-cisco-nsp at reub.net>  wrote:
>>>
>>> What version of IOS code are you running?
>>>
>>> Just in case this apples to you, note that the feature "Per-user QoS
>>> policies applied via RADIUS" is broken in all versions of IOS 15.0, and
>>> as
>>> far as I can tell, many versions of 12.4T including 12.4(15)Tx and
>>> possibly
>>> earlier, on multiple platforms.  Apparently the code is "broken" on the
>>> 7200
>>> and "the feature is not present" on the ISRs.  I reported this bug to TAC
>>> and tested on both 7200 and ISR (2851) platforms.
>>>
>>> 12.4M works OK on both platforms so you might want to try out 12.4(25)c
>>> on
>>> either platform, where the code "exists" and "works".
>>>
>>> See CSCte95297 for the gory details.
>>>
>>> Reuben
>>>
>>>
>>>
>>> mb at adv.gcomm.com.au wrote:
>>>>
>>>>
>>>> Hi,
>>>>
>>>> Have DSL users terminating on LNS(7204) via Eth, with radius auth -
>>>> Trying to apply the following service policy(Configured on LNS) upon
>>>> successful auth:
>>>>
>>>> policy-map JF-2MB-ADSL
>>>> class class-default
>>>>    shape average 1850000
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list