[c-nsp] Problem with session on ars1001x

dmitry at zhigulinet.ru dmitry at zhigulinet.ru
Tue Dec 1 06:19:58 EST 2015


Hi all, i have asr1001x

Something I have problem with session. I do not manage sassion on
raidius COA, but session kill and start again, I some time can
manage session!!
Please help me!

Cisco IOS XE Software, Version 03.13.02.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSAL-M), Version 15.4(3)S2, RELEASE SOFTWARE (fc3)



My coa






Router#sho subscriber session username 10.90.0.33 de
Router#sho subscriber session username 10.90.0.33 detailed 
Type: IPv4, UID: 30, State: authen, Identity: 10.90.0.33
IPv4 Address: 10.90.0.33 
Session Up-time: 00:29:33, Last Changed: 00:21:37
Switch-ID: 4209

Policy information:
  Context 7FEBC5783910: Handle EC000050
  AAA_id 0000003D: Flow_handle 0
  Authentication status: authen
  Downloaded User profile, excluding services:
    ssg-service-info     0   "QU;20480000;2560000;3840000;D;20480000;2560000;3840000"
    accounting-list      0   "billing-auth"
    addr                 0   10.90.0.33
    username             0   "10.90.0.33"
    ssg-account-info     0   "AFWPOL-BLOCK-REDIRECT"
  Downloaded User profile, including services:
    ssg-service-info     0   "QU;20480000;2560000;3840000;D;20480000;2560000;3840000"
    accounting-list      0   "billing-auth"
    addr                 0   10.90.0.33
    username             0   "10.90.0.33"
    ssg-account-info     0   "AFWPOL-BLOCK-REDIRECT"
  Config history for session (recent to oldest):
    Access-type: Web-service-logon Client: SM
     Policy event: Apply Config Success (Unapplied) (Service)
      Profile name: FWPOL-BLOCK-REDIRECT, 5 references 
        password             0   <hidden>
        username             0   "FWPOL-BLOCK-REDIRECT"
        sss-service          0   6 [local-termination]
        traffic-class        0   "input access-group name ACL-BLOCK-REDIRECT"
        l4redirect           0   "redirect to group RSG-BLOCK-REDIRECT"
        traffic-class        0   "input default drop"
        traffic-class        0   "output default drop"
    Access-type: Web-service-logon Client: Push Command-Handler
     Policy event: Process Config (Service)
      Profile name: FWPOL-BLOCK-REDIRECT, 5 references 
        password             0   <hidden>
        username             0   "FWPOL-BLOCK-REDIRECT"
        sss-service          0   6 [local-termination]
        traffic-class        0   "input access-group name ACL-BLOCK-REDIRECT"
        l4redirect           0   "redirect to group RSG-BLOCK-REDIRECT"
        traffic-class        0   "input default drop"
        traffic-class        0   "output default drop"
    Access-type: IP Client: Push Command-Handler
     Policy event: Process Config
      Profile name: 10.90.0.33, 3 references 
        username             0   "10.90.0.33"
        ssg-account-info     0   "AFWPOL-BLOCK-REDIRECT"
    Access-type: Web-service-logon Client: SM
     Policy event: Apply Config Success (Unapplied) (Service)
      Profile name: FWPOL-BLOCK-REDIRECT, 5 references 
        password             0   <hidden>
        username             0   "FWPOL-BLOCK-REDIRECT"
        sss-service          0   6 [local-termination]
        traffic-class        0   "input access-group name ACL-BLOCK-REDIRECT"
        l4redirect           0   "redirect to group RSG-BLOCK-REDIRECT"
        traffic-class        0   "input default drop"
        traffic-class        0   "output default drop"
    Access-type: Web-service-logon Client: Push Command-Handler
     Policy event: Process Config (Service)
      Profile name: FWPOL-BLOCK-REDIRECT, 5 references 
        password             0   <hidden>
        username             0   "FWPOL-BLOCK-REDIRECT"
        sss-service          0   6 [local-termination]
        traffic-class        0   "input access-group name ACL-BLOCK-REDIRECT"
        l4redirect           0   "redirect to group RSG-BLOCK-REDIRECT"
        traffic-class        0   "input default drop"
        traffic-class        0   "output default drop"
    Access-type: IP Client: Push Command-Handler
     Policy event: Process Config
      Profile name: 10.90.0.33, 3 references 
        username             0   "10.90.0.33"
        ssg-account-info     0   "AFWPOL-BLOCK-REDIRECT"
    Access-type: IP Client: SM
     Policy event: Service Selection Request
      Profile name: 10.90.0.33, 2 references 
        ssg-service-info     0   "QU;20480000;2560000;3840000;D;20480000;2560000;3840000"
        accounting-list      0   "billing-auth"
        addr                 0   10.90.0.33
  Rules, actions and conditions executed:
    subscriber rule-map CTRL-IPOE
      condition always event session-start
        10 set-timer TIMER-AUTH 7200
        20 authorize aaa list billing-auth identifier source-ip-address 
    subscriber rule-map default-internal-rule
      condition always event service-start
        1 service-policy type service identifier service-name
    subscriber rule-map default-internal-rule
      condition always event service-stop
        1 service-policy type service unapply identifier service-name
    subscriber rule-map default-internal-rule
      condition always event service-start
        1 service-policy type service identifier service-name
    subscriber rule-map default-internal-rule
      condition always event service-stop
        1 service-policy type service unapply identifier service-name

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    12979      1769117                0    Match Any
1           Out   16885      13161591               0    Match Any

Template Id : 17

Features:

Accounting:
Class-id   Dir  Packets    Bytes                 Source
0          In   12331      1557153               Peruser
1          Out  17020      13078814              Peruser

Policing:
Class-id   Dir  Avg. Rate   Normal Burst  Excess Burst Source
0          In   20480000    2560000       3840000      Peruser
1          Out  20480000    2560000       3840000      Peruser

Configuration Sources:
Type  Active Time  AAA Service ID  Name
USR   00:29:33     -               Peruser
INT   00:29:33     -               TenGigabitEthernet0/0/0



-- 
С уважением,
 Dmitry                          mailto:dmitry at zhigulinet.ru



More information about the cisco-nsp mailing list