[rbak-nsp] Static and dynamic clips on the same interface.

Илья Савин savin at orn.ru
Tue Apr 20 13:14:33 EDT 2010


Hi.

Is it possible to use static and dynamic clips on the same interface
and same context?

Port config:

port ethernet 2/3
 no shutdown
 encapsulation dot1q
 dot1q pvc 11
  bind interface office_int office
  service clips dhcp context office
  clips pvc 1
   bind subscriber 00:0c:29:84:db:14 at office

Context "office" configured for dynamic clips with radius
authorisation. After comand "bind subscriber 00:0c:29:84:db:14 at office"
redback send to radius auth query, then acct-start query.

But clips session halts on "AwaitIp" status:
[office]Redback#sh clips
Circuit                              IpAddr          Username
------------------------------------ --------------- ---------------
2/3 vlan-id 11 clips 1               AwaitIp         00:0c:29:84:db:14 at office

Context config:

context office
!
 no ip domain-lookup
!
 interface main loopback
  ip address 80.76.178.3/32
   ip source-address telnet snmp ssh radius tacacs+ syslog dhcp-server
tftp ftp icmp-dest-unreachable icmp-time-exceed netop flow-ip
!
 interface office_int multibind
  ip address 80.76.188.254/24
  dhcp server interface
 no logging console
!
 ip access-list cool
  seq 3 permit ip host 80.76.188.3
  seq 10 permit ip host 80.76.188.10
  seq 20 permit ip host 80.76.188.151
  seq 300 permit udp any eq bootpc
  seq 301 permit udp any eq bootps
  seq 500 permit ip 80.76.188.0 0.0.0.255 192.168.0.0 0.0.255.255
  seq 520 permit ip 80.76.188.0 0.0.0.255 10.16.0.0 0.0.255.255
  seq 1000 deny ip any any
!
 ip access-list incoming
  seq 10 permit ip 80.76.176.0 0.0.15.255 any
  seq 20 permit tcp any any established
  seq 30 deny tcp any 80.76.188.128 0.0.0.127
  seq 40 deny icmp any 80.76.188.128 0.0.0.127 icmp-type echo
  seq 1000 permit ip any
!
 policy access-list SERVICE_out
  seq 10 permit ip any any class SERVICE1
!
 aaa authentication administrator local
 aaa authentication administrator maximum sessions 1
 aaa authentication subscriber radius
 aaa encrypted-password default ***********
 aaa accounting subscriber radius
 aaa accounting event dhcp
 radius accounting server 80.76.176.35 encrypted-key *********** port ****
 radius accounting server 80.76.176.35 encrypted-key ***********
 radius coa server 80.76.176.18 encrypted-key *********** port ****
!
 radius server 80.76.176.35 encrypted-key *********** port ****
 radius attribute calling-station-id format agent-circuit-id agent-remote-id
 radius attribute nas-port-id format all
!
 subscriber default
   ip access-group incoming out
!
 ip route 0.0.0.0/0 context bgp
 ip route 192.168.0.0/16 80.76.188.252
!
 dhcp server policy
   option domain-name-server 80.76.176.10
   subnet 80.76.188.0/24
     option router 80.76.188.254
     option domain-name-server 80.76.176.10 8.8.8.8
     option static-route 192.168.0.0 80.76.188.250
!
!

Auth-Reply from radius:
Tue Apr 20 20:46:34 2010
        Packet-Type = Access-Accept
        Acct-Interim-Interval := 600
        Qos-Rate-Inbound = "11000:2750000"
        Qos-Rate-Outbound = "11000:2750000"
        Qos-Policy-Policing := "pinet_office"
        Qos-Policy-Metering := "inet_office"
        Framed-IP-Address := 80.76.188.40
        Framed-IP-Netmask := 255.255.255.0
        Session-Timeout := 3600
        Service-Type := Dialout-Framed-User
        DHCP-Max-Leases = 5



Thanks.


WBR,
Ilya Savin.


More information about the redback-nsp mailing list