[rbak-nsp] Static and dynamic clips on the same interface.

Илья Савин savin at orn.ru
Wed Apr 21 04:03:47 EDT 2010 

Thanks!

I've removed some attrs from radius reply, now its works.

Radius reply:

Wed Apr 21 11:45:26 2010
       Packet-Type = Access-Accept
       Acct-Interim-Interval := 600
       Service-Type := Dialout-Framed-User
       Framed-IP-Address := 80.76.188.40
       Qos-Rate-Inbound = "11000:2750000"
       Qos-Rate-Outbound = "11000:2750000"
       Qos-Policy-Policing := "pinet_office"
       Qos-Policy-Metering := "inet_office"



WBR,
Ilya Savin.


21 apr 2010 г. 9:48  Denis Mikhaylovskiy
<denis.mikhaylovskiy at ericsson.com> wrote:
> Ok. Let's take it offline.
>
>
> /denis
>
> -----Original Message-----
> From: ilya.v.savin at gmail.com [mailto:ilya.v.savin at gmail.com] On Behalf Of Илья Савин
> Sent: Wednesday, April 21, 2010 9:36 AM
> To: Denis Mikhaylovskiy
> Cc: redback-nsp
> Subject: Re: [rbak-nsp] Static and dynamic clips on the same interface.
>
> Hi, Denis.
>
> Changing dhcp-max-leases to 1 does not affect.
>
> WBR,
> Ilya Savin.
>
>
> 21 arp 2010 г. 9:11 Denis Mikhaylovskiy
> <denis.mikhaylovskiy at ericsson.com> wrote:
>> Hi,
>>
>> Static and dynamic clips as well requires dhcp-max-leases equal to 1.
>> Please adjust it in the radius subscriber record.
>>
>>
>> Regards,
>> /denis
>>
>> -----Original Message-----
>> From: redback-nsp-bounces at puck.nether.net [mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of Илья Савин
>> Sent: Tuesday, April 20, 2010 9:15 PM
>> To: redback-nsp
>> Subject: [rbak-nsp] Static and dynamic clips on the same interface.
>>
>> Hi.
>>
>> Is it possible to use static and dynamic clips on the same interface
>> and same context?
>>
>> Port config:
>>
>> port ethernet 2/3
>>  no shutdown
>>  encapsulation dot1q
>>  dot1q pvc 11
>>  bind interface office_int office
>>  service clips dhcp context office
>>  clips pvc 1
>>   bind subscriber 00:0c:29:84:db:14 at office
>>
>> Context "office" configured for dynamic clips with radius
>> authorisation. After comand "bind subscriber 00:0c:29:84:db:14 at office"
>> redback send to radius auth query, then acct-start query.
>>
>> But clips session halts on "AwaitIp" status:
>> [office]Redback#sh clips
>> Circuit                              IpAddr          Username
>> ------------------------------------ --------------- ---------------
>> 2/3 vlan-id 11 clips 1               AwaitIp         00:0c:29:84:db:14 at office
>>
>> Context config:
>>
>> context office
>> !
>>  no ip domain-lookup
>> !
>>  interface main loopback
>>  ip address 80.76.178.3/32
>>   ip source-address telnet snmp ssh radius tacacs+ syslog dhcp-server
>> tftp ftp icmp-dest-unreachable icmp-time-exceed netop flow-ip
>> !
>>  interface office_int multibind
>>  ip address 80.76.188.254/24
>>  dhcp server interface
>>  no logging console
>> !
>>  ip access-list cool
>>  seq 3 permit ip host 80.76.188.3
>>  seq 10 permit ip host 80.76.188.10
>>  seq 20 permit ip host 80.76.188.151
>>  seq 300 permit udp any eq bootpc
>>  seq 301 permit udp any eq bootps
>>  seq 500 permit ip 80.76.188.0 0.0.0.255 192.168.0.0 0.0.255.255
>>  seq 520 permit ip 80.76.188.0 0.0.0.255 10.16.0.0 0.0.255.255
>>  seq 1000 deny ip any any
>> !
>>  ip access-list incoming
>>  seq 10 permit ip 80.76.176.0 0.0.15.255 any
>>  seq 20 permit tcp any any established
>>  seq 30 deny tcp any 80.76.188.128 0.0.0.127
>>  seq 40 deny icmp any 80.76.188.128 0.0.0.127 icmp-type echo
>>  seq 1000 permit ip any
>> !
>>  policy access-list SERVICE_out
>>  seq 10 permit ip any any class SERVICE1
>> !
>>  aaa authentication administrator local
>>  aaa authentication administrator maximum sessions 1
>>  aaa authentication subscriber radius
>>  aaa encrypted-password default ***********
>>  aaa accounting subscriber radius
>>  aaa accounting event dhcp
>>  radius accounting server 80.76.176.35 encrypted-key *********** port ****
>>  radius accounting server 80.76.176.35 encrypted-key ***********
>>  radius coa server 80.76.176.18 encrypted-key *********** port ****
>> !
>>  radius server 80.76.176.35 encrypted-key *********** port ****
>>  radius attribute calling-station-id format agent-circuit-id agent-remote-id
>>  radius attribute nas-port-id format all
>> !
>>  subscriber default
>>   ip access-group incoming out
>> !
>>  ip route 0.0.0.0/0 context bgp
>>  ip route 192.168.0.0/16 80.76.188.252
>> !
>>  dhcp server policy
>>   option domain-name-server 80.76.176.10
>>   subnet 80.76.188.0/24
>>     option router 80.76.188.254
>>     option domain-name-server 80.76.176.10 8.8.8.8
>>     option static-route 192.168.0.0 80.76.188.250
>> !
>> !
>>
>> Auth-Reply from radius:
>> Tue Apr 20 20:46:34 2010
>>        Packet-Type = Access-Accept
>>        Acct-Interim-Interval := 600
>>        Qos-Rate-Inbound = "11000:2750000"
>>        Qos-Rate-Outbound = "11000:2750000"
>>        Qos-Policy-Policing := "pinet_office"
>>        Qos-Policy-Metering := "inet_office"
>>        Framed-IP-Address := 80.76.188.40
>>        Framed-IP-Netmask := 255.255.255.0
>>        Session-Timeout := 3600
>>        Service-Type := Dialout-Framed-User
>>        DHCP-Max-Leases = 5
>>
>>
>>
>> Thanks.
>>
>>
>> WBR,
>> Ilya Savin.
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>

More information about the redback-nsp mailing list