ISG L4 redirect
Hi,
My client is using Cisco ISG. Setup is as described below.
1. Client makes a request through browser for xyz.com.
2. Through routing, the request reaches to ISG.
3. ISG is configured to redirect port 80 and 443 requests to squid proxy server(running with iptables to support transparent proxy).
4. Squid serves the request.
The problem we are facing is described below.
Observation
If a user makes request for http://www.wikipedia.org then the client request header should look like:
src: client_IP:random_port
dst: wikipedia.org(ip_address):http
http request: http_request details. (host,url,etc..)
and squid should get the packet like that.
But since Cisco ISG is in between which seems to be changing the client request header like:
src: client_IP:random_port
dst: squid_IP:http
http request: http_request details. (host,url,etc..)
and eventually squid returns TCP_MISS/503(Service not Available) since there are no web resources on squid server which are requested by the client.
The scenario described above is quite evident in the access.log entries.
===========
local=*10.58.200.33:80 remote=10.210.83.249:*3375 FD 10 flags=33: accepted
===========
And pcap logs
===========
"178","30.278035","10.210.83.247","10.58.200.33","TCP","68","1378→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1360 WS=256 SACK_PERM=1"
"179","30.278094","10.58.200.33","10.210.83.247","TCP","68","80→1378 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"
"181","30.314009","10.210.83.247","10.58.200.33","TCP","62","1378→80 [ACK] Seq=1 Ack=1 Win=17408 Len=0"
===========
Question.
1. Does cisco ISG changes the destination IP of the packet.?
2. If it changes the IP then how next hope will understand where to send the packet.?
3. Any suggestions..??
Thanks & Regards,
Jaykbvt
Hello,
UBR platforms (ubr10k and ubr7200) do not support ISG feature set.
I hope this clarifies your concern.
Best regards.
Similar Messages
-
Hello Dears,
I spent that last couple hours trying to make a simple L4 redirect for web session to a server group with no luck. here is my configuration on 7200VXR router. My laptop connected to interface gig0/1 with ip address 192.168.1.1 gw 192.168.1.100. and I'm capbable to browse internet on the laptop but no redirection happens
ip nat inside source list 2 interface GigabitEthernet0/3 overload
interface GigabitEthernet0/1
ip address 192.168.1.100 255.255.255.0
ip nat inside
no ip route-cache cef
no ip route-cache
media-type rj45
speed auto
duplex auto
negotiation auto
service-policy type control intial-rdt
ip subscriber interface
access-list 199 permit tcp any any eq www
access-list 199 deny ip any any
class-map type traffic match-any CLASS-ALL
match access-group output 199
match access-group input 199
policy-map type service initial-rdt-profile
class type traffic CLASS-ALL
redirect to ip 74.125.230.81 port 80
policy-map type control intial-rdt
class type control always event session-start
1 service-policy type service name initial-rdt-profile
------------- DEBUG
Rule: intial-rdt
Class-map: always event session-start
Action: 1 service-policy type service name initial-rdt-profile
Executed: 0
Class-map: match-any CLASS-ALL
Output:
Extended IP access list 199
10 permit tcp any any eq www
20 deny ip any any
Input:
Extended IP access list 199
10 permit tcp any any eq www
20 deny ip any anyISG control and service policy-maps look good.
Could you provide the output of sh subscriber session de ? and the interface config ? -
Has anyone used (or is knowledgeable on) ISG feature? (Intelligent Services Gateway)
Hi,
I am trying to obtain more information about the ISG feature on 7200 and 7600 platforms and finding it very difficult to obtain answers from distributors or even Cisco representatives.
The main questions are:
- How many subscribers include the 7200 license?, provided that my subscribers would be of IP-type (not tunnelled).
FR-ISG72
ISG Feature License for 7200
FR-ISG72=
ISG Feature License for 7200
- What other licenses are needed in a 7200 platform?
I believe, maybe:
FR-BUS72
Cisco IOS 7200/7300/7400 Series Broadband 8000 User License
FR-BUS72=
Cisco IOS 7200 Series Broadband User Services License
- On Cico 7600, ISG is licensed in steps of 8000 subscribers. If I have a redundant system (two routing engines), do I need to buy the license twice?
76-ES+ISG-LIC
ES+ Intelligent Services Gateway SW License, 8K subs, 8 VRF
76-ES+ISG-LIC=
ES+ Internet Services Gateway (ISG) Software License
ThanksThanks indeed for your response.
In fact I could not obtain any support at all from Cisco (Spain) even if I explained we were a small software company that required ISG to complement an existing solution for a BIG mobile operator. The question was supposed to be escalated to the US more than 1 month ago.
Myself, I was actually able to better understand the configuration and licenses required for the feature, with a final question about the capacity (maximum number of sessions). My conclusions and questions are at the end of this email, in case you or anyone else is interested.
Anyway, our main requirement is not traffic shaping, but providing a captive portal (redirect unauthorized traffic to some node, and be able to let the box know when an IP is "authorized"/"unauthorized".Cisco used to have a smaller feature to do this called SSG (service selection gateway) which is end-of-lifed, I believe.
If you know a box that does this, please advise! And it would be nice if you could recommend an "inline packet swatter".
For demo, I have done it myself with linux and iptables, but the time to make it business-class may be more costly than buying some product.
The issues I have had trying to find out information from Juniper ("subscriber management" feature) are similar!!
Final Question about ISG capacity
We wish to use the Intelligent Services Gateway (ISG) functionality, which seems supported only on Cisco 10000, 7600, 7300 and 7200 routers.
Our traffic requirements are not too high (500Mbps), but due to the following number of sessions limitation in 7200/7300, the right platform for us seems the 7600:
"The Cisco 7200 Series and Cisco 7301 scale from 4000 to 8000 sessions"
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6549/ps6588/prod_bulletin0900aecd804a2c70.html
We would actually need 50000-100000 consurrent sessions.
On Cisco 7600, the feature seems supported by default on Cisco IOS 12.2SR without the need for an extra license, even with the plain "IP Services" flavour of IOS.
However, we have the following fundamental questions that we could not completely resolve with the documentation or software configurator tool.
Maximum number of consurrent sessions supported
Our sessions would be of the "IP session" kind, meaning:
"An IP session includes all the traffic that is associated with a single subscriber IP address".
On the documentation, this is the applicable information that we find regarding the number of sessions:
http://www9.cisco.com/en/US/docs/ios/isg/configuration/guide/isg_acess_sub_sessns_ps6922_TSD_Products_Configuration_Guide_Chapter.html
Beginning in Cisco IOS Release 12.2(33)SRE, the Cisco 7600 router supports IP subscriber sessions only on the SIP400 and ES+ line cards
The Cisco 7600 router enforces limits on the number of IP subscriber sessions per line card and router chassis. If the number of active sessions exceeds the following limits, an error message displays:
- Cisco 7600 chassis—32,000 subscriber sessions (supported in Cisco IOS Release 12.2(33)SRE1 and later releases)
- ES+ line card—4000 subscriber sessions per port group; 16,000 sessions per line card (supported in Cisco IOS Release 12.2(33)SRE and later releases)
- SIP400 line card—8000 subscriber sessions (supported in Cisco IOS Release 12.2(33)SRD4 and later releases)
Let us suppose that we use the SIP400 line card, since ES+ is far from our networking requirements.
Please confirm/answer the following:
No special license is required to use ISG with SIP400.
Is the 8000 session limitation per SIP400 module or per SPA attached to it?
I read in the documentation, that the SAMI card enhances the maximum number of ISG sessions:
http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/isg_sup_sami_blade.html
The ISG Support for SAMI Blade feature combines the subscriber management features and functions of the Cisco Intelligent Services Gateway (ISG) with the processing power of the Cisco Service Application Module for IP (SAMI). The Cisco SAMI blade has six PowerPC (PPC) processors and occupies just one slot in the Cisco 7600 series router. This means that you can support many ISG features for up to 600,000 subscribers on a single router.
We then assume that the SAMI blade overcomes the limitations noted above: 32,000 session/chassis and 8,000 sessions/SIP400. Correct?
No extra license is required to use ISG with SAMI.
Based on this assumptions, an example configuration for a single node could be:
Product Description Quantity
CISCO7604 Cisco 7604 Chassis 1
FAN-MOD-4HS High-Speed Fan Module for 7604/6504-E 1
7604-RSP720C-P Cisco 7604 Chassis,4-slot,RSP720-3C,PS 1
2700W-AC Dummy PID 2700 W AC Power Supply for 7604 1
CAB-C19-CBN Cabinet Jumper Power Cord, 250 VAC 16A, C20-C19 Connectors 1
S764ISK9-12233SRE Cisco 7600-RSP720 IOS IP SERVICES SSH 1
7600-SIP-400 Cisco 7600 Series SPA Interface Processor-400 1
SPA-2X1GE Cisco 2-port Gigabit Ethernet Shared Port Adapter 2
WS-SVC-SAMI-BB-K9 Service Application Module for IP ( 6 x PPC w/ 1GB) (Cryto) 1 -
Hello. Just starting with ISG.
My final goal is to force ISG device to periodically check if user still has access to the service without interrupting pppoe session. if user access should be prohibited by some reason, he should be redirected to billing web-page.
First step is to make periodic check part.
Here is user profile:
user1 Cleartext-Password := "user1"
Cisco-Account-Info += "AANY",
Cisco-Control-Info += "QV1000000",
Cisco-Account-Info += "QU;10240000;D;10240000",
ANY Cleartext-Password := "cisco", Service-Type == Outbound-User
Cisco-AVPair += "ip:traffic-class=in access-group name CM_T_ANY",
Cisco-AVPair += "ip:traffic-class=in default drop",
Cisco-AVPair += "ip:traffic-class=out access-group name CM_T_ANY",
Cisco-AVPair += "ip:traffic-class=out default drop",
Cisco-AVPair += "prepaid-config=PREPAID",
Here is ASR 1002X , 03.10.03.S software:
aaa authentication ppp FREERADIUS group freeradius
aaa authorization network FREERADIUS group freeradius
aaa authorization subscriber-service FREERADIUS local group freeradius
aaa accounting network FREERADIUS start-stop group freeradius
aaa group server radius freeradius
server-private 10.0.6.10 auth-port 1812 acct-port 1813 key 7 142417081E013E
subscriber feature prepaid PREPAID
threshold time 0 seconds
threshold volume 1 Kbytes
interim-interval 1 minutes
method-list author FREERADIUS
method-list accounting FREERADIUS
password cisco
User is authenticated, service downloaded but no periodical checks coming to RADIUS and no quota get depleted.
What am i doing wrong?
asr-1002x-01#show subscriber session username user1 detailed
Type: PPPoE, UID: 200, State: authen, Identity: user1
IPv4 Address: 192.168.128.127
IPv6 Address: 2A01:8960:4::
Session Up-time: 00:22:11, Last Changed: 00:22:11
Interface: Virtual-Access2.1
Switch-ID: 4677
Policy information:
Context 7FBB6473CB60: Handle A80009BE
AAA_id 00001B1F: Flow_handle 0
Authentication status: authen
Downloaded User profile, excluding services:
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
ssg-control-info 0 "QV1000000"
ssg-account-info 0 "QU;10240000;D;10240000"
prefix 0 00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
Interface-Id 0 00 00 00 00 00 00 00 01
route 0 "2a01:8960:5::/56"
delegated-prefix 0 00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
Downloaded User profile, including services:
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
ssg-control-info 0 "QV1000000"
ssg-account-info 0 "QU;10240000;D;10240000"
prefix 0 00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
Interface-Id 0 00 00 00 00 00 00 00 01
route 0 "2a01:8960:5::/56"
delegated-prefix 0 00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
Config history for session (recent to oldest):
Access-type: Web-service-logon Client: SM
Policy event: Apply Config Success (Unapplied) (Service)
Profile name: ANY, 3 references
traffic-class 0 "in access-group name CM_T_ANY"
traffic-class 0 "in default drop"
traffic-class 0 "out access-group name CM_T_ANY"
traffic-class 0 "out default drop"
Access-type: Web-service-logon Client: SM
Policy event: Process Config Connecting (Service)
Profile name: ANY, 3 references
traffic-class 0 "in access-group name CM_T_ANY"
traffic-class 0 "in default drop"
traffic-class 0 "out access-group name CM_T_ANY"
traffic-class 0 "out default drop"
Access-type: PPP Client: SM
Policy event: Process Config Connecting
Profile name: apply-config-only, 2 references
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
ssg-control-info 0 "QV1000000"
ssg-account-info 0 "QU;10240000;D;10240000"
prefix 0 00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
Interface-Id 0 00 00 00 00 00 00 00 01
route 0 "2a01:8960:5::/56"
delegated-prefix 0 00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
Rules, actions and conditions executed:
subscriber rule-map default-internal-rule
condition always event service-start
1 service-policy type service identifier service-name
subscriber rule-map default-internal-rule
condition always event service-stop
1 service-policy type service unapply identifier service-name
Classifiers:
Class-id Dir Packets Bytes Pri. Definition
0 In 229275 13175066 0 Match Any
1 Out 714381 1038574772 0 Match Any
Features:
Static Routes:
Class-id Configuration Status Source
0 This feature is enabled Peruser
Policing:
Class-id Dir Avg. Rate Normal Burst Excess Burst Source
0 In 10240000 1920000 3840000 Peruser
1 Out 10240000 1920000 3840000 Peruser
DHCPv6 PD from AAA:
Class-id Configuration Status Source
0 This feature is enabled Peruser
Configuration Sources:
Type Active Time AAA Service ID Name
USR 00:22:11 - Peruser
INT 00:22:11 - Virtual-Template2I tried not specifying quota, but NAS never ask RADIUS for it.
For all my experiments i'm using second bba group with second virtual template and FREERADUIS aaa list.
Here's debugs:
Nov 26 08:55:57: SSS PM: ANCP not enabled on 'TenGigabitEthernet0/1/0.299' - not retrieving default shaper value
Nov 26 08:55:59: RADIUS/ENCODE(00001B97):Orig. component type = PPPoE
Nov 26 08:55:59: RADIUS: DSL line rate attributes successfully added
Nov 26 08:55:59: RADIUS(00001B97): Config NAS IP: 10.0.6.21
Nov 26 08:55:59: RADIUS(00001B97): Config NAS IPv6: ::
Nov 26 08:55:59: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Nov 26 08:55:59: RADIUS/ENCODE(00001B97): acct_session_id: 7072
Nov 26 08:55:59: RADIUS(00001B97): sending
Nov 26 08:55:59: RADIUS(00001B97): Send Access-Request to 10.0.6.10:1812 id 1645/156, len 138
Nov 26 08:55:59: RADIUS: authenticator DD A0 1E 36 65 E4 E6 38 - B0 10 9F 51 6A 11 24 09
Nov 26 08:55:59: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 26 08:55:59: RADIUS: User-Name [1] 7 "user1"
Nov 26 08:55:59: RADIUS: CHAP-Password [3] 19 *
Nov 26 08:55:59: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Nov 26 08:55:59: RADIUS: NAS-Port [5] 6 0
Nov 26 08:55:59: RADIUS: NAS-Port-Id [87] 11 "0/1/0/299"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 41
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 35 "client-mac-address=000c.2964.a91e"
Nov 26 08:55:59: RADIUS: Service-Type [6] 6 Framed [2]
Nov 26 08:55:59: RADIUS: NAS-IP-Address [4] 6 10.0.6.21
Nov 26 08:55:59: RADIUS: Acct-Session-Id [44] 10 "00001BA0"
Nov 26 08:55:59: RADIUS(00001B97): Sending a IPv4 Radius Packet
Nov 26 08:55:59: RADIUS(00001B97): Started 5 sec timeout
Nov 26 08:55:59: RADIUS: Received from id 1645/156 10.0.6.10:1812, Access-Accept, len 44
Nov 26 08:55:59: RADIUS: authenticator 3C 62 99 46 6E BA 39 24 - AB CF A6 D4 12 83 2D B8
Nov 26 08:55:59: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 26 08:55:59: RADIUS: Service-Type [6] 6 Framed [2]
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 12
Nov 26 08:55:59: RADIUS: ssg-account-info [250] 6 "AANY"
Nov 26 08:55:59: RADIUS(00001B97): Received from id 1645/156
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Authen status update; is now "authen"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: assert authen status "authen"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: send event Session Update
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: with username "user1"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session activation: ok
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Username key not found in set domain key API
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Username key does not have a delimiter in set domain key API
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Updated key list:
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: AAA-Attr-List = 3A001B08
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Framed-Protocol 0 1 [PPP]
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: service-type 0 2 [Framed]
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Access-Type = 0 (PPP)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session-Handle = 3472884087 (CF000177)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SHDB-Handle = 3388997707 (CA00004B)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Input Interface = "TenGigabitEthernet0/1/0.299"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Converted-Session = 0 (NO)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Media-Type = 1 (Ethernet)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Authen-Status = 0 (Authenticated)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Nasport = PPPoEoVLAN: slot 0 adapter 1 port 0 sub-interface 299 IP 0.0.0.0 VPI 0 VCI 0 VLAN 299
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Protocol-Type = 0 (PPP Access Protocol)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Final = 1 (YES)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Auth-User = "user1"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SM Policy invoke - Process Config Connecting
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Access type PPP
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Access type PPP: final key
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Config Request from Client
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Event <got process config req>, State: wait-for-events to wait-process-config-complete
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Process Config
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Apply config request set to AAA list
Config: Framed-Protocol 0 1 [PPP]
Config: service-type 0 2 [Framed]
Config: ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Sending apply-config-only request to AAA
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SSS PM: Allocating per-user profile info
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SSS PM: Add per-user profile info to policy context
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Root SIP PPPoE
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPPoE parsing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPP parsing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[0]: Snapshot captured in Active context
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[0]: Active context created
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <make request>, state changed from idle to authorizing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active key set to Auth-User
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Authorizing key apply-config-only
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Spoofed AAA reply sent for key apply-config-only
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Received an AAA pass
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: [7FBB6473CB60]:Reply message not exist
Initial attr Framed-Protocol 0 1 [PPP]
Initial attr service-type 0 2 [Framed]
Initial attr ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Could not parse AAA interim interval
Nov 26 08:55:59: COA_HA: [ERR] Unable to get coa_ctx from shdb 0xCA00004B
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: RULE: Service Name = ANY Ok
Nov 26 08:55:59: SSS PM: PARAMETERIZED-QoS: QOS parameters
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: RULE: VRF Parsing routine:
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS PM: VPDN is not enabled
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Feature
Nov 26 08:55:59: Portbundle Hostkey: portbundle not configured on the router
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[34E0B60] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[40FD520] parsed as Ignore
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPPoE[357ECE0] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP Root parser not installed
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <service not found>, state changed from authorizing to complete
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: No service authorization info found
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active Handle present - 94000170
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Apply config handle [2D001B9D] now set to [B3001B00]
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Freeing Active Handle; SSS Policy Context Handle = 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[2113]: Released active handle
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: store profile "apply-config-only"
Nov 26 08:55:59: SSS PM: PROFILE-DB: is profile "apply-config-only" in DB
Nov 26 08:55:59: SSS PM: PROFILE-DB: Computed hash value = 669264914
Nov 26 08:55:59: SSS PM: PROFILE-DB: Yes, but is a new version
Nov 26 08:55:59: SSS PM: PROFILE-DB: create "apply-config-only"/7FBB636AB768 hdl 65001B90 ref 1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: create 7FBB636AF8A8, ref 1
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <free request>, state changed from complete to terminal
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Cancel request
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Author Not Found Event
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Create context 7FBB6473CF00
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: key lists to append are empty
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Authen status update; is now "unauthen"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: IDMGR: assert authen status "unauthen"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: SERVICE [ANY]: Parent 7FBB6473CB60
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: SERVICE [ANY]: Started yet? No
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: IDMGR: service not started yet; can't update
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Did not update authen status to IDMGR
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Username key not found in set domain key API
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Username key not found in set domain key API
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Updated NAS port for AAA ID 7063
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: IDMGR: send event Session Update
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Client block is NULL in get client block with handle 150009C2
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Updated key list:
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Logon-Service = "ANY"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Nasport = PPPoEoVLAN: slot 0 adapter 1 port 0 sub-interface 299 IP 0.0.0.0 VPI 0 VCI 0 VLAN 299
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Access-Type = 11 (Web-service-logon)
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Authen-Status = 1 (Unauthenticated)
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Session-Handle = 3472884087 (CF000177)
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Service Command-Handler Policy invoke - Service-Start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Access type Web-service-logon
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Looking for a rule for event service-start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Intf CloneSrc Vt2: service-rule any: None
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Intf InputI/f Te0/1/0.299: service-rule any: None
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Glob: service-rule any: default-internal-rule
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Evaluate "default-internal-rule" for service-start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event account-logon"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event idle-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event session-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event keepalive-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event flow-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Matched "default-internal-rule/always event service-start"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Matched "default-internal-rule/always event service-start/1 service-policy type service identifier service-name"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: Start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SSS PM CCM: Found SHDB handle 0xCA00004B for policy context 0x7FBB6473CB60
Nov 26 08:55:59: SSS PM CCM: [SESSION PM EVENT] Event = NEW-REQUEST (ctx: 0x7FBB6473CB60, action: APPLY-SERVICE)
Nov 26 08:55:59: SSS PM HA: Dynsess not required shdb = 0xCA00004B spol_ctx = 0x7FBB6473CB60
Nov 26 08:55:59: SSS PM CCM: Set PM HA as not ready (session 0xCA00004B) successfully
Nov 26 08:55:59: SSS PM HA: Adding an action (type APPLY-SERVICE) into the PM HA queue
Nov 26 08:55:59: SSS PM HA: NE: In policy_ha_add_session_info, shdb=0xCA00004B, last=APPLY-SERVICE (6)
Nov 26 08:55:59: SSS PM HA: In policy_ha_nett_effect_process: ctx=0x7FBB5EBC8FC0, action-type=APPLY-SERVICE, event=SERVICE-START, state=INIT-STATE
Nov 26 08:55:59: SSS PM HA: NE: Didn't find any duplicate service-apply action
Nov 26 08:55:59: SSS PM HA: Setting current elem, from 0x0 to 0x7FBB5EBC4BF8
Nov 26 08:55:59: SSS PM CCM: New bulk session (shdb 0xCA00004B), ctx 0x7FBB6473CB60, dsess_hdl 0x0, APPLY-SERVICE OK
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: Have key Logon-Service
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: This service ANY is marked as not cancelled
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: State: initial-req to check-auth-needed
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Event <send auth>, State: check-auth-needed to authorizing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Handling AAA service Authorization
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Sending AAA request for 'ANY'
Nov 26 08:55:59: SVM [ANY]: needs downloading
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: service "ANY" not in cache; needs download
Nov 26 08:55:59: SVM [430000BB/ANY]: allocated version 1
Nov 26 08:55:59: SVM [430000BB/ANY]: [150009C2]: client queued
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Download:150009C2] locked 0->1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: download required
Nov 26 08:55:59: SVM [430000BB/ANY]: [AAA-Download:7FBB6280D928] locked 0->1
Nov 26 08:55:59: SSS AAA AUTHOR: Authorization:Fetching method list from SIP:Web-service-logon
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: using named author method list "FREERADIUS"
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Root SIP PPPoE
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPPoE parsing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPP parsing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable Web-service-logon parsing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[0]: Snapshot captured in Active context
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[0]: Active context created
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <make request>, state changed from idle to authorizing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active key set to Apply-Service
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Authorizing key ANY
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Set authorization profile type to service
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: AAA request sent for key ANY
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: Downloading service "ANY"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: Start
Nov 26 08:55:59: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Nov 26 08:55:59: RADIUS(00000000): Config NAS IP: 10.0.6.21
Nov 26 08:55:59: RADIUS(00000000): Config NAS IPv6: ::
Nov 26 08:55:59: RADIUS(00000000): sending
Nov 26 08:55:59: RADIUS: nas-port-id(87) is not found in the request
Nov 26 08:55:59: RADIUS(00000000): Send Access-Request to 10.0.6.10:1812 id 1645/157, len 55
Nov 26 08:55:59: RADIUS: authenticator B3 F6 A3 5E 7D D8 01 9E - 72 A5 4E D0 79 32 0C 11
Nov 26 08:55:59: RADIUS: User-Password [2] 18 *
Nov 26 08:55:59: RADIUS: User-Name [1] 5 "ANY"
Nov 26 08:55:59: RADIUS: Service-Type [6] 6 Outbound [5]
Nov 26 08:55:59: RADIUS: NAS-IP-Address [4] 6 10.0.6.21
Nov 26 08:55:59: RADIUS(00000000): Sending a IPv4 Radius Packet
Nov 26 08:55:59: RADIUS(00000000): Started 5 sec timeout
Nov 26 08:55:59: RADIUS: Received from id 1645/157 10.0.6.10:1812, Access-Accept, len 240
Nov 26 08:55:59: RADIUS: authenticator F2 BB 14 5D 90 BC 76 91 - 8C B3 9B 55 75 69 4A 6B
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 54
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 48 "ip:traffic-class=in access-group name CM_T_ANY"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 40
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 34 "ip:traffic-class=in default drop"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 55
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 49 "ip:traffic-class=out access-group name CM_T_ANY"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 41
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 35 "ip:traffic-class=out default drop"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 30
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 24 "prepaid-config=PREPAID"
Nov 26 08:55:59: RADIUS/DECODE(00000000): There is no General DB. Reply server details may not be recorded
Nov 26 08:55:59: RADIUS(00000000): Received from id 1645/157
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Received an AAA pass
Initial attr traffic-class 0 "in access-group name CM_T_ANY"
Initial attr traffic-class 0 "in default drop"
Initial attr traffic-class 0 "out access-group name CM_T_ANY"
Initial attr traffic-class 0 "out default drop"
Initial attr prepaid-config 0 "PREPAID"
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Could not parse AAA interim interval
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Prepaid config= PREPAID
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:No prepaid context in policy context; allocing
Nov 26 08:55:59: SSS PM: PARAMETERIZED-QoS: QOS parameters
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE: VRF Parsing routine:
traffic-class 0 "in access-group name CM_T_ANY"
traffic-class 0 "in default drop"
traffic-class 0 "out access-group name CM_T_ANY"
traffic-class 0 "out default drop"
Nov 26 08:55:59: SSS PM: VPDN is not enabled
Nov 26 08:55:59: SVM [430000BB/ANY]: Set class ids: 228.229
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Feature
Nov 26 08:55:59: SSF[ANY/QoS Policy Map]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/TC]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Service Config]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/IP Config]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Interface Config]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Compression]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Modem-on-hold]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Static Routes]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/IPX Static SAPs]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Per-User ACL]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Per-User Filter]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Portbundle Hostkey]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/DHCPv6 PD from AAA]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Keepalive]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Tariff Switching]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Forced Flow Routing]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Templating End of Transaction]: TC flow does not support this feature
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[34E0B60] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[40FD520] parsed as Ignore
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPPoE[357ECE0] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP Root parser not installed
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP Web-service-logon parser not installed
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <service not found>, state changed from authorizing to complete
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: No service authorization info found
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active Handle present - B5000171
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Attr list is NULL, apply config handle [0] not reset
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Freeing Active Handle; SSS Policy Context Handle = 150009C2
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[2113]: Released active handle
Nov 26 08:55:59: SSS PM [7FBB6473C080]: Create context 7FBB6473C080
Nov 26 08:55:59: SSS PM: PROFILE-DB: is profile "ANY" in DB
Nov 26 08:55:59: SSS PM: PROFILE-DB: Computed hash value = 1769891265
Nov 26 08:55:59: SSS PM: PROFILE-DB: No, add new list
Nov 26 08:55:59: SSS PM: PROFILE-DB: create "ANY"
Nov 26 08:55:59: SSS PM: PROFILE-DB: create "ANY"/7FBB636AB6A8 hdl CF001B0C ref 1
Nov 26 08:55:59: SVM [430000BB/ANY]: downloaded first version
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SVM download for "ANY" ok
Nov 26 08:55:59: SVM [430000BB/ANY]: [150009C2]: client download ok
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-to-client-msg:150009C2] locked 0->1
Nov 26 08:55:59: SVM [430000BB/ANY]: [AAA-Download:7FBB6280D928] unlocked 1->0
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <free request>, state changed from complete to terminal
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Cancel request
Nov 26 08:55:59: SSS PM [7FBB6473C080]: Destroy context 7FBB6473C080
Nov 26 08:55:59: SSS PM: [PARAMETERIZED-QoS]: In removed_from_rbpl_ctx_temp_hold for policy handle[ED0009C3
Nov 26 08:55:59: SSS PM: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [ED0009C3], nothing to return
Nov 26 08:55:59: COA_CCM: [SESSION FREE] Policy ctx: 0x7FBB6473C080
Nov 26 08:55:59: COA_CCM: Free session - Ignoring policy context 0x7FBB6473C080 (not our session)
Nov 26 08:55:59: SSS PM CCM: [SESSION FREE] policy ctx: 0x7FBB6473C080
Nov 26 08:55:59: SSS PM CCM: [ERR] Free session - Ignoring policy context 0x7FBB6473C080 (not our HA session)
Nov 26 08:55:59: CH-UTILS: Invalid command handle
Nov 26 08:55:59: SSS PM [7FBB6473C080]: PROFILE: destroy all config
Nov 26 08:55:59: SSS PM [7FBB6473C080]: SSS PM: destroy all user profile info from policy context
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: SVM service download success
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: download completed for "ANY" version 1
Nov 26 08:55:59: SVM [430000BB/ANY]: alloc feature info
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-Feature-Info:7FBB636DD648] locked 0->1
Nov 26 08:55:59: SVM [430000BB/ANY]: has Policy info
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Info:7FBB6484BDC0] locked 0->1
Nov 26 08:55:59: SVM [430000BB/ANY]: has Policy info
Nov 26 08:55:59: SSS PM CCM: Poisoning session for SHDB 0xCA00004B.
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Info:7FBB6484BD60] unlocked 1->0
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: store profile "ANY"
Nov 26 08:55:59: SSS PM: PROFILE-DB: incremented ref "ANY"/7FBB636AB6A8 hdl CF001B0C ref 2
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: create 7FBB636AF880, ref 1
Nov 26 08:55:59: SVM [430000BB/ANY]: populated client
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Download:150009C2] unlocked 1->0
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-to-client-msg:150009C2] unlocked 1->0
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE: VRF/Classname Check: session logging off or not VRF/Classname dependent
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Handling Author Not Found Event
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Feature info: 7FBB636DD648 Type: Service Config
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: : Config level: Service Profile
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: : IDB type: Sub-if or not required
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: : 16 bytes:
SSS PM [uid:201][7FBB6473CF00]: : Data: 000000 00 00 43 00 00 BB EA 00 ..c.....
SSS PM [uid:201][7FBB6473CF00]: : Data: 000008 00 15 15 00 09 C2 00 00 ........
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Service starting
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: SERVICE [ANY]: Parent 7FBB6473CB60
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Service:7FBB53EE6050] locked 0->1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: SERVICE [ANY]: Start-pending request: Ok
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Event <srvf not found>, State: authorizing to check-auth-needed
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Handling Next Authorization Check
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: Continue
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: No more actions to run
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: Continue
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: Give default directive
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[2]: Continue
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[2]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Event <srvf found>, State: check-auth-needed to wait-for-events
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: All auto services downloaded and cached,proceed with rule execution
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Service Command-Handler Policy invoke - Auto Services Downloaded
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session contans a prepaid svc
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Config Apply to SM
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SSS PM: config_applied is set for Per-User handle [8D0000CB]
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSS PM: SSS PM: Added peruser feature infos when config_applied already set
Nov 26 08:55:59: SSF[uid:201:0.1]: L2HW Segment init returned: Success
Nov 26 08:55:59: SSF[uid:201:0.1]: Sending Apply Config Request to FM
Nov 26 08:55:59: SSF Owner[]: rcv owner avail msg: owner type 4, owner hdl 0x7FBB57E18088, old seg hdl 0, msg seg hdl 872415490, fsb 0x0
Nov 26 08:55:59: SSF Owner [Vi2.1/uid:0]: Created fsb, owner type 4, owner hdl 0x7FBB57E18088, fsb 0x7FBB64D54F88
Nov 26 08:55:59: SSF Owner [Vi2.1/uid:0]: FSM Ev: Owner info avail
Nov 26 08:55:59: FSM Old St: SSF Owner InActive
Nov 26 08:55:59: FSM New St: SSF Owner Owner-Ready
Nov 26 08:55:59: FSM: Act owner avail
Nov 26 08:55:59: SSF[uid:201:0.1]: Received a config apply request from Swidb for segment 7FBB648AEFB0
Nov 26 08:55:59: SSF[Vt2/uid:201:0.1]: Apply Interface configured features from source(7FBB6366B1D8)
Nov 26 08:55:59: SSF[Vt2]: Bind notify. Incremented ref count: 1
Nov 26 08:55:59: SSF[Vt2/uid:201:0.1]: Segment bound to a Interface configuration source Success
Nov 26 08:55:59: SSF[ANY/uid:201:0.1]: Apply Service Profile configured features from source(430000BB)
Nov 26 08:55:59: SSF[uid:201:0.1]: Request flow segment context to be created
Nov 26 08:55:59: SSF[uid:201:0.1]: L2HW Segment init returned: Success
Nov 26 08:55:59: SSF[ANY/uid:201:228.229]: Apply Service Profile configured features from source(430000BB)
Nov 26 08:55:59: SVM [430000BB/ANY]: [FM-Bind:CF000177] locked 0->1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SERVICE [ANY]: Bind notify: Ok
Nov 26 08:55:59: SSF[ANY/uid:201:228.229]: Segment bound to a Service Profile configuration source Success
Nov 26 08:55:59: SSF[Peruser/uid:201:0.1]: Apply Per-user configured features from source(8D0000CB)
Nov 26 08:55:59: SSF[Peruser/uid:201:0.1]: Segment bound to a Per-user configuration source Success
Nov 26 08:55:59: SSF[uid:201:0.1]: L2HW Activate features returned: Success
Nov 26 08:55:59: SSF[uid:201:0.1]: Sent feature apply success msg
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-Feature-Info:7FBB636DD648] unlocked 1->0
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SM Policy invoke - Apply Config Success
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session contans a prepaid svc
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Sending first author request
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Event DO_FIRST_AUTHOR, State: INIT to PROCESSING_FIRST_AUTHOR
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Performing action: PROCESS_FIRST_AUTHOR
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Suspending first author till IPCP_PASS
Nov 26 08:55:59: SSF[Peruser]: Did not locate push peruser bind mapping
Nov 26 08:55:59: SSS PM: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [260009C1], returning compatible
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Event <got apply config success>, State: wait-process-config-complete to wait-for-events
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Apply Config; SUCCESS
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: session start done
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Removed attribute list just processed
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SERVICE [ANY]: Complete-Pending
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: service start
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: send event Service Assert
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: with service name "ANY"
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: assert authen status "authen"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: send event Service Update
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: with service name "ANY"
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: IDMGR: update service
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: IDMGR: send event Service Update
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: IDMGR: with service name "ANY"
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SERVICE [ANY]: Started
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: no callback for callback north
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Null client block; Can't update RP
asr-1002x-01#
Nov 26 08:55:59: RADIUS: Acct-Delay-Time [41] 6 0
Nov 26 08:55:59: RADIUS(00001B97): Sending a IPv4 Radius Packet
Nov 26 08:55:59: RADIUS(00001B97): Started 5 sec timeout
Nov 26 08:55:59: RADIUS: Received from id 1646/205 10.0.6.10:1813, Accounting-response, len 20
Nov 26 08:55:59: RADIUS: authenticator 18 6B 22 E6 3F 56 1A 4A - 73 83 5C 79 BD 38 24 8A
asr-1002x-01#
SSS Switch: Pak 7FBB4D5B6D28 sz 14 encap 2
Nov 26 08:56:01: 000000 C0 21 09 7E 00 0C 0C 11 D!N~....
Nov 26 08:56:01: 000008 3B ED FA D5 8D F4 ;.....
Nov 26 08:56:01: SSF: Classified on Layer 2
Config:
! Last configuration change at 16:45:50 TMN Tue Nov 25 2014 by lion
! NVRAM config last updated at 16:45:51 TMN Tue Nov 25 2014 by lion
version 15.3
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
hostname asr-1002x-01
boot-start-marker
boot system flash bootflash:asr1002x-universalk9.03.10.03.S.153-3.S3-ext.SPA.bin
boot-end-marker
aqm-register-fnf
vrf definition Mgmt-intf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
vrf definition Voice
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
logging buffered 1024000 informational
aaa new-model
aaa group server radius freeradius
server-private 10.0.6.10 auth-port 1812 acct-port 1813 key 7 142417081E013E
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
aaa group server radius billing
server-private 10.0.6.102 auth-port 1812 acct-port 1813 key 7 06150A225E4B1D
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
aaa authentication login default local
aaa authentication ppp LOCAL_AUTH local
aaa authentication ppp FREERADIUS group freeradius
aaa authentication ppp BILLING group billing
aaa authorization console
aaa authorization exec default local
aaa authorization network LOCAL_AUTH none
aaa authorization network FREERADIUS group freeradius
aaa authorization network BILLING group billing
aaa authorization subscriber-service FREERADIUS local group freeradius
aaa authorization subscriber-service BILLING local
aaa accounting delay-start all
aaa accounting delay-start extended-delay 2
aaa accounting update periodic 5
aaa accounting include auth-profile framed-ip-address
aaa accounting include auth-profile framed-ipv6-prefix
aaa accounting include auth-profile delegated-ipv6-prefix
aaa accounting network FREERADIUS start-stop group freeradius
aaa accounting network BILLING start-stop group billing
aaa server radius dynamic-author
client 10.0.6.102 vrf Mgmt-intf server-key 7 120A0014000E18
client 10.0.6.10 server-key 7 094F471A1A0A
port 1645
auth-type any
ignore session-key
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone TMN 5 0
no ip source-route
no ip domain lookup
ip domain name local
ip host service 10.0.6.101
ip dhcp excluded-address vrf Voice 10.3.0.0 10.3.127.255
ip dhcp pool Voice
vrf Voice
network 10.3.0.0 255.255.0.0
ipv6 unicast-routing
ipv6 dhcp iana-route-add
ipv6 dhcp binding track ppp
ipv6 dhcp pool dhcpv6_pool_60
prefix-delegation pool ppp_delegate_60_v6_pool
accounting BILLING
ipv6 dhcp pool dhcpv6_pool_56
prefix-delegation pool ppp_delegate_56_v6_pool
accounting BILLING
ipv6 dhcp pool AAA_dhcpv6_pool
prefix-delegation aaa method-list BILLING
subscriber feature prepaid PREPAID
threshold time 0 seconds
threshold volume 1 Kbytes
interim-interval 1 minutes
method-list author FREERADIUS
method-list accounting FREERADIUS
password cisco
flow monitor MON1
record netflow ipv4 original-output
multilink bundle-name authenticated
no virtual-template snmp
license accept end user agreement
archive
log config
logging enable
logging size 300
hidekeys
path tftp://service/config/all/$h-$t
write-memory
spanning-tree extend system-id
redundancy
mode none
redirect server-group NoMoney
server ip A.B.198.3 port 80
redirect server-group NoMoneyDNS
server ip A.B.198.10 port 53
cdp run
ip tftp source-interface GigabitEthernet0
ip ssh version 2
lldp run
class-map type traffic match-any CM_ANY6
match access-group input name CM_T_ANY6
match access-group output name CM_T_ANY6
class-map type traffic match-any CM_ANY
match access-group input name CM_T_ANY
match access-group output name CM_T_ANY
class-map type traffic match-any CM_T_NoMoney_REDIRECT_DNS
match access-group input name CM_T_NoMoney_REDIRECT_DNS
class-map type traffic match-any CM_T_NoMoney_REDIRECT_WWW
match access-group input name CM_T_NoMoney_REDIRECT_WWW
class-map type traffic match-any CM_T_NoMoney_PASS
match access-group input name CM_T_NoMoney_PASS
match access-group output name CM_T_NoMoney_PASS
policy-map type service NoMoney10
10 class type traffic CM_T_NoMoney_PASS
class type traffic default in-out
drop
policy-map type service NoMoney500
500 class type traffic CM_T_NoMoney_REDIRECT_WWW
redirect to group NoMoney
class type traffic default in-out
drop
policy-map type service NoMoney510
510 class type traffic CM_T_NoMoney_REDIRECT_DNS
redirect to group NoMoneyDNS
class type traffic default in-out
drop
policy-map type service Any
1 class type traffic CM_ANY
prepaid config PREPAID
class type traffic default in-out
drop
policy-map type service Any6
1 class type traffic CM_ANY6
prepaid config PREPAID
class type traffic default in-out
drop
policy-map pol2
policy-map pol1
policy-map PM_SPEED_NONE
class class-default
policy-map rate_10m
class class-default
police 10000000 1000000
policy-map PM_TEST
class class-default
police 1000000
policy-map rate_1m
class class-default
police 1000000 100000
policy-map PM_SPEED_8M
class class-default
police 9000000
policy-map rate_out_10m
class class-default
police 10000000 1000000
policy-map rate_in_10m
class class-default
police 10000000 1000000
no crypto isakmp default policy
no crypto ipsec transform-set default
bba-group pppoe 1
virtual-template 1
vendor-tag circuit-id service
vendor-tag remote-id service
sessions per-mac limit 2
bba-group pppoe 2
virtual-template 2
vendor-tag circuit-id service
vendor-tag remote-id service
sessions per-mac limit 2
interface Null0
no ip unreachables
no ipv6 unreachables
interface Loopback0
ip address A.B.196.6 255.255.255.255
ipv6 address 2001:7f8::20/128
ipv6 enable
interface Loopback2
ip address A.B.198.1 255.255.255.0
interface GigabitEthernet0/0/0
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/1
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/2
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/3
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/4
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/5
no ip address
negotiation auto
cdp enable
interface TenGigabitEthernet0/1/0
mtu 9000
no ip address
load-interval 30
cdp enable
hold-queue 4096 in
interface TenGigabitEthernet0/1/0.9
encapsulation dot1Q 9
ip address A.B.196.5 255.255.255.254
ip nat outside
ip flow monitor MON1 input
ip flow monitor MON1 output
ipv6 address 2001:7f8:0:1::2:1/127
ipv6 nd ra suppress
interface TenGigabitEthernet0/1/0.34
description DM_Inet
encapsulation dot1Q 34
ip unnumbered Loopback2
ip nat outside
service-policy input PM_SPEED_NONE
service-policy output PM_SPEED_NONE
interface TenGigabitEthernet0/1/0.96
description DM_Datacenter
encapsulation dot1Q 96
ip unnumbered Loopback2
ip nat outside
service-policy input PM_SPEED_NONE
service-policy output PM_SPEED_NONE
interface TenGigabitEthernet0/1/0.298
description IPoE test
encapsulation dot1Q 298
ip unnumbered Loopback2
ip nat outside
interface TenGigabitEthernet0/1/0.299
description PPPoE Test
encapsulation dot1Q 299
pppoe enable group 2
interface TenGigabitEthernet0/1/0.300
encapsulation dot1Q 300
vrf forwarding Voice
ip address 10.3.0.1 255.255.0.0
interface TenGigabitEthernet0/1/0.21000
description PPPoE
encapsulation dot1Q 2 second-dot1q 1000-1999
pppoe enable group 1
pppoe max-sessions 10000
interface TenGigabitEthernet0/1/0.2002000
description client 2000
encapsulation dot1Q 200 second-dot1q 2000
ip unnumbered Loopback2
ip nat outside
service-policy input PM_SPEED_8M
service-policy output PM_SPEED_8M
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.0.6.21 255.255.255.0
negotiation auto
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
no ip redirects
no ip proxy-arp
ip nat inside
ip verify unicast reverse-path
ip tcp adjust-mss 1452
no logging event link-status
ipv6 unnumbered Loopback0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server AAA_dhcpv6_pool
peer default ip address pool pool192_168
keepalive 60
ppp authentication chap ms-chap-v2 BILLING
ppp authorization BILLING
ppp accounting BILLING
ppp ipcp dns A.B.198.10
interface Virtual-Template2
description Testing PPPoE
mtu 1492
ip unnumbered Loopback0
no ip redirects
no ip proxy-arp
ip nat inside
ip verify unicast reverse-path
ip tcp adjust-mss 1452
no logging event link-status
ipv6 unnumbered Loopback0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server AAA_dhcpv6_pool
peer default ip address pool pool192_168
keepalive 60
ppp authentication chap ms-chap-v2 FREERADIUS
ppp authorization FREERADIUS
ppp accounting FREERADIUS
ppp ipcp dns A.B.198.10
ip local pool pool172_17 172.17.0.1 172.17.255.254
ip local pool pool192_168 192.168.128.0 192.168.255.254
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat pool nat_pool A.B.196.65 A.B.196.127 netmask 255.255.255.0
ip nat inside source list nat pool nat_pool overload
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 A.B.196.4
ip route A.B.196.128 255.255.255.128 Null0 100
ip route A.B.197.0 255.255.255.0 Null0 100
ip route A.B.198.0 255.255.255.0 Null0 100
ip route A.B.198.2 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.2 name net-console-01
ip route A.B.198.3 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.3 name net-mon-01
ip route A.B.198.4 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.4 name billing-01
ip route A.B.198.5 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.5 name svyazisty
ip route A.B.198.6 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.6 name Linux_test
ip route A.B.198.7 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.7 name SCE_Console
ip route A.B.198.8 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.8 name backup-01
ip route A.B.198.9 255.255.255.255 TenGigabitEthernet0/1/0.298 A.B.198.9 name Linux_test2
ip route A.B.198.10 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.10 name dns-server
ip route A.B.198.16 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.16 name DM
ip route A.B.198.17 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.17 name DM
ip route A.B.198.18 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.18 name DM
ip route A.B.198.19 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.19 name DM
ip route A.B.198.20 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.20 name DM
ip route A.B.198.21 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.21 name DM
ip route A.B.198.22 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.22 name DM
ip route A.B.198.23 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.23 name DM
ip route A.B.198.24 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.24 name DM
ip route A.B.198.25 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.25 name DM
ip route A.B.198.26 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.26 name DM
ip route A.B.198.27 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.27 name DM
ip route A.B.198.28 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.28 name DM
ip route A.B.198.29 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.29 name DM
ip route A.B.198.30 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.30 name DM
ip route A.B.198.31 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.31 name DM
ip route A.B.198.100 255.255.255.255 TenGigabitEthernet0/1/0.2002000 A.B.198.100 name "client 100"
ip access-list extended CM_T_ANY
permit ip any any
ip access-list extended CM_T_NoMoney_PASS
permit ip any host A.B.198.3
permit ip host A.B.198.3 any
permit udp any host A.B.198.10 eq domain
permit udp host A.B.198.10 eq domain any
ip access-list extended CM_T_NoMoney_REDIRECT_DNS
permit udp any any eq domain
ip access-list extended CM_T_NoMoney_REDIRECT_WWW
permit tcp any any eq www
ip access-list extended POLICE_EXCLUDE
deny ip any host A.B.198.3
deny ip host A.B.198.3 any
permit ip any any
ip access-list extended POLICE_EXCLUDE_INV
permit ip any host A.B.198.3
permit ip host A.B.198.3 any
ip access-list extended nat
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 169.254.0.0 0.0.255.255
permit ip 192.168.128.0 0.0.127.255 any
permit ip 172.17.0.0 0.0.255.255 any
ip access-list extended vty
permit ip 10.0.6.0 0.0.0.255 any
kron occurrence daily-backup at 3:24 recurring
policy-list backup_rc
kron policy-list backup_rc
cli enable
cli archive config
ipv6 route 2001:7f8:1::/48 Null0
ipv6 route 2001:7f8:2::/48 Null0
ipv6 route 2001:7f8:3::/48 Null0
ipv6 route ::/0 2001:7f8:0:1::2:0
ipv6 local pool ppp_delegate_60_v6_pool 2001:7f8:2::/48 60
ipv6 local pool ppp_delegate_56_v6_pool 2001:7f8:3::/48 56
ipv6 local pool ppp_link_v6_pool 2001:7f8:1::/49 64
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 8 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf
ipv6 access-list CM_T_ANY6
permit ipv6 any any
control-plane
line con 0
exec-timeout 30 0
logging synchronous
history size 256
stopbits 1
line aux 0
transport input ssh
transport output all
stopbits 1
line vty 0 4
access-class vty in vrf-also
exec-timeout 120 0
logging synchronous
history size 256
transport input ssh
transport output all
line vty 5 15
access-class vty in vrf-also
exec-timeout 120 0
logging synchronous
history size 256
transport input ssh
transport output all
line vty 16 97
history size 256
ntp server vrf Mgmt-intf 10.0.6.10
end -
ISG Debug - IP configuration missing for radius proxy session initiation
Folks,
We are trying to configure the ISG as a Radius-Proxy for EAP Authentication. I have configured aaa server radius proxy, clients and aaa auth radius-proxy group as per the guide. I have my interface config as follows:
interface TenGigabitEthernet0/2/0.205
encapsulation dot1Q 205
ip vrf forwarding CS
ip address 10.20.0.1 255.255.224.0
ip helper-address global 172.X.X.X
no ip redirects
no ip proxy-arp
ip tcp adjust-mss 1420
service-policy type control DEFAULT_RULES
ip subscriber l2-connected
initiator dhcp
initiator radius-proxy
arp ignore local
When I try to connect a wifi client to an AP, I can see that the AP is forwarding the Access-Request to the ISG but the ISG does not forward it to the AAA. In the ISG debug I see the following message:
RADIUS: IP configuration missing for radius proxy session initiation
Can any one help to identify what is missing here pls?
Thank You in advance!Kiran,
Did you follow this guide? It looks like the interface configuration is there but you didnt include the actual radius configuration does it follow the guide here -
http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/isg_radius_proxy.html#wp1055053
Thanks,
Tarik Admani -
Hi all!
i have got cisco 7201 with ios c7200-a3jk91s-mz.122-31.SB13.bin
This cisco works as pppoe terminator.
I need configure it for 2 services:
1. LOCAL, this is local traffic on my network w/o any limits
2. INTERNET, this is external traffic to internet with prepaid traffic 10megabyte. When limit is depleted all traffic to internet must redirect to my web server
Volume quota must setup via radius (FreeRadius).
I read http://www.cisco.com/en/US/docs/ios/12_2sb/isg/configuration/guide/isbprpd.html
But i do not understand how i can do it in my case.
Can anybody help me?You would fall under the 4G LTE Jetpack prepaid plan options. See below for details:
4G LTE Jetpacks
Access Charge
Data Allowance
By the Week
$15
250MB
By the Month
$60
3GB
By the Month
$90
10GB
No activation or reconnection fees and no overage charges.
Visit a VZW store or contact the VZW sales line via the 1-800. -
L4 Redirect-CaptivePortal-DHCP-Radius Attributes
Hello Everyone,
I have the below problem with configuration described below.The project is actually ready, we have configured basic routing.Please help
Descripion: There is an ASR1006 Router in the network that serves as an Intelligent Service Gateway (ISG). Subscribers are layer 2 connected and subscriber sessions are initiated on a DHCP request. ISG is configured as a DHCP relay agent. Wi-Fi clients connect to the WLAN using Open SSID and are being redirected to a Web Portal where they enter their login info. This info is sent to RADIUS server which checks if the user is allowed to use Internet service. All the APs are connected o WLC using CAPWAP. The question is the following: there is a requirement to track from which AP a particular Wi-Fi clients is connected. In this case ISG needs somehow to obtain AP’s mac address and send it to the Radius server (probably using attribute 30 – Called-station-id). One possible way for ISG to obtain AP’s mac is via WLC. But the thing is that when WLC is configured as DHCP proxy and Option 82 is set, a wireless client does not obtain IP address via DHCP. In this particular case there two DHCP relay/proxy in the network path between client and DHCP server.
Wi-Fi client ---- AP ---- WLC (DHCP Proxy) ---- ISG (DHCP Relay) ---- DHCP Server.
Has anyone faced with such problem? Is there any other away for ISG to obtain AP’s mac address?Hi Scott,
Thanks for your reply, would you explain why is the DHCP option 82 on the controller. In our case ISG would receive this information in DHCP option 82 from the controller and send to radius.
When we add DHCP option 82 in the controller wifi user does not AP address from DHCP server., without this option user receives ip but ISG does not send AP to the radius or maybe does not receive this information
Best Regards
Tural L -
I have deployed 2 different web application on IIS 7.5 running on Windows Server 2008 R2 but on different port numbers i.e. one application deployed on port no. 1776 and another on 8091. I want to rewrite URL in such a way that if i hit any page of first
application such as default.aspx then it will be redirected to particular page of another application along with some changes in url.
Example: if i access any page from first application like:
http://g2wv126rbsc:1776/sites/main/commercial/commercial-solutions/financing/default1.aspx
then it should redirect to specific page of another application along with some changes in url:
http://g2wv126rbsc:8091/main/commercial/commercial-solutions/financing/default2.aspx
Note: In above mentioned url, also removed "sites".
I tried to create a inbound rule through URL Rewrite module (installed on IIS 7.5) by selecting Action as "Rewrite" but didn't find any success.
I need some examples if anyone has come across same kind of issue.
Thanks in advance.Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).
-
How to pen new window while redirecting to a page
Hi,
I have a jsppage 1,jsppage 2 and aspPage. In jsp2 I am getting the
values from jsp1 using request.getParameter("hhhh").Once I get
all values in jsp2 , as soon as I got the values I need to redirect to asp from jsp2.
I don't have any form or any button in jsp2.When I do submit in jsp1,
immediately it has to open asp page in new window. My question is how
I open the asp in new window in this redirection case .....?.
I tried this way but not working ...
WebsiteUtils.sendRedirect(request,response,window.open("ASP page"));
I know if I have submit button in jsp2 I can write a javascriptfunction
to opennew window but here the case is different....
Appreciate your reply.
ThanksOn jsppage1, instead of using a from submit button, you can create abutton and write th onClick as
<input type="button" value="OK" onClick="window.open('jsppage2.jsp','win2');">
Now in Jsppage2.jsp, after doing all the processing, use sendRedirect to call jsppage3.jsp.
Since jsppage2 is never being displayed, page3 will bw the one which will be shown in the new window opened by the name win2 on onClick.
If I have understood your requirement correctly, then this should work for you as I have tried it out. -
How can i redirect to with one button to different pages!
Hi All,
For any application, for the first time,if a new table exists then there will no data in that table.
based on this scenerio,in my application,i am handling apex validation staying that "you have no data. Please click here to go Reset symbol page.
when it redirects to Reset symbol i am providing a text box and with a button. Once there enter a symbol and click on button it will inert in that table and again redirects to Home page for say-39.
simillarly what are the functionality available in home page i had implemented same thing but only it differs page no for say-115.
In both the scenerio's i will be redircting reset Symbol page where there can insert a symbol explained in above scenerio case.
My problem is when i am throwing the error msg from page-39 i am redirecting to Reset symbol and when there enter symbol and click on button again i will be redirection t page -39 because the error had came from page-39.
If the same error comes from page-115 then also i will redirecting to same Reset Symbol where there will be entering symbol and click on button, in this case it should redirect to page-115 instead of page-39 because i have got error from page-115 but not from page-39.
How to handle the above scenerio, please help me out.
Thanks in advance,
Anoo.Hi Andy,
Thanks for your suggestion, it is working fine..But i am facing one problem in page 115, i have two regions and both regiosn have same name but only difference is items names.. when i had tried to rediect to page-115 the umwanted one regions is showing instead of expected region. It is getting failed here bec it is rediecting to differnet region.
Any suggestion on this!
Thanks,
Anoo.. -
How can I redirect a URL with aliases or redirect?
Hi all,
I have this partially working on my servers, but am not 100% sure I am doing this corerectly.
Basically I have a Web site domain, let's call it product.com
In server admin I have a site set up called www.product.com under port 80 and another under port 443 for my SSL pages.
Here is my problem: If a customer types "product.com" in their favorite Web browser address bar, I would very much like the server to automatically redirect them (if that's the correct term) to "www.product.com" Currently they would end up on http://product.com/index.html when they key in the URL without the "www" I am concerned this is hurting my SEO and Google analytics as well as being an issue internally for PHP pages that are coded to the "www" addresses.
I also have a sign-in page for my clients at the address: http://www.product.com/lib/app/auth/authenticate.php. When a client types "signin.product.com" I want them to go to that long URL for the sign-in page. I have gotten this to work by setting up a new Site in Server Admin > Web > Sites named "signin.product.com" which then has a single entry on the redirect tab with the URL of the signin page above. Not sure if that could have been done on the core Web site (www.product.com) or if that was the way I should do it under Server Admin or if there is an easier way to do it.
Primarily I want to be able to handle redirecting any type of subdomain "xxx.product.com" to another address. The primary one I want to deal with now is the "product.com" redirecting to "www.product.com"..... Should I just set up another Web site in Server Admin with a redirect like I did for "signin.product.com"?
Any advice on doing proper redirection appreciated.
-- JonThere are so many ways you could do this. You need to pick what's right for you.
Some of the options are available through the GUI. Many more are available once you get under the hood and drive Apache directly. Your skill and comfort level will undoubtedly influence which path you take.
At the first level, Apache groups sites together by the hostname used to access the site.
If you want 'www.product.com' to go to the same place as product.com you could create one site with an alias, so that Apache uses the same 'site' configuration for both hostnames.
If you want the two hostnames to do different things then you could create two sites - in this case 'www.product.com' has the full, normal site and 'product.com' has a redirect to the equivalent page on 'www.product.com'.
Within www.product.com you can also setup selective redirects to the HTTPS site. This will ensure that things like the login form are accessed securely. In this way your HTTPS site is another 'site' in Apache with the SSL configuration.
One caveat in your post is the use of 'signin.company.com'. You don't describe your network, but if you have only 1 public IP address then this is going to be an issue since you cannot easily run multiple SSL sites on a single IP address - you'll need a different public IP address for each SSL site. This is because the SSL negotiation occurs before Apache knows what site the request is for, and therefore it doesn't know which SSL certificate to use for the connection.
So, in general, you'll create one site for each variation in your web setup - one for 'www.product.com/port 80', one for 'www.product.com/port 443', one for 'product.com/80' (which redirects to 'www.product.com'), and so on. -
Using a variable in Struts config, to redirect
In the struts-config file,
to redirect to a different site, I can use
redirect="true"
and mention full path, in my <forward path=
variable.
1. Is there a better way to do it?
2. Since I have to do it in multiple places, is it possible to use a variable? I mean, something like this
<forward
name="success"
path="URL/abc.html" />
Where URL is a variable name that the site path? This way, I can reuse the variable to redirect to other pages too (xyz.html, for example)Hi there,
I don't know...is there only one URL you are using ore are there more than one? Because if it's the same path everytime you can try using this:
<forward
name="success"
path="./abc.html" />
./ // This is the shortcut for the directory you are currently using.
../ // This is the shortcut for the directory above the one you are currently using.This code should do it. If not, try to create a var named for example "vpath" and put it like this:
<forward
name="success"
path=vpath+"abc.html" />Try and tell if it worked ;)
X--spYro--X -
There are some databases/sites that I have access to when having an IP number on university campus or with a proxy. This worked well in firefox until today. When trying to visit those pages the addresses automatically change a second or two after pressing enter to something like: http://www04.sub.su.se:###/ combined with showing random webpages in the window. This seems to be something associated with firefox since I still have access to the pages in internet explorer.
For example:
If I write http://www.isiknowledge.com/ the address changes to http://www04.sub.su.se:2133/cgi-bin/[email protected].
If I want to get to scholar.google.se I get redirected to http://www04.sub.su.se:2087/
When wanting to visit http://pubs.acs.org/about.html I will end up here: http://www04.sub.su.se:2110/about.html
This problem only occurs on services where I in normal case can get access to articles in scientific journals. I have not encountered this problem in other cases/websites.
I have tried to scan my laptop for viruses with Symantec Endpoint Protection and SuperAntiSpyware 4.45.1000. But nothing suspicious was found.Hi Magsrobby,
Welcome to the forum and thanks for posting. I'm really sorry to hear you've had so many problems. I can look into this for you if you wish. Drop me an email with the details. You'll find the "contact us" form in the about me section of my profile. Once I have the details we'll take it from there.
Cheers
David
BTCare Community Mod
If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
We are sorry but we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-) -
Folder redirection to a new location is not working
Currently in SCM we have all Windows 8 users Documents and Desktop redirected to a users home folder in a Netapp share. We are planning on moving them to a Windows File Server. As a test I moved my home folder in AD to the new share. But
SCM is still redirecting my Documents and Desktop to the old share. I also tried excluding my user account from the user collection used for Folder Redirection. Created a user collection and configuration item just for my account and SCM is still
trying to redirect to the old share.
Help please
ThanksI have created a user collection with my id as a test user and also under user data and user profiles I created a user data and profiles configuration item under Folder redirection. For Desktop and documents I selected REdirect to remote and for configure
folder redirection path I checked Redirect to the users home folder . In Active Directory I made the new Windows Server share my home directory.
Thanks -
ITunes losing all music and won't redirect to correct folder
Hi there,
This morning, iTunes has lost all my music. The whole library has the little exclamation mark. Using the 'Find info' comand, I can see that iTunes is looking for them in the music folder of my internal drive. However, they've always been kept on an external drive, and when I redirect iTunes to an individual track in it's correct location, and it asks me if I'd like to use the location to find the other missing files, it fails to correct the location of the rest. I am getting this message: “iTunes was able to find 1 of 18083 missing files.” Rather frustrating...
I'm using iTunes 10, on OS 10.7.3
I have the correct iTunes media folder indicated in the advanced preferences tab.
In case it's relevant, I'm also syncing with a new iPhone 4s, which I've only had for about 3 weeks, though in terms of audio, I only sync recently added albums + podcasts.
And an additional odd behaviour that I noticed this morning was that in my iTunes Media folder, outside of the Music folder, several artist folders had appeared, each containing an album folder and one or several songs from that album, the rest of which were all in their normal locations inside the Music folder, minus the tracks in the newly-appeared folders. All very odd.
Thanks for any help,
EmmaI have finally solved this issue. Here is the solution:
1. Open iTunes
2. Select Music
3. In the upper right hand corner select Albums.
4. Under "All Albums" highlight the first album, then scroll all the way to the bottom of the page, hold down the shift key and select the last album.
5. All albums should now be selected.
6. Place the cursor over one of the albums. Press with 2 fingers on the trackpad to bring up the menu.
7. Select "Check All"
8. Congratulations - no more grayed out songs and they will sync now.
9. Go into your iPhone sync and check the songs you want to transfer and click the sync button.
I hope this helps you to resolve your issue.
NO MAX
Maybe you are looking for
-
I have a POwer MAc G5 2.7 and I want to activate my second hard drive. I tried to use it but it appears lock. I am new in Macs computers. What can I do...?
-
I've just tried to save a document in Pages and got this error Names longer than 31 characters are not supported on the destination volume Never had a problem like this before. I haven't changed disks or formatted disks. Running latest Yosemite 10.10
-
Long Running dialog work process in production ststem
Dear Friends, IIn our production system one dialog work process is running more then 5 days. i can not terminate or cancel the process.' I tried all the ways to cancel the work process. i restart the system (offline backup)
-
Firefox just had me update to firefox 5, now I lost my Yahoo toolbar, and all of my yahoo bookmarks. I really wanted to keep that. Can I go back to older version of Firefox,, or import my Yahoo bookmarks some way? This was very disappointing.
-
I have FF 15.0. When I open FF I always get following message: Norton Confidential does not support FF 1.5, as if I have 1.5. How do I fix this. Do I not have a secure site?