ISG ACCOUNTING
Hello!
I'm trying to trigger accounting notifications from an ISG Router to a Radius Server.
Whenever a IP Session is created or deleted accounting notifications should be sent to the radius server. The problem is that the aaa accounting messages are not being sent to the server.
The following configuration is applied:
aaa new-model
aaa accounting network ISG start-stop group radius
aaa session-id common
ip dhcp pool test
network 172.16.1.0 255.255.255.0
subscriber feature accounting send ssg-compatible-vsas
call rsvp-sync
no scripting tcl init
no scripting tcl encdir
class-map type traffic match-any account
policy-map type service ACC
class type traffic account
accounting aaa list ISG
interface GigabitEthernet0/1
ip address 172.16.1.1 255.255.255.0
media-type rj45
speed auto
duplex auto
negotiation auto
ip subscriber l2-connected
initiator dhcp
radius-server host 192.168.12.190 auth-port 1645 acct-port 1646 key cisco
radius-server vsa send accounting
The AAA debug output is the following:
2d18h: AAA/ACCT/HC(00000038): Register IEDGE_IP_SIP/C900002A 846Mbit/s, poll every 30.3000s
2d18h: AAA/ACCT/HC(00000038): Update IEDGE_IP_SIP/C900002A
2d18h: AAA/ACCT/HC(00000038): IEDGE_IP_SIP/C900002A [init-sess] (rx/tx) base 0/0 pre 0/0 call 0/0
2d18h: AAA/ACCT/HC(00000038): IEDGE_IP_SIP/C900002A [init-sess] (rx/tx) adjusted, pre 0/0 call 0/0
2d18h: AAA/ACCT/EVENT/(00000038): CALL START
2d18h: Getting session id for NET(00000038) : db=64EC2680
2d18h: AAA/ACCT(00000000): add node, session 46
2d18h: AAA/ACCT/NET(00000038): add, count 1
2d18h: AAA/ACCT/EVENT/(00000038): IPCP_PASS
2d18h: AAA/ACCT/NET(00000038): Method list not found
Does anybody have had any similar experience? why "method list not found" is appearing in the debug message?
Hi,
Looking at currect config, everything seems fine.
What version are you running on?
You may check this bug:
CSCsk94472 iEdge-QoS:Service accounting info is missing in"show subscriber session"
Duplicated by:
CSCsm75945 The accounting method-list is not applied correctly on ISG.
HTH
JK
Similar Messages
-
Framed IP Attribute missing in Accounting-Start messages from the ISG
Framed IP Attribute missing in Accounting-Start messages from the ISG for the TAL Users. Account-Logon users and Interim updates have the Framed-IP though.
We have the following command already enabled: aaa accounting include auth-profile framed-ip-address aaa accounting delay-start
Any ideas or workarounds please?
Debug:
Aug 27 19:36:02.213: RADIUS(00000181): Send Accounting-Request to X.X.X.X:1813 id 21647/201, len 406
Aug 27 19:36:02.213: RADIUS: authenticator 23 FC FF 1B AC 01 77 B6 - 89 FE E2 9A 4E AA 0B 32
Aug 27 19:36:02.213: RADIUS: Acct-Session-Id [44] 10 "000001BB"
Aug 27 19:36:02.213: RADIUS: Framed-Protocol [7] 6 PPP [1]
Aug 27 19:36:02.213: RADIUS: Vendor, Cisco [26] 20
Aug 27 19:36:02.213: RADIUS: ssg-service-info [251] 14 "NBWAUTHSVC01"
Aug 27 19:36:02.213: RADIUS: Vendor, Cisco [26] 34
Aug 27 19:36:02.213: RADIUS: Cisco AVpair [1] 28 "parent-session-id=000001BA"
Aug 27 19:36:02.213: RADIUS: User-Name [1] 22 "[email protected]"
Aug 27 19:36:02.213: RADIUS: Acct-Status-Type [40] 6 Start [1]
Aug 27 19:36:02.213: RADIUS: Vendor, Cisco [26] 25
Aug 27 19:36:02.213: RADIUS: Cisco AVpair [1] 19 "portbundle=enable"
Aug 27 19:36:02.213: RADIUS: Vendor, Cisco [26] 23
Aug 27 19:36:02.213: RADIUS: ssg-account-info [250] 17 "SX.X.X.X"
Aug 27 19:36:02.213: RADIUS: Calling-Station-Id [31] 19 "00-15-00-73-XX-XX"
Aug 27 19:36:02.213: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Aug 27 19:36:02.213: RADIUS: NAS-Port [5] 6 0
Aug 27 19:36:02.213: RADIUS: NAS-Port-Id [87] 11 "0/2/0/200"
Aug 27 19:36:02.213: RADIUS: Vendor, Cisco [26] 46
Aug 27 19:36:02.213: RADIUS: Cisco AVpair [1] 40 "remote-id-tag=020a00000a050001000800c8"
Aug 27 19:36:02.213: RADIUS: Vendor, Cisco [26] 36
Aug 27 19:36:02.213: RADIUS: Cisco AVpair [1] 30 "vendor-class-id-tag=MSFT 5.0"
Aug 27 19:36:02.213: RADIUS: Service-Type [6] 6 Framed [2]
Aug 27 19:36:02.213: RADIUS: NAS-IP-Address [4] 6 X.X.X.X
Aug 27 19:36:02.213: RADIUS: Ascend-Session-Svr-K[151] 10
Aug 27 19:36:02.213: RADIUS: 39 45 41 39 39 36 44 44 [ 9EA996DD]
Aug 27 19:36:02.213: RADIUS: Event-Timestamp [55] 6 1346096162
Aug 27 19:36:02.213: RADIUS: Nas-Identifier [32] 24 "LAB-RAS01"
Aug 27 19:36:02.213: RADIUS: Acct-Delay-Time [41] 6 0
Thanks in advance.It seems you already have tac case opened for this issue? Let me know if that is not the case.
-
Example of Account Login on ISG in CoA mode
We are developing an ISG Radius CoA client.
Our settings are:
* Cisco IOS Software, 7200 Software (C7200-K91P-M), Version 12.2(31)SB6, RELEASE SOFTWARE (fc1)
* Here is a snippet of our configuration for CoA:
aaa server radius dynamic-author
client 192.168.1.223 server-key xxx
server-key xxx
auth-type all
ignore session-key
The issue is that we are not able to implement the "Account Logon" procedure based on the Cisco documentation ( ISG Radius Interface http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sb/cg/isg_lib/isg_ig/isgcoa3.htm#wp1100384 ). We are not clear about the section below from this document:
"Since a CoA Account Logon request usually requires the inclusion of an encrypted password attribute, this password must be sent as Cisco VSA 249, which contains a separate authenticator for the user password (called initiator vector) followed by the encrypted user password, as detailed in Figure 6.
The initiator vector is a 16-octet pseudo-random number uniquely generated for each attribute. The encrypted value field is 16 or more octets containing data that is length-prefixed and zero padded to an even multiple of 16 octets."
We do not understand what procedure should be used for creating the encrypted password/value.
Can someone provide us more information on this with details on how to fill out subscriber-password field? An example would be especially helpful.
Thanks
SteveWe are using Java and we patched JRadius for supporting Cisco ISG CoA.
Below is the main code for the creation of the cisco subscriber value for the Cisco VSA Radius attribute.
Attached is another file with some Java classes that may help.
Steve
public class CiscoUtils {
public static byte[] makeCiscoSubscriberPasswordValue(RadiusClient rc, String password){
byte len = (byte) (password.length()&0xff);
// Encode the length into a first byte of the password (required by util)
byte[] lenPassword = new byte[1 + len];
lenPassword[0] = (byte) (len);
System.arraycopy(password.getBytes(), 0, lenPassword, 1, password.length());
byte[] authenticator = RadiusUtils.makeRFC2865RequestAuthenticator(rc.getMD(), rc.getSharedSecret());
byte[] encryptedValue = RadiusUtils.encodePapPassword(rc.getMD(), lenPassword, authenticator, rc.getSharedSecret());
byte[] result = new byte[authenticator.length + encryptedValue.length ];
System.arraycopy(authenticator, 0, result, 0, authenticator.length);
System.arraycopy(encryptedValue, 0, result, authenticator.length, encryptedValue.length);
return result; -
ISG IP Interface sessions and accounting
Hello!
I'm trying to enable accounting notifications from an ISG Router to a Radius Server for ISG ip interface sessions. For IP routed and L2-connected sessions ISG router sends accountig start, update and stop packets. But when "ip subscriber interface" is configured, session starts without accountig.
I`m running 12.2(33)SRE2 on Cisco 7201 router.
May be there is some hidden commands for enable accounting processing?You might have 'aaa accounting delay-start all' configured. If you do, Please remove and test.
Interface sessions includes all IP traffic received on a particular interface. A single ISG session is created for the entire interface. It is not associated with any particular user IP address. So with delay-start configured you will not see accounting records sent unless the the session has IP address.
If this fixes you issue, Please close the thread and rate.
Shelley. -
Example of ISG PBHK configuration
Could anyone share an example of ISG's PBHK configuration, pretty please?
i'm facing an issue when applying PBHK within the subscriber policy. Here is what i do:
policy-map type service PBHK
ip portbundle
policy-map type control ISG
class type control always event session-start
1 service-policy type service name PBHK
10 service-policy type service name S_L4R
class type control always event session-restart
1 service-policy type service name PBHK
10 service-policy type service name S_L4R
class type control always event account-logon
10 authenticate aaa list RAD_SRV
access-list 100 permit ip any host 192.168.8.227
ip portbundle
length 5
match access-list 100
source GigabitEthernet2
interface GigabitEthernet1
description endhosts
ip address 192.168.0.254 255.255.255.0
ip helper-address vrf SRV 192.168.8.228
service-policy type control ISG
ip subscriber l2-connected
initiator unclassified mac-address
interface GigabitEthernet2
description server-dhcp-int_gw
vrf forwarding SRV
ip address dhcp
ip portbundle outside
When i enable the network interface on the end host i see whole bunch of debug messages saying:
Portbundle Hostkey: Apply inbound direction from Service Profile configuration
Portbundle Hostkey[uid:33]: No free port-bundles - feature failed
Portbundle Hostkey[uid:33]: Key update: remove port-bundle 0.0.0.0:0
Portbundle Hostkey[uid:33]: Sent a PBHK session key remove
How can it be out of ports, if none of them are used?
ISG#show ip portb sta
Bundle-length = 5
Bundle-groups: -
IP Address Free Bundles In-use Bundles
192.168.8.230 2016 0Hi Arseniy,
I think the issue here may be that the PBHK source interface is in a VRF (SRV) different than the VRF of the interface where subscriber arrives (global).
I would suggest to change the PBHK source to use an interface not in a VRF. Perhaps use a loopback interface for that. You should still be able to configure ' ip portbundle outside' on the desired interface in VRF SRV.
Hope this helps. -
Hello. Just starting with ISG.
My final goal is to force ISG device to periodically check if user still has access to the service without interrupting pppoe session. if user access should be prohibited by some reason, he should be redirected to billing web-page.
First step is to make periodic check part.
Here is user profile:
user1 Cleartext-Password := "user1"
Cisco-Account-Info += "AANY",
Cisco-Control-Info += "QV1000000",
Cisco-Account-Info += "QU;10240000;D;10240000",
ANY Cleartext-Password := "cisco", Service-Type == Outbound-User
Cisco-AVPair += "ip:traffic-class=in access-group name CM_T_ANY",
Cisco-AVPair += "ip:traffic-class=in default drop",
Cisco-AVPair += "ip:traffic-class=out access-group name CM_T_ANY",
Cisco-AVPair += "ip:traffic-class=out default drop",
Cisco-AVPair += "prepaid-config=PREPAID",
Here is ASR 1002X , 03.10.03.S software:
aaa authentication ppp FREERADIUS group freeradius
aaa authorization network FREERADIUS group freeradius
aaa authorization subscriber-service FREERADIUS local group freeradius
aaa accounting network FREERADIUS start-stop group freeradius
aaa group server radius freeradius
server-private 10.0.6.10 auth-port 1812 acct-port 1813 key 7 142417081E013E
subscriber feature prepaid PREPAID
threshold time 0 seconds
threshold volume 1 Kbytes
interim-interval 1 minutes
method-list author FREERADIUS
method-list accounting FREERADIUS
password cisco
User is authenticated, service downloaded but no periodical checks coming to RADIUS and no quota get depleted.
What am i doing wrong?
asr-1002x-01#show subscriber session username user1 detailed
Type: PPPoE, UID: 200, State: authen, Identity: user1
IPv4 Address: 192.168.128.127
IPv6 Address: 2A01:8960:4::
Session Up-time: 00:22:11, Last Changed: 00:22:11
Interface: Virtual-Access2.1
Switch-ID: 4677
Policy information:
Context 7FBB6473CB60: Handle A80009BE
AAA_id 00001B1F: Flow_handle 0
Authentication status: authen
Downloaded User profile, excluding services:
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
ssg-control-info 0 "QV1000000"
ssg-account-info 0 "QU;10240000;D;10240000"
prefix 0 00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
Interface-Id 0 00 00 00 00 00 00 00 01
route 0 "2a01:8960:5::/56"
delegated-prefix 0 00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
Downloaded User profile, including services:
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
ssg-control-info 0 "QV1000000"
ssg-account-info 0 "QU;10240000;D;10240000"
prefix 0 00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
Interface-Id 0 00 00 00 00 00 00 00 01
route 0 "2a01:8960:5::/56"
delegated-prefix 0 00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
Config history for session (recent to oldest):
Access-type: Web-service-logon Client: SM
Policy event: Apply Config Success (Unapplied) (Service)
Profile name: ANY, 3 references
traffic-class 0 "in access-group name CM_T_ANY"
traffic-class 0 "in default drop"
traffic-class 0 "out access-group name CM_T_ANY"
traffic-class 0 "out default drop"
Access-type: Web-service-logon Client: SM
Policy event: Process Config Connecting (Service)
Profile name: ANY, 3 references
traffic-class 0 "in access-group name CM_T_ANY"
traffic-class 0 "in default drop"
traffic-class 0 "out access-group name CM_T_ANY"
traffic-class 0 "out default drop"
Access-type: PPP Client: SM
Policy event: Process Config Connecting
Profile name: apply-config-only, 2 references
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
ssg-control-info 0 "QV1000000"
ssg-account-info 0 "QU;10240000;D;10240000"
prefix 0 00 40 2A 01 89 60 00 04 00 00 00 00 00 00 00 00 00 00
Interface-Id 0 00 00 00 00 00 00 00 01
route 0 "2a01:8960:5::/56"
delegated-prefix 0 00 38 2A 01 89 60 00 05 00 00 00 00 00 00 00 00 00 00
Rules, actions and conditions executed:
subscriber rule-map default-internal-rule
condition always event service-start
1 service-policy type service identifier service-name
subscriber rule-map default-internal-rule
condition always event service-stop
1 service-policy type service unapply identifier service-name
Classifiers:
Class-id Dir Packets Bytes Pri. Definition
0 In 229275 13175066 0 Match Any
1 Out 714381 1038574772 0 Match Any
Features:
Static Routes:
Class-id Configuration Status Source
0 This feature is enabled Peruser
Policing:
Class-id Dir Avg. Rate Normal Burst Excess Burst Source
0 In 10240000 1920000 3840000 Peruser
1 Out 10240000 1920000 3840000 Peruser
DHCPv6 PD from AAA:
Class-id Configuration Status Source
0 This feature is enabled Peruser
Configuration Sources:
Type Active Time AAA Service ID Name
USR 00:22:11 - Peruser
INT 00:22:11 - Virtual-Template2I tried not specifying quota, but NAS never ask RADIUS for it.
For all my experiments i'm using second bba group with second virtual template and FREERADUIS aaa list.
Here's debugs:
Nov 26 08:55:57: SSS PM: ANCP not enabled on 'TenGigabitEthernet0/1/0.299' - not retrieving default shaper value
Nov 26 08:55:59: RADIUS/ENCODE(00001B97):Orig. component type = PPPoE
Nov 26 08:55:59: RADIUS: DSL line rate attributes successfully added
Nov 26 08:55:59: RADIUS(00001B97): Config NAS IP: 10.0.6.21
Nov 26 08:55:59: RADIUS(00001B97): Config NAS IPv6: ::
Nov 26 08:55:59: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Nov 26 08:55:59: RADIUS/ENCODE(00001B97): acct_session_id: 7072
Nov 26 08:55:59: RADIUS(00001B97): sending
Nov 26 08:55:59: RADIUS(00001B97): Send Access-Request to 10.0.6.10:1812 id 1645/156, len 138
Nov 26 08:55:59: RADIUS: authenticator DD A0 1E 36 65 E4 E6 38 - B0 10 9F 51 6A 11 24 09
Nov 26 08:55:59: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 26 08:55:59: RADIUS: User-Name [1] 7 "user1"
Nov 26 08:55:59: RADIUS: CHAP-Password [3] 19 *
Nov 26 08:55:59: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Nov 26 08:55:59: RADIUS: NAS-Port [5] 6 0
Nov 26 08:55:59: RADIUS: NAS-Port-Id [87] 11 "0/1/0/299"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 41
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 35 "client-mac-address=000c.2964.a91e"
Nov 26 08:55:59: RADIUS: Service-Type [6] 6 Framed [2]
Nov 26 08:55:59: RADIUS: NAS-IP-Address [4] 6 10.0.6.21
Nov 26 08:55:59: RADIUS: Acct-Session-Id [44] 10 "00001BA0"
Nov 26 08:55:59: RADIUS(00001B97): Sending a IPv4 Radius Packet
Nov 26 08:55:59: RADIUS(00001B97): Started 5 sec timeout
Nov 26 08:55:59: RADIUS: Received from id 1645/156 10.0.6.10:1812, Access-Accept, len 44
Nov 26 08:55:59: RADIUS: authenticator 3C 62 99 46 6E BA 39 24 - AB CF A6 D4 12 83 2D B8
Nov 26 08:55:59: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 26 08:55:59: RADIUS: Service-Type [6] 6 Framed [2]
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 12
Nov 26 08:55:59: RADIUS: ssg-account-info [250] 6 "AANY"
Nov 26 08:55:59: RADIUS(00001B97): Received from id 1645/156
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Authen status update; is now "authen"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: assert authen status "authen"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: send event Session Update
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: with username "user1"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session activation: ok
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Username key not found in set domain key API
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Username key does not have a delimiter in set domain key API
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Updated key list:
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: AAA-Attr-List = 3A001B08
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Framed-Protocol 0 1 [PPP]
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: service-type 0 2 [Framed]
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Access-Type = 0 (PPP)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session-Handle = 3472884087 (CF000177)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SHDB-Handle = 3388997707 (CA00004B)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Input Interface = "TenGigabitEthernet0/1/0.299"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Converted-Session = 0 (NO)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Media-Type = 1 (Ethernet)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Authen-Status = 0 (Authenticated)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Nasport = PPPoEoVLAN: slot 0 adapter 1 port 0 sub-interface 299 IP 0.0.0.0 VPI 0 VCI 0 VLAN 299
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Protocol-Type = 0 (PPP Access Protocol)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Final = 1 (YES)
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Auth-User = "user1"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SM Policy invoke - Process Config Connecting
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Access type PPP
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Access type PPP: final key
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Config Request from Client
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Event <got process config req>, State: wait-for-events to wait-process-config-complete
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Process Config
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Apply config request set to AAA list
Config: Framed-Protocol 0 1 [PPP]
Config: service-type 0 2 [Framed]
Config: ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Sending apply-config-only request to AAA
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SSS PM: Allocating per-user profile info
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SSS PM: Add per-user profile info to policy context
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Root SIP PPPoE
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPPoE parsing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPP parsing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[0]: Snapshot captured in Active context
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[0]: Active context created
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <make request>, state changed from idle to authorizing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active key set to Auth-User
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Authorizing key apply-config-only
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Spoofed AAA reply sent for key apply-config-only
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Received an AAA pass
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: [7FBB6473CB60]:Reply message not exist
Initial attr Framed-Protocol 0 1 [PPP]
Initial attr service-type 0 2 [Framed]
Initial attr ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Could not parse AAA interim interval
Nov 26 08:55:59: COA_HA: [ERR] Unable to get coa_ctx from shdb 0xCA00004B
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: RULE: Service Name = ANY Ok
Nov 26 08:55:59: SSS PM: PARAMETERIZED-QoS: QOS parameters
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: RULE: VRF Parsing routine:
Framed-Protocol 0 1 [PPP]
service-type 0 2 [Framed]
ssg-account-info 0 "AANY"
Nov 26 08:55:59: SSS PM: VPDN is not enabled
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Feature
Nov 26 08:55:59: Portbundle Hostkey: portbundle not configured on the router
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[34E0B60] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[40FD520] parsed as Ignore
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPPoE[357ECE0] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP Root parser not installed
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <service not found>, state changed from authorizing to complete
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: No service authorization info found
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active Handle present - 94000170
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Apply config handle [2D001B9D] now set to [B3001B00]
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Freeing Active Handle; SSS Policy Context Handle = 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: ACTIVE HANDLE[2113]: Released active handle
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: store profile "apply-config-only"
Nov 26 08:55:59: SSS PM: PROFILE-DB: is profile "apply-config-only" in DB
Nov 26 08:55:59: SSS PM: PROFILE-DB: Computed hash value = 669264914
Nov 26 08:55:59: SSS PM: PROFILE-DB: Yes, but is a new version
Nov 26 08:55:59: SSS PM: PROFILE-DB: create "apply-config-only"/7FBB636AB768 hdl 65001B90 ref 1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: create 7FBB636AF8A8, ref 1
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <free request>, state changed from complete to terminal
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Cancel request
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Author Not Found Event
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Create context 7FBB6473CF00
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: key lists to append are empty
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Authen status update; is now "unauthen"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: IDMGR: assert authen status "unauthen"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: SERVICE [ANY]: Parent 7FBB6473CB60
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: SERVICE [ANY]: Started yet? No
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: IDMGR: service not started yet; can't update
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Did not update authen status to IDMGR
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Username key not found in set domain key API
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Username key not found in set domain key API
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Updated NAS port for AAA ID 7063
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: IDMGR: send event Session Update
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Client block is NULL in get client block with handle 150009C2
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Updated key list:
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Logon-Service = "ANY"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Nasport = PPPoEoVLAN: slot 0 adapter 1 port 0 sub-interface 299 IP 0.0.0.0 VPI 0 VCI 0 VLAN 299
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Access-Type = 11 (Web-service-logon)
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Authen-Status = 1 (Unauthenticated)
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Session-Handle = 3472884087 (CF000177)
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Service Command-Handler Policy invoke - Service-Start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: Access type Web-service-logon
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Looking for a rule for event service-start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Intf CloneSrc Vt2: service-rule any: None
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Intf InputI/f Te0/1/0.299: service-rule any: None
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Glob: service-rule any: default-internal-rule
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Evaluate "default-internal-rule" for service-start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event account-logon"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event idle-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event session-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event keepalive-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Wrong type "default-internal-rule/always event flow-timeout"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Matched "default-internal-rule/always event service-start"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE: Matched "default-internal-rule/always event service-start/1 service-policy type service identifier service-name"
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: Start
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SSS PM CCM: Found SHDB handle 0xCA00004B for policy context 0x7FBB6473CB60
Nov 26 08:55:59: SSS PM CCM: [SESSION PM EVENT] Event = NEW-REQUEST (ctx: 0x7FBB6473CB60, action: APPLY-SERVICE)
Nov 26 08:55:59: SSS PM HA: Dynsess not required shdb = 0xCA00004B spol_ctx = 0x7FBB6473CB60
Nov 26 08:55:59: SSS PM CCM: Set PM HA as not ready (session 0xCA00004B) successfully
Nov 26 08:55:59: SSS PM HA: Adding an action (type APPLY-SERVICE) into the PM HA queue
Nov 26 08:55:59: SSS PM HA: NE: In policy_ha_add_session_info, shdb=0xCA00004B, last=APPLY-SERVICE (6)
Nov 26 08:55:59: SSS PM HA: In policy_ha_nett_effect_process: ctx=0x7FBB5EBC8FC0, action-type=APPLY-SERVICE, event=SERVICE-START, state=INIT-STATE
Nov 26 08:55:59: SSS PM HA: NE: Didn't find any duplicate service-apply action
Nov 26 08:55:59: SSS PM HA: Setting current elem, from 0x0 to 0x7FBB5EBC4BF8
Nov 26 08:55:59: SSS PM CCM: New bulk session (shdb 0xCA00004B), ctx 0x7FBB6473CB60, dsess_hdl 0x0, APPLY-SERVICE OK
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: Have key Logon-Service
Nov 26 08:55:59: SSS PM [7FBB6473CF00]: RULE[0]: This service ANY is marked as not cancelled
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: State: initial-req to check-auth-needed
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Event <send auth>, State: check-auth-needed to authorizing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Handling AAA service Authorization
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Sending AAA request for 'ANY'
Nov 26 08:55:59: SVM [ANY]: needs downloading
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: service "ANY" not in cache; needs download
Nov 26 08:55:59: SVM [430000BB/ANY]: allocated version 1
Nov 26 08:55:59: SVM [430000BB/ANY]: [150009C2]: client queued
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Download:150009C2] locked 0->1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: download required
Nov 26 08:55:59: SVM [430000BB/ANY]: [AAA-Download:7FBB6280D928] locked 0->1
Nov 26 08:55:59: SSS AAA AUTHOR: Authorization:Fetching method list from SIP:Web-service-logon
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: using named author method list "FREERADIUS"
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Root SIP PPPoE
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPPoE parsing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable PPP parsing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Enable Web-service-logon parsing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[0]: Snapshot captured in Active context
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[0]: Active context created
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <make request>, state changed from idle to authorizing
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active key set to Apply-Service
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Authorizing key ANY
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Set authorization profile type to service
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: AAA request sent for key ANY
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: Downloading service "ANY"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: Start
Nov 26 08:55:59: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Nov 26 08:55:59: RADIUS(00000000): Config NAS IP: 10.0.6.21
Nov 26 08:55:59: RADIUS(00000000): Config NAS IPv6: ::
Nov 26 08:55:59: RADIUS(00000000): sending
Nov 26 08:55:59: RADIUS: nas-port-id(87) is not found in the request
Nov 26 08:55:59: RADIUS(00000000): Send Access-Request to 10.0.6.10:1812 id 1645/157, len 55
Nov 26 08:55:59: RADIUS: authenticator B3 F6 A3 5E 7D D8 01 9E - 72 A5 4E D0 79 32 0C 11
Nov 26 08:55:59: RADIUS: User-Password [2] 18 *
Nov 26 08:55:59: RADIUS: User-Name [1] 5 "ANY"
Nov 26 08:55:59: RADIUS: Service-Type [6] 6 Outbound [5]
Nov 26 08:55:59: RADIUS: NAS-IP-Address [4] 6 10.0.6.21
Nov 26 08:55:59: RADIUS(00000000): Sending a IPv4 Radius Packet
Nov 26 08:55:59: RADIUS(00000000): Started 5 sec timeout
Nov 26 08:55:59: RADIUS: Received from id 1645/157 10.0.6.10:1812, Access-Accept, len 240
Nov 26 08:55:59: RADIUS: authenticator F2 BB 14 5D 90 BC 76 91 - 8C B3 9B 55 75 69 4A 6B
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 54
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 48 "ip:traffic-class=in access-group name CM_T_ANY"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 40
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 34 "ip:traffic-class=in default drop"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 55
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 49 "ip:traffic-class=out access-group name CM_T_ANY"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 41
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 35 "ip:traffic-class=out default drop"
Nov 26 08:55:59: RADIUS: Vendor, Cisco [26] 30
Nov 26 08:55:59: RADIUS: Cisco AVpair [1] 24 "prepaid-config=PREPAID"
Nov 26 08:55:59: RADIUS/DECODE(00000000): There is no General DB. Reply server details may not be recorded
Nov 26 08:55:59: RADIUS(00000000): Received from id 1645/157
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Received an AAA pass
Initial attr traffic-class 0 "in access-group name CM_T_ANY"
Initial attr traffic-class 0 "in default drop"
Initial attr traffic-class 0 "out access-group name CM_T_ANY"
Initial attr traffic-class 0 "out default drop"
Initial attr prepaid-config 0 "PREPAID"
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Could not parse AAA interim interval
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Prepaid config= PREPAID
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:No prepaid context in policy context; allocing
Nov 26 08:55:59: SSS PM: PARAMETERIZED-QoS: QOS parameters
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE: VRF Parsing routine:
traffic-class 0 "in access-group name CM_T_ANY"
traffic-class 0 "in default drop"
traffic-class 0 "out access-group name CM_T_ANY"
traffic-class 0 "out default drop"
Nov 26 08:55:59: SSS PM: VPDN is not enabled
Nov 26 08:55:59: SVM [430000BB/ANY]: Set class ids: 228.229
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Feature
Nov 26 08:55:59: SSF[ANY/QoS Policy Map]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/TC]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Service Config]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/IP Config]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Interface Config]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Compression]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Modem-on-hold]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Static Routes]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/IPX Static SAPs]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Per-User ACL]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Per-User Filter]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Portbundle Hostkey]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/DHCPv6 PD from AAA]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Keepalive]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Tariff Switching]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Forced Flow Routing]: TC flow does not support this feature
Nov 26 08:55:59: SSF[ANY/Templating End of Transaction]: TC flow does not support this feature
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[34E0B60] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPP[40FD520] parsed as Ignore
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP PPPoE[357ECE0] parsed as Success
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP Root parser not installed
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SIP Web-service-logon parser not installed
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <service not found>, state changed from authorizing to complete
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: No service authorization info found
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Active Handle present - B5000171
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Attr list is NULL, apply config handle [0] not reset
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Freeing Active Handle; SSS Policy Context Handle = 150009C2
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: ACTIVE HANDLE[2113]: Released active handle
Nov 26 08:55:59: SSS PM [7FBB6473C080]: Create context 7FBB6473C080
Nov 26 08:55:59: SSS PM: PROFILE-DB: is profile "ANY" in DB
Nov 26 08:55:59: SSS PM: PROFILE-DB: Computed hash value = 1769891265
Nov 26 08:55:59: SSS PM: PROFILE-DB: No, add new list
Nov 26 08:55:59: SSS PM: PROFILE-DB: create "ANY"
Nov 26 08:55:59: SSS PM: PROFILE-DB: create "ANY"/7FBB636AB6A8 hdl CF001B0C ref 1
Nov 26 08:55:59: SVM [430000BB/ANY]: downloaded first version
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: SVM download for "ANY" ok
Nov 26 08:55:59: SVM [430000BB/ANY]: [150009C2]: client download ok
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-to-client-msg:150009C2] locked 0->1
Nov 26 08:55:59: SVM [430000BB/ANY]: [AAA-Download:7FBB6280D928] unlocked 1->0
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Event <free request>, state changed from complete to terminal
Nov 26 08:55:59: SSS AAA AUTHOR [uid:201]: Cancel request
Nov 26 08:55:59: SSS PM [7FBB6473C080]: Destroy context 7FBB6473C080
Nov 26 08:55:59: SSS PM: [PARAMETERIZED-QoS]: In removed_from_rbpl_ctx_temp_hold for policy handle[ED0009C3
Nov 26 08:55:59: SSS PM: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [ED0009C3], nothing to return
Nov 26 08:55:59: COA_CCM: [SESSION FREE] Policy ctx: 0x7FBB6473C080
Nov 26 08:55:59: COA_CCM: Free session - Ignoring policy context 0x7FBB6473C080 (not our session)
Nov 26 08:55:59: SSS PM CCM: [SESSION FREE] policy ctx: 0x7FBB6473C080
Nov 26 08:55:59: SSS PM CCM: [ERR] Free session - Ignoring policy context 0x7FBB6473C080 (not our HA session)
Nov 26 08:55:59: CH-UTILS: Invalid command handle
Nov 26 08:55:59: SSS PM [7FBB6473C080]: PROFILE: destroy all config
Nov 26 08:55:59: SSS PM [7FBB6473C080]: SSS PM: destroy all user profile info from policy context
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: SVM service download success
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: download completed for "ANY" version 1
Nov 26 08:55:59: SVM [430000BB/ANY]: alloc feature info
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-Feature-Info:7FBB636DD648] locked 0->1
Nov 26 08:55:59: SVM [430000BB/ANY]: has Policy info
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Info:7FBB6484BDC0] locked 0->1
Nov 26 08:55:59: SVM [430000BB/ANY]: has Policy info
Nov 26 08:55:59: SSS PM CCM: Poisoning session for SHDB 0xCA00004B.
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Info:7FBB6484BD60] unlocked 1->0
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: store profile "ANY"
Nov 26 08:55:59: SSS PM: PROFILE-DB: incremented ref "ANY"/7FBB636AB6A8 hdl CF001B0C ref 2
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: PROFILE: create 7FBB636AF880, ref 1
Nov 26 08:55:59: SVM [430000BB/ANY]: populated client
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Download:150009C2] unlocked 1->0
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-to-client-msg:150009C2] unlocked 1->0
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE: VRF/Classname Check: session logging off or not VRF/Classname dependent
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Handling Author Not Found Event
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Feature info: 7FBB636DD648 Type: Service Config
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: : Config level: Service Profile
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: : IDB type: Sub-if or not required
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: : 16 bytes:
SSS PM [uid:201][7FBB6473CF00]: : Data: 000000 00 00 43 00 00 BB EA 00 ..c.....
SSS PM [uid:201][7FBB6473CF00]: : Data: 000008 00 15 15 00 09 C2 00 00 ........
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Service starting
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: SERVICE [ANY]: Parent 7FBB6473CB60
Nov 26 08:55:59: SVM [430000BB/ANY]: [PM-Service:7FBB53EE6050] locked 0->1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: SERVICE [ANY]: Start-pending request: Ok
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Event <srvf not found>, State: authorizing to check-auth-needed
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Handling Next Authorization Check
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: Continue
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[0]: No more actions to run
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: Continue
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[1]: Give default directive
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[2]: Continue
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: RULE[2]: default-internal-rule/always event service-start/1 service-policy type service identifier service-name
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Event <srvf found>, State: check-auth-needed to wait-for-events
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: All auto services downloaded and cached,proceed with rule execution
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Service Command-Handler Policy invoke - Auto Services Downloaded
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session contans a prepaid svc
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Config Apply to SM
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SSS PM: config_applied is set for Per-User handle [8D0000CB]
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSF: SSF FIB SB required Vi2.1, FALSE
Nov 26 08:55:59: SSS PM: SSS PM: Added peruser feature infos when config_applied already set
Nov 26 08:55:59: SSF[uid:201:0.1]: L2HW Segment init returned: Success
Nov 26 08:55:59: SSF[uid:201:0.1]: Sending Apply Config Request to FM
Nov 26 08:55:59: SSF Owner[]: rcv owner avail msg: owner type 4, owner hdl 0x7FBB57E18088, old seg hdl 0, msg seg hdl 872415490, fsb 0x0
Nov 26 08:55:59: SSF Owner [Vi2.1/uid:0]: Created fsb, owner type 4, owner hdl 0x7FBB57E18088, fsb 0x7FBB64D54F88
Nov 26 08:55:59: SSF Owner [Vi2.1/uid:0]: FSM Ev: Owner info avail
Nov 26 08:55:59: FSM Old St: SSF Owner InActive
Nov 26 08:55:59: FSM New St: SSF Owner Owner-Ready
Nov 26 08:55:59: FSM: Act owner avail
Nov 26 08:55:59: SSF[uid:201:0.1]: Received a config apply request from Swidb for segment 7FBB648AEFB0
Nov 26 08:55:59: SSF[Vt2/uid:201:0.1]: Apply Interface configured features from source(7FBB6366B1D8)
Nov 26 08:55:59: SSF[Vt2]: Bind notify. Incremented ref count: 1
Nov 26 08:55:59: SSF[Vt2/uid:201:0.1]: Segment bound to a Interface configuration source Success
Nov 26 08:55:59: SSF[ANY/uid:201:0.1]: Apply Service Profile configured features from source(430000BB)
Nov 26 08:55:59: SSF[uid:201:0.1]: Request flow segment context to be created
Nov 26 08:55:59: SSF[uid:201:0.1]: L2HW Segment init returned: Success
Nov 26 08:55:59: SSF[ANY/uid:201:228.229]: Apply Service Profile configured features from source(430000BB)
Nov 26 08:55:59: SVM [430000BB/ANY]: [FM-Bind:CF000177] locked 0->1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SERVICE [ANY]: Bind notify: Ok
Nov 26 08:55:59: SSF[ANY/uid:201:228.229]: Segment bound to a Service Profile configuration source Success
Nov 26 08:55:59: SSF[Peruser/uid:201:0.1]: Apply Per-user configured features from source(8D0000CB)
Nov 26 08:55:59: SSF[Peruser/uid:201:0.1]: Segment bound to a Per-user configuration source Success
Nov 26 08:55:59: SSF[uid:201:0.1]: L2HW Activate features returned: Success
Nov 26 08:55:59: SSF[uid:201:0.1]: Sent feature apply success msg
Nov 26 08:55:59: SVM [430000BB/ANY]: [SVM-Feature-Info:7FBB636DD648] unlocked 1->0
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SM Policy invoke - Apply Config Success
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Session contans a prepaid svc
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: Sending first author request
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Event DO_FIRST_AUTHOR, State: INIT to PROCESSING_FIRST_AUTHOR
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Performing action: PROCESS_FIRST_AUTHOR
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: PREPAID:Suspending first author till IPCP_PASS
Nov 26 08:55:59: SSF[Peruser]: Did not locate push peruser bind mapping
Nov 26 08:55:59: SSS PM: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [260009C1], returning compatible
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Event <got apply config success>, State: wait-process-config-complete to wait-for-events
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Handling Apply Config; SUCCESS
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: session start done
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Removed attribute list just processed
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SERVICE [ANY]: Complete-Pending
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: service start
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: send event Service Assert
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: with service name "ANY"
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: assert authen status "authen"
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: send event Service Update
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: IDMGR: with service name "ANY"
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: IDMGR: update service
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: IDMGR: send event Service Update
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CF00]: IDMGR: with service name "ANY"
Nov 26 08:55:59: SVM [430000BB/ANY]: already downloaded; sharing
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: SERVICE [ANY]: Started
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: no callback for callback north
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Client block is NULL in get client block with handle 260009C1
Nov 26 08:55:59: SSS PM [uid:201][7FBB6473CB60]: Null client block; Can't update RP
asr-1002x-01#
Nov 26 08:55:59: RADIUS: Acct-Delay-Time [41] 6 0
Nov 26 08:55:59: RADIUS(00001B97): Sending a IPv4 Radius Packet
Nov 26 08:55:59: RADIUS(00001B97): Started 5 sec timeout
Nov 26 08:55:59: RADIUS: Received from id 1646/205 10.0.6.10:1813, Accounting-response, len 20
Nov 26 08:55:59: RADIUS: authenticator 18 6B 22 E6 3F 56 1A 4A - 73 83 5C 79 BD 38 24 8A
asr-1002x-01#
SSS Switch: Pak 7FBB4D5B6D28 sz 14 encap 2
Nov 26 08:56:01: 000000 C0 21 09 7E 00 0C 0C 11 D!N~....
Nov 26 08:56:01: 000008 3B ED FA D5 8D F4 ;.....
Nov 26 08:56:01: SSF: Classified on Layer 2
Config:
! Last configuration change at 16:45:50 TMN Tue Nov 25 2014 by lion
! NVRAM config last updated at 16:45:51 TMN Tue Nov 25 2014 by lion
version 15.3
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
hostname asr-1002x-01
boot-start-marker
boot system flash bootflash:asr1002x-universalk9.03.10.03.S.153-3.S3-ext.SPA.bin
boot-end-marker
aqm-register-fnf
vrf definition Mgmt-intf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
vrf definition Voice
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
logging buffered 1024000 informational
aaa new-model
aaa group server radius freeradius
server-private 10.0.6.10 auth-port 1812 acct-port 1813 key 7 142417081E013E
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
aaa group server radius billing
server-private 10.0.6.102 auth-port 1812 acct-port 1813 key 7 06150A225E4B1D
ip vrf forwarding Mgmt-intf
ip radius source-interface GigabitEthernet0
aaa authentication login default local
aaa authentication ppp LOCAL_AUTH local
aaa authentication ppp FREERADIUS group freeradius
aaa authentication ppp BILLING group billing
aaa authorization console
aaa authorization exec default local
aaa authorization network LOCAL_AUTH none
aaa authorization network FREERADIUS group freeradius
aaa authorization network BILLING group billing
aaa authorization subscriber-service FREERADIUS local group freeradius
aaa authorization subscriber-service BILLING local
aaa accounting delay-start all
aaa accounting delay-start extended-delay 2
aaa accounting update periodic 5
aaa accounting include auth-profile framed-ip-address
aaa accounting include auth-profile framed-ipv6-prefix
aaa accounting include auth-profile delegated-ipv6-prefix
aaa accounting network FREERADIUS start-stop group freeradius
aaa accounting network BILLING start-stop group billing
aaa server radius dynamic-author
client 10.0.6.102 vrf Mgmt-intf server-key 7 120A0014000E18
client 10.0.6.10 server-key 7 094F471A1A0A
port 1645
auth-type any
ignore session-key
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone TMN 5 0
no ip source-route
no ip domain lookup
ip domain name local
ip host service 10.0.6.101
ip dhcp excluded-address vrf Voice 10.3.0.0 10.3.127.255
ip dhcp pool Voice
vrf Voice
network 10.3.0.0 255.255.0.0
ipv6 unicast-routing
ipv6 dhcp iana-route-add
ipv6 dhcp binding track ppp
ipv6 dhcp pool dhcpv6_pool_60
prefix-delegation pool ppp_delegate_60_v6_pool
accounting BILLING
ipv6 dhcp pool dhcpv6_pool_56
prefix-delegation pool ppp_delegate_56_v6_pool
accounting BILLING
ipv6 dhcp pool AAA_dhcpv6_pool
prefix-delegation aaa method-list BILLING
subscriber feature prepaid PREPAID
threshold time 0 seconds
threshold volume 1 Kbytes
interim-interval 1 minutes
method-list author FREERADIUS
method-list accounting FREERADIUS
password cisco
flow monitor MON1
record netflow ipv4 original-output
multilink bundle-name authenticated
no virtual-template snmp
license accept end user agreement
archive
log config
logging enable
logging size 300
hidekeys
path tftp://service/config/all/$h-$t
write-memory
spanning-tree extend system-id
redundancy
mode none
redirect server-group NoMoney
server ip A.B.198.3 port 80
redirect server-group NoMoneyDNS
server ip A.B.198.10 port 53
cdp run
ip tftp source-interface GigabitEthernet0
ip ssh version 2
lldp run
class-map type traffic match-any CM_ANY6
match access-group input name CM_T_ANY6
match access-group output name CM_T_ANY6
class-map type traffic match-any CM_ANY
match access-group input name CM_T_ANY
match access-group output name CM_T_ANY
class-map type traffic match-any CM_T_NoMoney_REDIRECT_DNS
match access-group input name CM_T_NoMoney_REDIRECT_DNS
class-map type traffic match-any CM_T_NoMoney_REDIRECT_WWW
match access-group input name CM_T_NoMoney_REDIRECT_WWW
class-map type traffic match-any CM_T_NoMoney_PASS
match access-group input name CM_T_NoMoney_PASS
match access-group output name CM_T_NoMoney_PASS
policy-map type service NoMoney10
10 class type traffic CM_T_NoMoney_PASS
class type traffic default in-out
drop
policy-map type service NoMoney500
500 class type traffic CM_T_NoMoney_REDIRECT_WWW
redirect to group NoMoney
class type traffic default in-out
drop
policy-map type service NoMoney510
510 class type traffic CM_T_NoMoney_REDIRECT_DNS
redirect to group NoMoneyDNS
class type traffic default in-out
drop
policy-map type service Any
1 class type traffic CM_ANY
prepaid config PREPAID
class type traffic default in-out
drop
policy-map type service Any6
1 class type traffic CM_ANY6
prepaid config PREPAID
class type traffic default in-out
drop
policy-map pol2
policy-map pol1
policy-map PM_SPEED_NONE
class class-default
policy-map rate_10m
class class-default
police 10000000 1000000
policy-map PM_TEST
class class-default
police 1000000
policy-map rate_1m
class class-default
police 1000000 100000
policy-map PM_SPEED_8M
class class-default
police 9000000
policy-map rate_out_10m
class class-default
police 10000000 1000000
policy-map rate_in_10m
class class-default
police 10000000 1000000
no crypto isakmp default policy
no crypto ipsec transform-set default
bba-group pppoe 1
virtual-template 1
vendor-tag circuit-id service
vendor-tag remote-id service
sessions per-mac limit 2
bba-group pppoe 2
virtual-template 2
vendor-tag circuit-id service
vendor-tag remote-id service
sessions per-mac limit 2
interface Null0
no ip unreachables
no ipv6 unreachables
interface Loopback0
ip address A.B.196.6 255.255.255.255
ipv6 address 2001:7f8::20/128
ipv6 enable
interface Loopback2
ip address A.B.198.1 255.255.255.0
interface GigabitEthernet0/0/0
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/1
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/2
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/3
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/4
no ip address
negotiation auto
cdp enable
interface GigabitEthernet0/0/5
no ip address
negotiation auto
cdp enable
interface TenGigabitEthernet0/1/0
mtu 9000
no ip address
load-interval 30
cdp enable
hold-queue 4096 in
interface TenGigabitEthernet0/1/0.9
encapsulation dot1Q 9
ip address A.B.196.5 255.255.255.254
ip nat outside
ip flow monitor MON1 input
ip flow monitor MON1 output
ipv6 address 2001:7f8:0:1::2:1/127
ipv6 nd ra suppress
interface TenGigabitEthernet0/1/0.34
description DM_Inet
encapsulation dot1Q 34
ip unnumbered Loopback2
ip nat outside
service-policy input PM_SPEED_NONE
service-policy output PM_SPEED_NONE
interface TenGigabitEthernet0/1/0.96
description DM_Datacenter
encapsulation dot1Q 96
ip unnumbered Loopback2
ip nat outside
service-policy input PM_SPEED_NONE
service-policy output PM_SPEED_NONE
interface TenGigabitEthernet0/1/0.298
description IPoE test
encapsulation dot1Q 298
ip unnumbered Loopback2
ip nat outside
interface TenGigabitEthernet0/1/0.299
description PPPoE Test
encapsulation dot1Q 299
pppoe enable group 2
interface TenGigabitEthernet0/1/0.300
encapsulation dot1Q 300
vrf forwarding Voice
ip address 10.3.0.1 255.255.0.0
interface TenGigabitEthernet0/1/0.21000
description PPPoE
encapsulation dot1Q 2 second-dot1q 1000-1999
pppoe enable group 1
pppoe max-sessions 10000
interface TenGigabitEthernet0/1/0.2002000
description client 2000
encapsulation dot1Q 200 second-dot1q 2000
ip unnumbered Loopback2
ip nat outside
service-policy input PM_SPEED_8M
service-policy output PM_SPEED_8M
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.0.6.21 255.255.255.0
negotiation auto
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
no ip redirects
no ip proxy-arp
ip nat inside
ip verify unicast reverse-path
ip tcp adjust-mss 1452
no logging event link-status
ipv6 unnumbered Loopback0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server AAA_dhcpv6_pool
peer default ip address pool pool192_168
keepalive 60
ppp authentication chap ms-chap-v2 BILLING
ppp authorization BILLING
ppp accounting BILLING
ppp ipcp dns A.B.198.10
interface Virtual-Template2
description Testing PPPoE
mtu 1492
ip unnumbered Loopback0
no ip redirects
no ip proxy-arp
ip nat inside
ip verify unicast reverse-path
ip tcp adjust-mss 1452
no logging event link-status
ipv6 unnumbered Loopback0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server AAA_dhcpv6_pool
peer default ip address pool pool192_168
keepalive 60
ppp authentication chap ms-chap-v2 FREERADIUS
ppp authorization FREERADIUS
ppp accounting FREERADIUS
ppp ipcp dns A.B.198.10
ip local pool pool172_17 172.17.0.1 172.17.255.254
ip local pool pool192_168 192.168.128.0 192.168.255.254
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat pool nat_pool A.B.196.65 A.B.196.127 netmask 255.255.255.0
ip nat inside source list nat pool nat_pool overload
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 A.B.196.4
ip route A.B.196.128 255.255.255.128 Null0 100
ip route A.B.197.0 255.255.255.0 Null0 100
ip route A.B.198.0 255.255.255.0 Null0 100
ip route A.B.198.2 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.2 name net-console-01
ip route A.B.198.3 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.3 name net-mon-01
ip route A.B.198.4 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.4 name billing-01
ip route A.B.198.5 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.5 name svyazisty
ip route A.B.198.6 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.6 name Linux_test
ip route A.B.198.7 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.7 name SCE_Console
ip route A.B.198.8 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.8 name backup-01
ip route A.B.198.9 255.255.255.255 TenGigabitEthernet0/1/0.298 A.B.198.9 name Linux_test2
ip route A.B.198.10 255.255.255.255 TenGigabitEthernet0/1/0.96 A.B.198.10 name dns-server
ip route A.B.198.16 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.16 name DM
ip route A.B.198.17 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.17 name DM
ip route A.B.198.18 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.18 name DM
ip route A.B.198.19 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.19 name DM
ip route A.B.198.20 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.20 name DM
ip route A.B.198.21 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.21 name DM
ip route A.B.198.22 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.22 name DM
ip route A.B.198.23 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.23 name DM
ip route A.B.198.24 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.24 name DM
ip route A.B.198.25 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.25 name DM
ip route A.B.198.26 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.26 name DM
ip route A.B.198.27 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.27 name DM
ip route A.B.198.28 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.28 name DM
ip route A.B.198.29 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.29 name DM
ip route A.B.198.30 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.30 name DM
ip route A.B.198.31 255.255.255.255 TenGigabitEthernet0/1/0.34 A.B.198.31 name DM
ip route A.B.198.100 255.255.255.255 TenGigabitEthernet0/1/0.2002000 A.B.198.100 name "client 100"
ip access-list extended CM_T_ANY
permit ip any any
ip access-list extended CM_T_NoMoney_PASS
permit ip any host A.B.198.3
permit ip host A.B.198.3 any
permit udp any host A.B.198.10 eq domain
permit udp host A.B.198.10 eq domain any
ip access-list extended CM_T_NoMoney_REDIRECT_DNS
permit udp any any eq domain
ip access-list extended CM_T_NoMoney_REDIRECT_WWW
permit tcp any any eq www
ip access-list extended POLICE_EXCLUDE
deny ip any host A.B.198.3
deny ip host A.B.198.3 any
permit ip any any
ip access-list extended POLICE_EXCLUDE_INV
permit ip any host A.B.198.3
permit ip host A.B.198.3 any
ip access-list extended nat
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 169.254.0.0 0.0.255.255
permit ip 192.168.128.0 0.0.127.255 any
permit ip 172.17.0.0 0.0.255.255 any
ip access-list extended vty
permit ip 10.0.6.0 0.0.0.255 any
kron occurrence daily-backup at 3:24 recurring
policy-list backup_rc
kron policy-list backup_rc
cli enable
cli archive config
ipv6 route 2001:7f8:1::/48 Null0
ipv6 route 2001:7f8:2::/48 Null0
ipv6 route 2001:7f8:3::/48 Null0
ipv6 route ::/0 2001:7f8:0:1::2:0
ipv6 local pool ppp_delegate_60_v6_pool 2001:7f8:2::/48 60
ipv6 local pool ppp_delegate_56_v6_pool 2001:7f8:3::/48 56
ipv6 local pool ppp_link_v6_pool 2001:7f8:1::/49 64
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 8 include-in-access-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf
ipv6 access-list CM_T_ANY6
permit ipv6 any any
control-plane
line con 0
exec-timeout 30 0
logging synchronous
history size 256
stopbits 1
line aux 0
transport input ssh
transport output all
stopbits 1
line vty 0 4
access-class vty in vrf-also
exec-timeout 120 0
logging synchronous
history size 256
transport input ssh
transport output all
line vty 5 15
access-class vty in vrf-also
exec-timeout 120 0
logging synchronous
history size 256
transport input ssh
transport output all
line vty 16 97
history size 256
ntp server vrf Mgmt-intf 10.0.6.10
end -
ISG does not send Access-Request to download service definition
Hi guys,
I got these configs on my ISG and when I see the packets between AAA and ISG router, there's no access-request for downloading the service definition!
policy-map type control PPPoE_MAIN_POLICY
class type control always event session-start
10 authenticate aaa list PPPoE_AUTHE
15 authorize aaa list PPPoE_AUTHO password cisco identifier source-ip-address
20 service local
class type control always event service-start
5 collect identifier source-ip-address
10 service permit
20 service-policy type service identifier service-name
30 log-session-state
class type control always event account-logon
service-policy type control PPPoE_MAIN_POLICY
And here's the picture of Access-Accept with bunch of specified not-cached services
Any idea I appreciate it in advance.Hi,
Could you share your full config? It would be good to check your AAA config since that will influence how service profiles are downloaded.
Also, could you briefly explain the goal of your config? Do you simply want to apply services "SRV_INTERNET_PRIMARY" and "SR_INTERNET_128K_5G" via autosevice?
Regards -
Problem calling web service: Error while getting the ORACLE user account
Hi All!
I was able to call the service EGO_ITEM_PUB-PROCESS_ITEM, but after implemented some patches, suddenly I get this error as result:
- <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
- <env:Body>
- <OutputParameters xmlns="http://xmlns.oracle.com/apps/ego/soaprovider/plsql/ego_item_pub/process_item__1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<X_INVENTORY_ITEM_ID xsi:nil="true" />
<X_ORGANIZATION_ID xsi:nil="true" />
<X_RETURN_STATUS>U</X_RETURN_STATUS>
<X_MSG_COUNT>1</X_MSG_COUNT>
<X_MSG_DATA>Encountered an error while getting the ORACLE user account for your concurrent request. Contact your system administrator.</X_MSG_DATA>
</OutputParameters>
</env:Body>
</env:Envelope>
Any ideas?
Thanks,
Konradhsawwan wrote:
Hi,
I was able to call the service EGO_ITEM_PUB-PROCESS_ITEM, but after implemented some patches, What are those patches?
# Patch 8407693:R12.TXK.B ISG: Service Generation Failure - Java Compiler Could Not be Found
# Patch 8459663:R12.OWF.B : Mandatory Consolidated One-Off Fixes for ISG on Top of 12.1.1
# Patch 8916358:R12.OWF.B : Service Timeout When Invoking Services Deployed to Integrated SOA Gateway
# Patch 9349321:R12.OWF.B : Issue with item Bulk Load in Oracle Product Hub PIP 2.4
# Patch 9446625:R12.FND.B : 1OFF:8995921:12.1.1:12.1.1:PERF : LoginModules Performance Issue
# Patch 9070077:R12.OWF.B : 1OFF:9045280:12.1.1:12.1.1:Invoking a Web Service Requires NLS Lang When It Should be Optional
# Patch 9153106:R12.OWF.B : IREP_Parser.PL Exits with GETPWUID Function IS Unimplemented in PARSER.PM -> Wichtig für ISG (für custom pl/sqls im ISG)
# Patch 9004712:R12.OWF.B : One-Off for IREP PARSER on Top of Oracle E-Business Suite Release 12.1.1 -> Wichtig für ISG (für custom pl/sqls im ISG)
IAS:
# Patch 8607523 for the AS version 10.1.3.4
Oracle Support told me that I need this patches because of some other problem (generating wsdl and deploy for BOM_BO_PUB package does not work in my environment) and since that, the process_item call stopped working!
btw: The EGO_ITEM_PUB-PROCESS_ITEM call for an existing item still works (I can modify the description), but creating a new item does not work anymore. Here are the parameters I send to the web service:
Header:
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>sysadmin</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">sysadmin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<q0:SOAHeader/>
Body:
<q1:InputParameters>
<q1:P_API_VERSION>1.0</q1:P_API_VERSION>
<q1:P_INIT_MSG_LIST>T</q1:P_INIT_MSG_LIST>
<q1:P_COMMIT>T</q1:P_COMMIT>
<q1:P_TRANSACTION_TYPE>CREATE</q1:P_TRANSACTION_TYPE>
<q1:P_ITEM_NUMBER>KHR_WS_05</q1:P_ITEM_NUMBER>
<q1:P_DESCRIPTION>desc2</q1:P_DESCRIPTION>
</q1:InputParameters>
Thanks,
Konrad -
Traffic/Service configuration for ISG
Need help in configuration so that the following requirements should be met:
A set of target IP Addresses to be excluded in the traffic defined for a service (access to those IPs should be allowed, only that the traffic should not be qualified under service usage)
Please let me know about this as quickly as possible as its urgent for me.
Thanks.No Service Authentication is done successfully using RADIUS. We have two services INTERNET & INTRANET and the question here is how to configure the IP traffic for a particular service i.e either for INTERNET or INTRANET service. To be more specific on the details:
We are using CISCO ISG as a gateway for both INTERNET and INTRANET access. We are having a separate billing server connected with AAA server. We are able to successfully bill the authenticated users when they are accessing the INTERNET service (for both prepaid and postpaid).
But our problem is when a user who is authenticated and is accessing the INTRANET pages, he getting charged for that service and amount is deducted from his/her account. To be precise over the solution required:
- Exclude the charging/billing for the user when he accesses INTRANET service.
- At the same time charge/bill him when he is accessing INTERNET service.
Any suggestions regarding CISCO ISG configuration in this regard for how to achieve the above requirement is highly apppreiciated.
Thanks. -
ISG: Service with traffic policing counts dropped packets.
Hello,
Our company has a router Cisco 7304 NPEG100. ("show version" in the bottom of this message). We are planing to start ISG services at this router, but there is a bug CSCei4190. When I set traffic policing in service, accounting in this service counts packets that has been dropped by traffic policing.
Here is example of my definition of service in RADIUS:
User-Name = 'Internet-Service'
Cisco-AVPair += "ip:traffic-class=in access-group 2000 priority 10"
Cisco-AVPair += "ip:traffic-class=out access-group 2001 priority 10"
Cisco-AVPair += "ip:traffic-class=in default drop"
Cisco-AVPair += "ip:traffic-class=out default drop"
Cisco-AVPair += "prepaid-config=TRAFFIC_PREPAID"
Cisco-AVPair += "accounting-list=ISG_ACCT"
Cisco-Service-Info += "QU;256000;D;512000"
Acct-Interim-Interval += '60'
When I remove Cisco-Service-Info += "QU;256000;D;512000" from service definition, all traffic are counting correctly.
I did not found in Bug Details, which version of IOS, I should use in my 7304 router where this bug is fixed.
Cisco IOS Software, 7300 Software (C7300-A3JK91S-M), Version 12.2(31)SB17, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 12:35 by vpernank
ROM: System Bootstrap, Version 12.2(22r)S, RELEASE SOFTWARE (fc1)
BOOTLDR: 7300 Software (C7300-BOOT-M), Version 12.2(20)S6, RELEASE
SOFTWARE (fc4)
7304 uptime is 17 hours, 24 minutes
Uptime for this control processor is 17 hours, 24 minutes
System returned to ROM by reload at 06:22:24 TSK Wed Feb 23 2005
System restarted at 18:46:54 TSK Mon Mar 22 2010
System image file is "disk0:c7300-a3jk91s-mz.122-31.SB17.bin"
cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of memory.
SB-1 CPU at 800Mhz, Implementation 0x401, Rev 0.2, 512KB L2 Cache
4 slot midplane, Version 67.49
Last reset from software reset or reload
4 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1021K bytes of non-volatile configuration memory.
62592K bytes of ATA compact flash in bootdisk (Sector size 512 bytes).
125952K bytes of ATA compact flash in disk0 (Sector size 512 bytes).
Configuration register is 0x2102I am getting other logs sent to the syslog server, yes, just not the firewall-related "dropped packet" logs. Here's an example of one that does make it through:
5790: *Apr 30 15:05:27.039 UTC: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-647534746 1500 bytes is out-of-order; expectedseq:3647406270. Reason: TCP reassembly queue overflow - session 192.168.1.179:3895 to 54.240.160.142:80 on zone-pair inside-to-Transitclass WB-Browsing
I am not allowing all the traffic across the box. The "self-to-inside" zone-pair just allows the *firewall itself* to initiate any traffic to the inside zone. That's temporary until I get all the management traffic to and from the firewall defined, then I will lock it down further.
And I added the "ip inspect log drop-pkt" and it did not appear to make any difference.
Any other suggestions?
-Mat -
Hello All.
I started using asr 1002-x with IOS XE instead of 7201 as ISG + AAA + RADIUS.
I had a question on IOS XE 3.11, 3.10, 3.9.
Command "radius-server vsa send ..." is in a configuration, however it isn't applied and doesn't appear in running-config.
cod-r8(config)#radius-server vsa send?
accounting Send in accounting requests
authentication Send in access requests
cisco-nas-port Send cisco-nas-port VSA (2)
<cr>
cod-r8(config)#radius-server vsa send accounting
cod-r8(config)#radius-server vsa send authentication
cod-r8(config)#radius-server vsa send cisco-nas-port
cod-r8(config)#do sh run | include vsa
radius-server vsa send cisco-nas-port</cr>
It turns out that vsa is included by default or doesn't work at all?
Thanks.
KonstantinHi Konstantin,
Regarding "It is strange that these commands cleaned from sh run view.": this is normal for many default configuration commands.
Mine is a lab device so I cannot really comment on stability or provide you a recommendation based on that. However, I see that the download section from Cisco.com mentiones the following release as the recommended based on quality, stability and longevity:
asr1002x-universal.03.07.04a.S.152-4.S4a.SPA.bin
The best would be for you to check this with yor cisco Account Team or Advanced Services Team as normally they are the proper point of contacts for SW advisory.
Regards. -
Cisco ISG Integration with AAA & Policy Server
Hi,
We are integrating Cisco ISG (IOS XE - ASR1001) with AAA and Policy Server. we have below to specific service provider requirement.
1. TAL - Transparent Automatic Subsriber for Range of IP or Pool of IP - how we add such identifier in Policy/Control Maps as attibute handshake with AAA
2. Different QoS Enforcement to Single User based on Day and Night Time.. what logic should be used??
Note: The Subscribers are from wired network and DHCP controlled.
Please help, Thanx in advance...
BhaveshDear Bhavesh,
Try with this it is working & tested policy for TAL & ISG ASR 1001.
QoS will be work with Radius request & will apply on online user with diffrent plan.
class-map type traffic match-any PPPOE
match access-group output name PPPOE-out
match access-group input name PPPOE-in
class-map type control match-any TAL
match source-ip-address 30.30.30.0 255.255.255.0
class-map type control match-all IP_UNAUTH_COND
match timer IP_UNAUTH_TIMER
match authen-status unauthenticated
class-map type control match-all PPPOE-CON
match media ether
match authen-status unauthenticated
match protocol ppp
policy-map type control PPPOE-USR
class type control always event timed-policy-expiry
10 service disconnect
class type control always event account-logoff
10 service disconnect delay 2
class type control always event quota-depleted
10 set-param drop-traffic TRUE
class type control always event session-start
10 authenticate aaa list PPP-USR
class type control always event service-start
20 service-policy type service identifier service-name
class type control always event service-stop
1 service-policy type service unapply identifier service-name
policy-map type control TAL_IP_POLICY_RULE
class type control IP_UNAUTH_COND event timed-policy-expiry
10 service disconnect
class type control TAL event account-logoff
10 service disconnect delay 5
class type control TAL event session-start
30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
50 set-timer IP_UNAUTH_TIMER 5
class type control TAL event session-restart
30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
50 set-timer IP_UNAUTH_TIMER 5
class type control TAL event quota-depleted
10 set-param drop-traffic TRUE
class type control TAL event service-start
10 service-policy type service identifier service-name
bba-group pppoe global
virtual-template 1
interface GigabitEthernet0/0/0
ip address 10.10.10.2 255.255.255.0
no ip proxy-arp
negotiation auto
interface GigabitEthernet0/0/1
ip address 30.30.30.1 255.255.255.0
negotiation auto
pppoe enable group global
service-policy type control TAL_IP_POLICY_RULE
ip subscriber routed
initiator unclassified ip-address
interface GigabitEthernet0/0/2
ip address 172.16.1.1 255.255.255.0
negotiation auto
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/0
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/1
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/2
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/3
no ip address
shutdown
negotiation auto
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
interface Virtual-Template1
ip dhcp relay information trusted
ip unnumbered GigabitEthernet0/0/1
ip helper-address 10.10.10.1
timeout absolute 43200 0
peer default ip address dhcp
ppp mtu adaptive
ppp authentication pap
ppp authorization PPP-USR
service-policy type control PPPOE-USR
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip access-list extended DROP-in
deny ip any any
ip access-list extended DROP-out
deny ip any any
ip access-list extended PPPOE-in
permit ip any any
ip access-list extended PPPOE-out
permit ip any any
vishal lumbhani -
Jabber Options - Phone Accounts - Voicemail -- "Spinning Wheel"
Been trying to resolve a nagging issue. We currently have CUCM 8.6.2-20000-2, CUPS 8.6.4-10000-28 and just put up Unity Conn 9.1. Jabber Win clients are 9.2(1). Several people have not been able to integrate voicemail into the Jabber client.
We are totally MS AD integrated. In CUPS, I had Applications -> Cisco Jabber -> Settiings Credentials Used For Voicemail service set to CUPS so the user would not need to supply credentials. To help me debug, I went and changed this setting to "Not Set" so that the Phone Accounts option appears in Jabber 4 Win client.
So far all the people who do not work access the Phone Accounts setting in the Jabber client see the "Spinning Wheel". They can't see the fields to enter their AD creds and the voicemail server. Reinstall of the client does not seem to help. There seemed to be a bug that described this but I think it was fixed in 9.1(2). You can't display the Bug description because it contains proprietary info.
I have attached a screen shot of my Jabber Client Phone Account -- when I enter the credentials, I log in fine.
Anyone seen this or know how to fix?
TIA --- PerryWell, I had TAC look at this issue. Short story is that it was an issue with one of the *many* local cache files which hid the real source of the problem. I actually had the Mailstore misconfgured in CUPS. I used the Exchange server's CAS IP instead of Unity Connection. We created new Mailstore definition that used the Unity Conn IP's, created a new Voicemail Profile and associated the user to that profile. She worked....
I deleted my all my Jabber for Windows local cache files and I then received the "spining wheel" issue. I moved my ID to the new Voicemail Profile with correct Mailstore and I could connect fine. TAC spent an hour pouring through files on my PC and could not find the reason why my ID was working. TAC indicates that in 9.x, a lot of this configuration moves to CUCM and hopefully cuts down on these issues! PRT files from the Jabber client really did not assist them in locating the problem.
Hope this helps.... -
How can multiple family members use one account?
My children have iphones, ipads, ipods and mac books, my problem is how do you use home sharing with the devices and not get each others data. My Husband just added his iphone to the account and got all of my daughters contacts. I understand they could have there own accounts but if i buy music on itunes and both children want the same song, I don't feel i should have to pay for it twice. Is there away we can have home sharing on the devices and they can pick and choose what they want? and is this icloud going to make it harder to keep their devices seperate?
My children have iphones, ipads, ipods and mac books, my problem is how do you use home sharing with the devices and not get each others data. My Husband just added his iphone to the account and got all of my daughters contacts. I understand they could have there own accounts but if i buy music on itunes and both children want the same song, I don't feel i should have to pay for it twice. Is there away we can have home sharing on the devices and they can pick and choose what they want? and is this icloud going to make it harder to keep their devices seperate?
-
How do multiple family members use iTunes.? One account or multiple?
How do multiple family members use iTunes. One account right now but apps gets added to all devices and iTunes messages go to all devices. Can multiple accounts be setup and still have ability to share purchased items?
Hey Ajtt!
I have an article for you that can help inform you about using Apple IDs in a variety of ways:
Using your Apple ID for Apple services
http://support.apple.com/kb/ht4895
Using one Apple ID for iCloud and a different Apple ID for Store Purchases
You can use different Apple IDs for iCloud and Store purchases and still get all of the benefits of iCloud. Just follow these steps:
iPhone, iPad, or iPod touch:
When you first set up your device with iOS 5 or later, enter the Apple ID you want to use with iCloud. If you skipped the setup assistant, sign in to Settings > iCloud and enter the Apple ID you’d like to use with iCloud.
In Settings > iTunes and App Stores, sign in with the Apple ID you want to use for Store purchases (including iTunes in the Cloud and iTunes Match). You may need to sign out first to change the Apple ID.
Mac:
Enter the Apple ID you want to use for iCloud in Apple () menu > System Preferences > iCloud.
Enter the Apple ID you want to use for Store purchases (including iTunes in the Cloud and iTunes Match) in Store > Sign In. In iTunes 11, you can also click iTunes Store > Quick Links: Account.
PC (Windows 8):
Enter the Apple ID you want to use for iCloud in the Control Panel. To access the iCloud Control Panel, move the pointer to the upper-right corner of the screen to show the Charms bar, click the Search charm, and then click the iCloud Control Panel on the left.
Enter the Apple ID you want to use for Store purchases (including iTunes in the Cloud and iTunes Match) in iTunes. In iTunes 10, select Store > Sign In. In iTunes 11, click iTunes Store > Quick Links: Account.
PC (Windows 7 and Vista):
Enter the Apple ID you want to use for iCloud in Control Panel > Network and Internet > iCloud.
Enter the Apple ID you want to use for Store purchases (including iTunes in the Cloud and iTunes Match) in iTunes 10 in Store > Sign In. In iTunes 11, click iTunes Store > Quick Links: Account.
Note: Once a device or computer is associated with your Apple ID for your iTunes Store account, you cannot associate that device or computer with another Apple ID for 90 days. Learn more about associating a device or computer to your Apple ID.
Thanks for using the Apple Support Communities!
Cheers,
Braden
Maybe you are looking for
-
I want to return my ipad mini to the original background that appared once I updated to IOS7
The background was ok but I accidentally changed it and now i want to put it right back like it was but in the options of backgrounds the same picturo wont appear heeelp
-
Movies have just stopped working in iTunes
Please can someone help me, I have loads of movies in my iTunes library, and watch them through my apple tv, but for some reason now a couple of them won't play on my mac?? I double click them and I get nothing, then one opens but it's just a black s
-
How to make WF notification auto approved
Hi, We have implemented Absence Management and using generic approval process. we have 2 levels of approvals first level Supervisor and second level approver is HR Manager. IF Supervisor doen't approve the nitification in a week then it should get ap
-
Sql statement for Organization Hierarchy
Good day, Just wondering if there's a script/sql statement that would generate the Organization Hierarchy (similar to Organization Hierarchy Editor) in Oracle HRMS EBS 11.5.10 Thanks Elmer
-
Hello, all-- As we all know, there's a checkbox in Server Admin called Scan email for junk mail and another one called Scan email for viruses. Rather than unchecking these boxes in Server Admin, how else can I go about temporarily disabling scanning?